Aller au contenu

Maheva

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    43

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Maheva

  1. Maheva
    Bien que Malwarebytes' Anti-Malware dit que le virus est "Quarantined and deleted successfully" quand je redémarre, le virus est toujours là. Qu'est-ce que je dois faire pour m'en débarasser ?
  2. Maheva
    Voilà le rapport: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3257 Windows 6.0.6002 Service Pack 2 29/11/2009 18:49:38 mbam-log-2009-11-29 (18-49-38).txt Type de recherche: Examen rapide Eléments examinés: 95351 Temps écoulé: 5 minute(s), 29 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\tdlclk.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\tdlcmd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
  3. Maheva
    Bon je vais devoir partir. Je ne serais pas là avant demain en début de soirée. Donc je m'occuperai de ça demain. Bon week-end.
  4. Maheva
    Alors j'ai réussi à mettre le mode sans échec. Mais j'ai eu des problèmes. Combofix veut redémarrer car il a détecté la présence de rootkit. Il redémarre en mode normal et là j'ai le même écran bleu qu'avant. J'ai essayé de mettre le mode sans échec quand il redémarre en présent F8. Il passe en mode sans échec mais Combofix ne fait plus rien. Je n'ai toujous pas de rapport. Je commence à désespérer.
  5. Maheva
    euh je veux bien mais je m'y connait pas trop. Comment on fait pour mettre le mode sans échec ? Et la prise en charge réseau c'est quoi ?
  6. Maheva
    Bonjour ! Bien dormi ? Voici le rapport de Gmer: GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-11-28 09:44:43 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Carole\AppData\Local\Temp\kwtdakoc.sys ---- Files - GMER 1.0.15 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 1040 bytes File C:\ADSM_PData_0150\DB\VL.db 6160 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes File C:\Users\Carole\Documents sécurisés 0 bytes File C:\Users\Carole\Documents sécurisés\_avt 512 bytes File C:\Users\Carole\Documents sécurisés\_lit 512 bytes File C:\Users\Carole\Vidéos sécurisées 0 bytes File C:\Users\Carole\Vidéos sécurisées\_avt 512 bytes File C:\Users\Carole\Vidéos sécurisées\_lit 512 bytes File C:\Users\Carole\Musique sécurisée 0 bytes File C:\Users\Carole\Musique sécurisée\_avt 512 bytes File C:\Users\Carole\Musique sécurisée\_lit 512 bytes ---- EOF - GMER 1.0.15 ----
  7. Maheva
    c'est gentil merci. Je me rend compte que je te prend beaucoup de ton temps, désolé. Bon je vais faire comme tu m'as dit et lancer Gmer. Comme l'analyse est assez longue, je t'enverrais la suite demain. Toi aussi tu as le droit de dormir A demain Merci encore
  8. Maheva
    Euh le bouton Uninstall est grisé, je ne peux pas cliquer dessus. Il me dit "No SPTD version was detected. Select action to be performed"
  9. Maheva
    Voilà le raport DDS DDS (Ver_09-11-24.02) - NTFSx86 Run by Carole at 23:20:51,00 on 27/11/2009 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1887 [GMT 1:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\HControlUser.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Orange\Launcher\Launcher.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe C:\Windows\system32\conime.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Carole\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.fr/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orange\searchurlhook\SearchPageURL.dll BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\orange\antivirus firewall\nrs\iescript\baselitmus.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\orange\antivirus firewall\nrs\iescript\baselitmus.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\windows\temp\E_SACA.tmp" /EF "HKCU" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe" mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe mRun: [symLnch] "c:\program files\common files\symantec shared\symsetup\{c1c185ca-c531-49f5-a6fa-b838405a049d}_15_5_0_23\support\symlnch\symlnch.exe" "c:\progra~1\common~1\symant~1\symsetup\{c1c18~1\SETUP.EXE" " /X" mRun: [EPSON Stylus DX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaee.exe /f "c:\windows\temp\E_S2EBF.tmp" /EF "HKLM" mRun: [EPSON Stylus DX4200 Series (Copie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaee.exe /f "c:\windows\temp\E_S4A38.tmp" /EF "HKLM" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [systrayORAHSS] "c:\program files\orange\systray\SystrayApp.exe" mRun: [ORAHSSSessionManager] c:\program files\orange\sessionmanager\SessionManager.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\orange\antivirus firewall\fsps\program\FSLSP.DLL Trusted Zone: orange.fr\www DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-30 33920] R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-11-21 15416] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\orange\antivirus firewall\hips\drivers\fshs.sys [2009-11-13 68064] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-11-13 35680] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-13 71040] R1 fsvista;F-Secure Vista Support Driver;c:\program files\orange\antivirus firewall\anti-virus\minifilter\fsvista.sys [2009-11-13 12384] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\antivirus firewall\anti-virus\minifilter\fsgk.sys [2009-11-13 101496] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\orange\antivirus firewall\orsp client\fsorsp.exe [2009-11-13 55928] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-11-16 48128] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-21 21504] S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2009-2-23 75952] S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2009-2-23 67760] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-4-12 28224] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\antivirus firewall\anti-virus\win2k\fsfilter.sys [2009-11-13 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\antivirus firewall\anti-virus\win2k\fsrec.sys [2009-11-13 25184] =============== Created Last 30 ================ 2009-11-27 21:43:06 0 d-s---w- C:\ComboFix 2009-11-27 19:35:23 0 ----a-w- c:\users\carole\defogger_renable 2009-11-26 18:34:15 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-26 13:57:35 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-26 13:48:32 24064 ----a-w- c:\windows\system32\tdlcmd.dll 2009-11-26 13:14:38 0 d-s---w- C:\ComboFix(1) 2009-11-25 17:27:01 0 d-sha-r- C:\autorun.inf 2009-11-25 17:14:47 0 d-----w- C:\UsbFix 2009-11-24 19:34:58 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-24 19:34:58 1401856 ----a-w- c:\windows\system32\msxml6(126).dll 2009-11-24 19:34:49 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-24 19:34:49 1248768 ----a-w- c:\windows\system32\msxml3(124).dll 2009-11-20 17:44:40 16574 ----a-w- c:\windows\EPISMF00.SWB 2009-11-18 19:10:16 12800 ----a-w- c:\windows\system32\tdlclk.dll 2009-11-18 17:48:24 0 d-----w- c:\program files\CCleaner 2009-11-18 10:35:11 0 d-----w- c:\users\carole\appdata\roaming\Auslogics 2009-11-18 10:34:59 0 d-----w- c:\program files\Auslogics 2009-11-16 21:08:22 0 d-----w- c:\program files\Windows Portable Devices 2009-11-16 21:06:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-16 21:00:44 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-16 21:00:41 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-16 21:00:40 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-16 20:58:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-16 20:56:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-16 20:56:23 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-16 20:56:22 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-16 19:20:26 0 d-----w- c:\users\carole\appdata\roaming\Malwarebytes 2009-11-16 19:20:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-16 19:20:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-16 19:20:13 0 d-----w- c:\programdata\Malwarebytes 2009-11-16 19:20:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 11:39:54 98816 ----a-w- c:\windows\sed.exe 2009-11-16 11:39:54 77312 ----a-w- c:\windows\MBR.exe 2009-11-16 11:39:54 260608 ----a-w- c:\windows\PEV.exe 2009-11-16 11:39:54 161792 ----a-w- c:\windows\SWREG.exe 2009-11-13 20:00:42 35680 ----a-w- c:\windows\system32\drivers\fses.sys 2009-11-13 20:00:38 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2009-11-11 10:07:18 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:07:06 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-04 07:16:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-11-02 07:43:18 0 d-----w- c:\program files\iPod 2009-11-02 07:43:06 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2009-11-27 21:52:27 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-11-27 17:53:56 735946 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-27 17:53:56 153972 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-23 20:31:19 27934 ----a-w- c:\programdata\nvModes.dat 2009-11-16 21:08:04 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-16 21:08:04 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-16 21:08:04 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-16 21:08:04 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-13 20:08:24 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys 2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 18:45:12 721904 ------w- c:\windows\system32\drivers\sptd.sys 2009-10-08 09:46:19 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-07-02 03:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll 2008-05-22 17:35:54 51962 ----a-w- c:\program files\common files\banner.jpg 2008-04-16 11:15:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat 2008-04-16 11:15:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat 2008-04-16 11:15:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat 2008-04-16 11:15:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2007-06-12 18:34:50 35822 ----a-w- c:\program files\common files\ASPG_icon.ico 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe ============= FINISH: 23:22:30,50 ===============
  10. Maheva
    Bon alors je comprend pas. J'ai lancer ComboFix, l'ordi a redémarré, il a fait l'ananlyse mais après j'ai pas eu de rapport qui ait apparu. J'ai chercher dans C:\Combofix.txt mais je n'ai rien trouvé, ni ailleur. Bizarre car je n'ai pas eu de message d'erreur.
  11. Maheva
    Ok je vais faire ça en esperant que ça marche. Par contre pour les programme, je trouve ça bizarre car je les avait désinstallé avec ajout/suppression de programme et je pensais que ça avait marché. En tout cas merci.
  12. Maheva
    Alors je sais pas vraiment si ça a marché car le logiciel ne m'a pas demandé de redémarrer. Alors j'ai redémarré par moi même. Voici le rapport: defogger_disable by jpshortstuff (26.11.09.1) Log created at 20:46 on 27/11/2009 (Carole) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Sinon pour les logiciels qui perturbent les logiciels de sécurité, je ne m'en sert plus donc ce n'est pas obligé de les réactiver.
  13. Maheva
    Voici le rapport de Gmer. GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-11-27 17:48:01 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Carole\AppData\Local\Temp\kwtdakoc.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x31 0x65 0x1C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x31 0x65 0x1C ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 1040 bytes File C:\ADSM_PData_0150\DB\VL.db 6160 bytes File C:\ADSM_PData_0150\DB\_avt 512 bytes File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes File C:\Users\Carole\Documents sécurisés 0 bytes File C:\Users\Carole\Documents sécurisés\_avt 512 bytes File C:\Users\Carole\Documents sécurisés\_lit 512 bytes File C:\Users\Carole\Vidéos sécurisées 0 bytes File C:\Users\Carole\Vidéos sécurisées\_avt 512 bytes File C:\Users\Carole\Vidéos sécurisées\_lit 512 bytes File C:\Users\Carole\Musique sécurisée 0 bytes File C:\Users\Carole\Musique sécurisée\_avt 512 bytes File C:\Users\Carole\Musique sécurisée\_lit 512 bytes ---- EOF - GMER 1.0.15 ---- Merci encore pour ton aide.
  14. Maheva
    Alors ça fait plusieurs fois que j'essaie d'avoir le rapport avec Combofix mais j'ai un problème. Il redémarre, il commence tout de suite l'analyse. Puis d'un coup j'ai un écran bleu avec ça d'écrit: A problem has been detected and windows has been shut down to prevent domage to your computer. If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps: Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode. Technical information: *** STOP: 0x0000007E (0xC0000005, 0x87BAD79E, 0x8B75765C, 0x8B757358) Collecting data for crach dump... Initializing disk for crash dump... Du coup je ne peut pas faire l'analyse avec Combofix.
  15. Maheva
    Oui j'ai utilisé combofix, il y a quelques temps pour essayer de supprimer le virus tdlwsp.dll. Je ne savais pas que c'était si risqué. Sinon voilà le rapport d'analyse de virus total: Fichier tdlcmd.dll reçu le 2009.11.25 21:56:36 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.11.25 - AhnLab-V3 5.0.0.2 2009.11.25 - AntiVir 7.9.1.78 2009.11.25 TR/Vundo.Gen Antiy-AVL 2.0.3.7 2009.11.25 - Authentium 5.2.0.5 2009.11.25 - Avast 4.8.1351.0 2009.11.25 - AVG 8.5.0.425 2009.11.25 - BitDefender 7.2 2009.11.25 - CAT-QuickHeal 10.00 2009.11.25 - ClamAV 0.94.1 2009.11.25 - Comodo 3036 2009.11.25 - DrWeb 5.0.0.12182 2009.11.25 - eSafe 7.0.17.0 2009.11.24 - eTrust-Vet 35.1.7142 2009.11.25 - F-Prot 4.5.1.85 2009.11.25 - F-Secure 9.0.15370.0 2009.11.24 - Fortinet 4.0.14.0 2009.11.25 - GData 19 2009.11.25 - Ikarus T3.1.1.74.0 2009.11.25 - Jiangmin 11.0.800 2009.11.25 - K7AntiVirus 7.10.905 2009.11.25 - Kaspersky 7.0.0.125 2009.11.25 Packed.Win32.TDSS.z McAfee 5813 2009.11.25 - McAfee+Artemis 5813 2009.11.25 Artemis!C52ACEFE5F8E McAfee-GW-Edition 6.8.5 2009.11.25 Trojan.Vundo.Gen Microsoft 1.5302 2009.11.25 Trojan:Win32/Alureon.CT NOD32 4637 2009.11.25 - Norman 6.03.02 2009.11.25 - nProtect 2009.1.8.0 2009.11.25 - Panda 10.0.2.2 2009.11.25 Suspicious file PCTools 7.0.3.5 2009.11.25 - Prevx 3.0 2009.11.25 High Risk Rootkit Rising 22.23.02.09 2009.11.25 - Sophos 4.47.0 2009.11.25 Sus/UnkPack-C Sunbelt 3.2.1858.2 2009.11.25 - Symantec 1.4.4.12 2009.11.25 - TheHacker 6.5.0.2.078 2009.11.25 - TrendMicro 9.100.0.1001 2009.11.25 - VBA32 3.12.12.0 2009.11.25 - ViRobot 2009.11.25.2053 2009.11.25 - VirusBuster 5.0.21.0 2009.11.25 - Information additionnelle File size: 23040 bytes MD5...: c52acefe5f8e0b8fe21d1577c1d7fb9f SHA1..: 12a1da682788653671e40b2327434b3dd8dc50cf SHA256: c42f019fd6fb07c837f95318d108a842e4b0d369dbabfe94fd9ee09991cf7ab8 ssdeep: 384:irB6KAfRgHVUDlhdZPLnsJpL02SDzunkof0Qdx:a/mVLn+MDzunffXf<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13fb<BR>timedatestamp.....: 0xd2e70000L (invalid)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x19f0 0x1a00 7.29 1cc21c5afa673c0a61479f8eb02a75a6<BR>.rdata 0x3000 0x8e5 0xa00 3.99 5e0b540ba81ebabff966f2ff9dfde64d<BR>.data 0x4000 0xfbb 0x1000 7.49 922dac8b551c758c66cf6b81550ddb89<BR>.rsrc 0x5000 0x1fb9 0x2000 7.52 29208805fe9b59eeb5243568f55918d9<BR>.reloc 0x7000 0x2a 0x200 0.63 1f58827fec905edfd5e63f78aa74c9e4<BR><BR>( 5 imports ) <BR>> kernel32.dll: SizeofResource, LoadLibraryA, OpenFileMappingA, GetEnvironmentVariableA, SetProcessWorkingSetSize, VirtualFree, GetFileSize, VirtualProtect, GetProcAddress, CompareStringW, WriteProfileSectionA, GetProfileIntA, GetModuleHandleA, GetTempPathA, GetCurrentProcess, GetLogicalDriveStringsW, VirtualAlloc, LockFileEx<BR>> msvcrt.dll: _mbsncoll, _getw, _adjust_fdiv, atoi, strpbrk, __p___initenv, _atodbl, _chmod, _heapused, memcpy, mktime, iswascii, _wexecve<BR>> gdi32.dll: SetPaletteEntries, DeleteDC, SetTextColor, GetRgnBox, GetPixel, GetPaletteEntries<BR>> user32.dll: SetWindowTextW, CheckMenuRadioItem, TranslateAcceleratorW, GetWindowTextLengthW, SetMenuItemInfoW, DestroyWindow, DefWindowProcW<BR>> winmm.dll: waveInReset, joyGetPos, joyGetDevCapsA, waveOutSetPlaybackRate, mmioSetInfo, midiStreamPause, waveInGetID, midiInGetNumDevs, mmioAdvance, waveOutGetErrorTextW, waveOutGetDevCapsA, midiOutGetDevCapsA, mci32Message, mciGetDeviceIDW<BR><BR>( 5 exports ) <BR>YatjgjLvysRcco, RvedFyfwpfyLwo, BaBnyniNojazNerfvjj, YhabxkZals, DaeSxkhupInrnno<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39''>http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39</a> sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.11.25 - AhnLab-V3 5.0.0.2 2009.11.25 - AntiVir 7.9.1.78 2009.11.25 TR/Vundo.Gen Antiy-AVL 2.0.3.7 2009.11.25 - Authentium 5.2.0.5 2009.11.25 - Avast 4.8.1351.0 2009.11.25 - AVG 8.5.0.425 2009.11.25 - BitDefender 7.2 2009.11.25 - CAT-QuickHeal 10.00 2009.11.25 - ClamAV 0.94.1 2009.11.25 - Comodo 3036 2009.11.25 - DrWeb 5.0.0.12182 2009.11.25 - eSafe 7.0.17.0 2009.11.24 - eTrust-Vet 35.1.7142 2009.11.25 - F-Prot 4.5.1.85 2009.11.25 - F-Secure 9.0.15370.0 2009.11.24 - Fortinet 4.0.14.0 2009.11.25 - GData 19 2009.11.25 - Ikarus T3.1.1.74.0 2009.11.25 - Jiangmin 11.0.800 2009.11.25 - K7AntiVirus 7.10.905 2009.11.25 - Kaspersky 7.0.0.125 2009.11.25 Packed.Win32.TDSS.z McAfee 5813 2009.11.25 - McAfee+Artemis 5813 2009.11.25 Artemis!C52ACEFE5F8E McAfee-GW-Edition 6.8.5 2009.11.25 Trojan.Vundo.Gen Microsoft 1.5302 2009.11.25 Trojan:Win32/Alureon.CT NOD32 4637 2009.11.25 - Norman 6.03.02 2009.11.25 - nProtect 2009.1.8.0 2009.11.25 - Panda 10.0.2.2 2009.11.25 Suspicious file PCTools 7.0.3.5 2009.11.25 - Prevx 3.0 2009.11.25 High Risk Rootkit Rising 22.23.02.09 2009.11.25 - Sophos 4.47.0 2009.11.25 Sus/UnkPack-C Sunbelt 3.2.1858.2 2009.11.25 - Symantec 1.4.4.12 2009.11.25 - TheHacker 6.5.0.2.078 2009.11.25 - TrendMicro 9.100.0.1001 2009.11.25 - VBA32 3.12.12.0 2009.11.25 - ViRobot 2009.11.25.2053 2009.11.25 - VirusBuster 5.0.21.0 2009.11.25 - Information additionnelle File size: 23040 bytes MD5...: c52acefe5f8e0b8fe21d1577c1d7fb9f SHA1..: 12a1da682788653671e40b2327434b3dd8dc50cf SHA256: c42f019fd6fb07c837f95318d108a842e4b0d369dbabfe94fd9ee09991cf7ab8 ssdeep: 384:irB6KAfRgHVUDlhdZPLnsJpL02SDzunkof0Qdx:a/mVLn+MDzunffXf<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13fb<BR>timedatestamp.....: 0xd2e70000L (invalid)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x19f0 0x1a00 7.29 1cc21c5afa673c0a61479f8eb02a75a6<BR>.rdata 0x3000 0x8e5 0xa00 3.99 5e0b540ba81ebabff966f2ff9dfde64d<BR>.data 0x4000 0xfbb 0x1000 7.49 922dac8b551c758c66cf6b81550ddb89<BR>.rsrc 0x5000 0x1fb9 0x2000 7.52 29208805fe9b59eeb5243568f55918d9<BR>.reloc 0x7000 0x2a 0x200 0.63 1f58827fec905edfd5e63f78aa74c9e4<BR><BR>( 5 imports ) <BR>> kernel32.dll: SizeofResource, LoadLibraryA, OpenFileMappingA, GetEnvironmentVariableA, SetProcessWorkingSetSize, VirtualFree, GetFileSize, VirtualProtect, GetProcAddress, CompareStringW, WriteProfileSectionA, GetProfileIntA, GetModuleHandleA, GetTempPathA, GetCurrentProcess, GetLogicalDriveStringsW, VirtualAlloc, LockFileEx<BR>> msvcrt.dll: _mbsncoll, _getw, _adjust_fdiv, atoi, strpbrk, __p___initenv, _atodbl, _chmod, _heapused, memcpy, mktime, iswascii, _wexecve<BR>> gdi32.dll: SetPaletteEntries, DeleteDC, SetTextColor, GetRgnBox, GetPixel, GetPaletteEntries<BR>> user32.dll: SetWindowTextW, CheckMenuRadioItem, TranslateAcceleratorW, GetWindowTextLengthW, SetMenuItemInfoW, DestroyWindow, DefWindowProcW<BR>> winmm.dll: waveInReset, joyGetPos, joyGetDevCapsA, waveOutSetPlaybackRate, mmioSetInfo, midiStreamPause, waveInGetID, midiInGetNumDevs, mmioAdvance, waveOutGetErrorTextW, waveOutGetDevCapsA, midiOutGetDevCapsA, mci32Message, mciGetDeviceIDW<BR><BR>( 5 exports ) <BR>YatjgjLvysRcco, RvedFyfwpfyLwo, BaBnyniNojazNerfvjj, YhabxkZals, DaeSxkhupInrnno<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A363F7E5000C4C7F5AD500E144B63C00EEEA8B39</a> sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  16. Maheva
    Alors j'avais entendu parler de ça et j'ai fait une analyse en début de soirée. Voici le fichier log.txt: Logfile of random's system information tool 1.06 (written by random/random) Run by Carole at 2009-11-25 18:05:17 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 79 GB (52%) free of 153 GB Total RAM: 3070 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:05:31, on 25/11/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATK Hotkey\HControlUser.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\eMule\emule.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Orange\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Carole\Desktop\RSIT.exe C:\Program Files\trend micro\Carole.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [symLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\SETUP.EXE" " /X" O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S2EBF.tmp" /EF "HKLM" O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S4A38.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [EPSON Stylus CX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /FU "C:\Windows\TEMP\E_SACA.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 9414 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Scheduled scanning task.job C:\Windows\tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}] Browsing Protection Class - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll [2009-11-13 535136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll [2009-11-13 535136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-26 92704] "HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304] "ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-13 6265376] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-25 159744] "ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-11-21 47672] "ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-11-21 33136] "SymLnch"=C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\SETUP.EXE /X [] "EPSON Stylus DX4200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE [2005-03-08 98304] "EPSON Stylus DX4200 Series (Copie 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE [2005-03-08 98304] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "F-Secure Manager"=C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE [2009-08-05 199264] "F-Secure TNB"=C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe [2009-08-05 2349664] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] "EPSON Stylus CX4200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE [2007-01-19 177664] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2008-06-26 13543968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe [2007-02-16 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8fb13f-b43b-11de-8ef1-0023548f92e7}] shell\AutoRun\command - F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7aa0463-8deb-11de-8491-0023548f92e7}] shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-11-25 18:05:17 ----D---- C:\rsit 2009-11-25 18:05:17 ----D---- C:\Program Files\trend micro 2009-11-25 18:05:17 ----D---- \rsit 2009-11-25 17:58:39 ----A---- C:\Windows\system32\tdlclk.dll 2009-11-25 13:48:10 ----A---- C:\Windows\system32\tdlcmd.dll 2009-11-25 13:01:53 ----A---- C:\Windows\system32\tzres.dll 2009-11-24 20:34:58 ----A---- C:\Windows\system32\msxml6.dll 2009-11-24 20:34:49 ----A---- C:\Windows\system32\msxml3.dll 2009-11-18 18:48:24 ----D---- C:\Program Files\CCleaner 2009-11-18 14:07:15 ----A---- C:\Bug.txt 2009-11-18 14:07:15 ----A---- \Bug.txt 2009-11-18 14:06:32 ----D---- C:\32788R22FWJFW 2009-11-18 14:06:32 ----D---- \32788R22FWJFW 2009-11-18 11:35:11 ----D---- C:\Users\Carole\AppData\Roaming\Auslogics 2009-11-18 11:34:59 ----D---- C:\Program Files\Auslogics 2009-11-16 22:08:22 ----D---- C:\Program Files\Windows Portable Devices 2009-11-16 22:00:44 ----A---- C:\Windows\system32\UIAnimation.dll 2009-11-16 22:00:41 ----A---- C:\Windows\system32\UIRibbonRes.dll 2009-11-16 22:00:40 ----A---- C:\Windows\system32\UIRibbon.dll 2009-11-16 21:59:55 ----A---- C:\Windows\system32\WMPhoto.dll 2009-11-16 21:59:52 ----A---- C:\Windows\system32\cdd.dll 2009-11-16 21:59:49 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-11-16 21:59:49 ----A---- C:\Windows\system32\d3d10warp.dll 2009-11-16 21:59:48 ----A---- C:\Windows\system32\XpsRasterService.dll 2009-11-16 21:59:48 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2009-11-16 21:59:47 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-11-16 21:59:47 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-11-16 21:59:47 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-11-16 21:59:47 ----A---- C:\Windows\system32\dxdiagn.dll 2009-11-16 21:59:47 ----A---- C:\Windows\system32\d2d1.dll 2009-11-16 21:59:46 ----A---- C:\Windows\system32\XpsPrint.dll 2009-11-16 21:59:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-11-16 21:59:46 ----A---- C:\Windows\system32\dxdiag.exe 2009-11-16 21:59:45 ----A---- C:\Windows\system32\xpsservices.dll 2009-11-16 21:59:45 ----A---- C:\Windows\system32\OpcServices.dll 2009-11-16 21:59:45 ----A---- C:\Windows\system32\FntCache.dll 2009-11-16 21:59:45 ----A---- C:\Windows\system32\DWrite.dll 2009-11-16 21:59:44 ----A---- C:\Windows\system32\d3d11.dll 2009-11-16 21:59:44 ----A---- C:\Windows\system32\d3d10level9.dll 2009-11-16 21:59:44 ----A---- C:\Windows\system32\d3d10core.dll 2009-11-16 21:59:44 ----A---- C:\Windows\system32\d3d10_1core.dll 2009-11-16 21:59:43 ----A---- C:\Windows\system32\dxgi.dll 2009-11-16 21:59:43 ----A---- C:\Windows\system32\d3d10_1.dll 2009-11-16 21:59:43 ----A---- C:\Windows\system32\d3d10.dll 2009-11-16 21:59:04 ----A---- C:\Windows\system32\WPDShextAutoplay.exe 2009-11-16 21:59:04 ----A---- C:\Windows\system32\wpdbusenum.dll 2009-11-16 21:59:04 ----A---- C:\Windows\system32\BthMtpContextHandler.dll 2009-11-16 21:58:51 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll 2009-11-16 21:58:43 ----A---- C:\Windows\system32\WPDShServiceObj.dll 2009-11-16 21:58:43 ----A---- C:\Windows\system32\wpdshext.dll 2009-11-16 21:58:43 ----A---- C:\Windows\system32\wpd_ci.dll 2009-11-16 21:58:42 ----A---- C:\Windows\system32\WPDSp.dll 2009-11-16 21:58:42 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll 2009-11-16 21:58:42 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2009-11-16 21:58:42 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2009-11-16 21:58:42 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-11-16 21:56:31 ----A---- C:\Windows\system32\oleaccrc.dll 2009-11-16 21:56:23 ----A---- C:\Windows\system32\oleacc.dll 2009-11-16 21:56:22 ----A---- C:\Windows\system32\UIAutomationCore.dll 2009-11-16 20:20:26 ----D---- C:\Users\Carole\AppData\Roaming\Malwarebytes 2009-11-16 20:20:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-16 20:05:24 ----SD---- C:\ComboFix 2009-11-16 20:05:24 ----SD---- \ComboFix 2009-11-16 12:39:54 ----A---- C:\Windows\zip.exe 2009-11-16 12:39:54 ----A---- C:\Windows\SWXCACLS.exe 2009-11-16 12:39:54 ----A---- C:\Windows\SWSC.exe 2009-11-16 12:39:54 ----A---- C:\Windows\SWREG.exe 2009-11-16 12:39:54 ----A---- C:\Windows\sed.exe 2009-11-16 12:39:54 ----A---- C:\Windows\PEV.exe 2009-11-16 12:39:54 ----A---- C:\Windows\NIRCMD.exe 2009-11-16 12:39:54 ----A---- C:\Windows\MBR.exe 2009-11-16 12:39:54 ----A---- C:\Windows\grep.exe 2009-11-16 12:32:40 ----D---- C:\Windows\ERDNT 2009-11-11 11:07:06 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-04 08:16:25 ----A---- C:\Windows\system32\mshtml.dll 2009-11-02 08:43:18 ----D---- C:\Program Files\iPod 2009-11-02 08:43:06 ----D---- C:\Program Files\iTunes 2009-10-28 08:52:28 ----A---- C:\Windows\system32\wmp.dll 2009-10-28 08:52:19 ----A---- C:\Windows\system32\unregmp2.exe 2009-10-28 08:52:10 ----A---- C:\Windows\system32\wmploc.DLL ======List of files/folders modified in the last 1 months====== 2009-11-25 18:05:31 ----D---- C:\Windows\Prefetch 2009-11-25 18:05:26 ----D---- C:\Windows\Temp 2009-11-25 18:05:17 ----RD---- C:\Program Files 2009-11-25 18:05:17 ----RD---- \Program Files 2009-11-25 18:03:07 ----D---- C:\Windows 2009-11-25 18:03:07 ----D---- \Windows 2009-11-25 17:58:39 ----D---- C:\Windows\System32 2009-11-25 13:35:34 ----D---- C:\Windows\rescache 2009-11-25 13:15:53 ----D---- C:\Windows\system32\fr-FR 2009-11-25 13:03:14 ----D---- C:\Windows\winsxs 2009-11-25 13:02:47 ----D---- C:\Windows\system32\catroot 2009-11-25 13:02:46 ----D---- C:\Windows\system32\catroot2 2009-11-25 13:00:40 ----SHD---- C:\System Volume Information 2009-11-25 13:00:40 ----SHD---- \System Volume Information 2009-11-24 20:17:25 ----A---- C:\Windows\system32\acovcnt.exe 2009-11-24 20:16:37 ----D---- C:\Windows\system32\wbem 2009-11-24 20:15:05 ----D---- C:\Windows\system32\config 2009-11-24 20:14:51 ----D---- C:\Windows\Tasks 2009-11-24 20:14:51 ----D---- C:\Windows\system32\Tasks 2009-11-24 20:14:51 ----D---- C:\Windows\system32\spool 2009-11-24 20:14:51 ----D---- C:\Windows\system32\Msdtc 2009-11-24 20:14:51 ----D---- C:\Windows\system32\drivers 2009-11-24 20:14:51 ----D---- C:\Windows\inf 2009-11-24 20:14:48 ----D---- C:\Program Files\Common Files\LightScribe 2009-11-24 20:14:47 ----D---- C:\Program Files\Bonjour 2009-11-24 20:14:47 ----D---- C:\Program Files\ATKOSD2 2009-11-24 20:14:47 ----D---- C:\Program Files\ATKGFNEX 2009-11-24 20:14:47 ----D---- C:\Program Files\ATK Hotkey 2009-11-24 20:14:46 ----D---- C:\Windows\registration 2009-11-18 20:24:22 ----D---- C:\Windows\Debug 2009-11-18 18:38:53 ----SHD---- C:\Windows\Installer 2009-11-18 18:38:50 ----D---- C:\Program Files\Windows Live 2009-11-18 18:37:00 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-18 09:58:29 ----HD---- C:\ProgramData 2009-11-18 09:58:29 ----HD---- \ProgramData 2009-11-17 11:59:39 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-16 22:08:10 ----D---- C:\Windows\system32\zh-TW 2009-11-16 22:08:10 ----D---- C:\Windows\system32\zh-HK 2009-11-16 22:08:10 ----D---- C:\Windows\system32\zh-CN 2009-11-16 22:08:10 ----D---- C:\Windows\system32\uk-UA 2009-11-16 22:08:10 ----D---- C:\Windows\system32\tr-TR 2009-11-16 22:08:10 ----D---- C:\Windows\system32\th-TH 2009-11-16 22:08:10 ----D---- C:\Windows\system32\sv-SE 2009-11-16 22:08:10 ----D---- C:\Windows\system32\sr-Latn-CS 2009-11-16 22:08:10 ----D---- C:\Windows\system32\sl-SI 2009-11-16 22:08:10 ----D---- C:\Windows\system32\sk-SK 2009-11-16 22:08:10 ----D---- C:\Windows\system32\ru-RU 2009-11-16 22:08:10 ----D---- C:\Windows\system32\ro-RO 2009-11-16 22:08:10 ----D---- C:\Windows\system32\pt-PT 2009-11-16 22:08:10 ----D---- C:\Windows\system32\pt-BR 2009-11-16 22:08:10 ----D---- C:\Windows\system32\pl-PL 2009-11-16 22:08:10 ----D---- C:\Windows\system32\nl-NL 2009-11-16 22:08:10 ----D---- C:\Windows\system32\nb-NO 2009-11-16 22:08:10 ----D---- C:\Windows\system32\lv-LV 2009-11-16 22:08:10 ----D---- C:\Windows\system32\lt-LT 2009-11-16 22:08:10 ----D---- C:\Windows\system32\ko-KR 2009-11-16 22:08:10 ----D---- C:\Windows\system32\ja-JP 2009-11-16 22:08:10 ----D---- C:\Windows\system32\it-IT 2009-11-16 22:08:10 ----D---- C:\Windows\system32\hu-HU 2009-11-16 22:08:10 ----D---- C:\Windows\system32\hr-HR 2009-11-16 22:08:10 ----D---- C:\Windows\system32\he-IL 2009-11-16 22:08:10 ----D---- C:\Windows\system32\fi-FI 2009-11-16 22:08:10 ----D---- C:\Windows\system32\et-EE 2009-11-16 22:08:10 ----D---- C:\Windows\system32\es-ES 2009-11-16 22:08:10 ----D---- C:\Windows\system32\en-US 2009-11-16 22:08:10 ----D---- C:\Windows\system32\el-GR 2009-11-16 22:08:10 ----D---- C:\Windows\system32\de-DE 2009-11-16 22:08:10 ----D---- C:\Windows\system32\da-DK 2009-11-16 22:08:10 ----D---- C:\Windows\system32\cs-CZ 2009-11-16 22:08:10 ----D---- C:\Windows\system32\bg-BG 2009-11-16 22:08:10 ----D---- C:\Windows\system32\ar-SA 2009-11-13 19:42:48 ----D---- C:\Program Files\Orange 2009-11-13 19:34:32 ----D---- C:\Program Files\Securitoo 2009-11-13 17:02:25 ----SD---- C:\Users\Carole\AppData\Roaming\Microsoft 2009-11-13 14:34:40 ----D---- C:\Program Files\ASUS 2009-11-13 14:29:45 ----RD---- C:\Users 2009-11-13 14:29:45 ----RD---- \Users 2009-11-12 11:10:39 ----D---- C:\Program Files\Windows Mail 2009-11-09 20:24:28 ----D---- C:\Program Files\Java 2009-11-05 18:36:22 ----A---- C:\Windows\system32\mrt.exe 2009-11-05 15:01:43 ----D---- C:\Program Files\Common Files 2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe 2009-11-02 08:43:11 ----D---- C:\Program Files\Common Files\Apple 2009-10-29 10:27:10 ----D---- C:\Program Files\Windows Media Player 2009-10-29 10:27:10 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-08-05 68064] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2009-08-05 35680] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2009-08-05 71040] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2009-11-13 101496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-13 2159384] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-26 7534720] R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-11-16 48128] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-13 1772544] R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400] S3 catchme;catchme; \??\C:\Users\Carole\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] S3 UMPass;Pilote Microsoft UMPass; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [2009-08-05 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE [2009-08-05 186976] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-26 196608] R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe [2009-08-05 522848] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2009-11-13 55928] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 ICScsiSV;Image Converter SCSI Service; C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952] S3 IcVzMonLauncher;IcVzMonLauncher; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-20 112184] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-20 75320] -----------------EOF----------------- Et voici le fichier info.txt info.txt logfile of random's system information tool 1.06 2009-11-25 18:05:37 ======Uninstall list====== -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\Orange\Antivirus Firewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" -->Dummy 2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Anti-virus firewall-->"C:\Program Files\Orange\Antivirus Firewall\FSGUI\PostInstall.exe" /tUnInstall Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354} ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA} ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D} Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe" Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x0009 -removeonly ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF} ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3} Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560} Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall DVD Solution-->"C:\Program Files\Uninstall_CDS.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r Express Gate-->MsiExec.exe /I{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB} F-Secure PSC Prerequisites-->MsiExec.exe /I{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3} Garmin Communicator Plugin-->MsiExec.exe /X{EFF87108-C9D0-43F1-BEE1-28DA87778F1A} Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Image Converter 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}\setup.exe" -l0x40c /CONPANE -removeonly Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Money 2000 Suite Financière-->C:\Program Files\Microsoft Money\setup\setup.exe Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {0A75DA12-55CB-4DE5-8B6A-74D97847204E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE} Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {C76C02F1-B07F-4974-876A-A18DEC9887C8} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE} Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word 2007 Help - Aggiornamento (KB963665)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OpenMG Limited Patch 4.7-07-15-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x40c UNINSTALL -removeonly Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{82419DFA-102C-403D-B9D0-C0F0652AB8F8} Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x40c -removeonly /nos Supermarket Management-->"C:\Windows\Supermarket Management\uninstall.exe" "/U:C:\Program Files\Supermarket Management\Uninstall\uninstall.xml" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA} Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5} Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809} USB2.0 UVC 1.3M WebCam-->C:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam' Video Downloader-->C:\Program Files\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly WALKMAN Launcher-->C:\Program Files\InstallShield Installation Information\{C20B3C31-28CD-4732-AE45-A30F401AF91F}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Ordi-de-Carole Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB948465(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 80055 Source Name: Microsoft-Windows-Servicing Time Written: 20090808054432.000000-000 Event Type: Avertissement User: Ordi-de-Carole\Carole Computer Name: Ordi-de-Carole Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB948465(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 79967 Source Name: Microsoft-Windows-Servicing Time Written: 20090808054432.000000-000 Event Type: Avertissement User: Ordi-de-Carole\Carole Computer Name: Ordi-de-Carole Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB948465(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 79965 Source Name: Microsoft-Windows-Servicing Time Written: 20090808054432.000000-000 Event Type: Avertissement User: Ordi-de-Carole\Carole Computer Name: Ordi-de-Carole Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB948465(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 79961 Source Name: Microsoft-Windows-Servicing Time Written: 20090808054432.000000-000 Event Type: Avertissement User: Ordi-de-Carole\Carole Computer Name: Ordi-de-Carole Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB948465(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 79954 Source Name: Microsoft-Windows-Servicing Time Written: 20090808054432.000000-000 Event Type: Avertissement User: Ordi-de-Carole\Carole =====Application event log===== Computer Name: Ordi-de-Carole Event Code: 3086 Message: Les paramètres régionaux du système ont changé. Les données existantes vont être supprimées et l'index doit être recréé. Contexte : Application , Catalogue SystemIndex Record Number: 718 Source Name: Microsoft-Windows-Search Time Written: 20090120195138.000000-000 Event Type: Avertissement User: Computer Name: Ordi-de-Carole Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 693 Source Name: Microsoft-Windows-WMI Time Written: 20090120194842.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: Ordi-de-Carole Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 692 Source Name: Microsoft-Windows-WMI Time Written: 20090120194842.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: Ordi-de-Carole Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 679 Source Name: Microsoft-Windows-WMI Time Written: 20090121114710.000000-000 Event Type: Erreur User: Computer Name: Ordi-de-Carole Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 675 Source Name: Microsoft-Windows-Search Time Written: 20090121114703.000000-000 Event Type: Avertissement User: =====Security event log===== Computer Name: Ordi-de-Carole Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : ORDI-DE-CAROLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 10214 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090526052405.587931-000 Event Type: Succès de l'audit User: Computer Name: Ordi-de-Carole Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : ORDI-DE-CAROLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 10213 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090526052405.587931-000 Event Type: Succès de l'audit User: Computer Name: Ordi-de-Carole Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 10212 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090526052405.494331-000 Event Type: Succès de l'audit User: Computer Name: Ordi-de-Carole Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : ORDI-DE-CAROLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 10211 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090526052405.494331-000 Event Type: Succès de l'audit User: Computer Name: Ordi-de-Carole Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : ORDI-DE-CAROLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 10210 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090526052405.494331-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "configsetroot"=%SystemRoot%\ConfigSetRoot "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  17. Maheva
    Justement non. Quand je redémarre, mon antivirus me redit qu'il a détecté le virus. Je refait un analyse de Malwarebytes et il retrouve le virus. Il le resupprime. Enfin bref ça tourne en rond. Le virus revient après chaque redémarrage.
  18. Maheva
    Bonjour, Il y a quelques temps j'avais un virus qui revenait régulièrement malgré la suppression par mon logiciel antivirus. C'était un fichier tdlwsp.dll. J'ai vu sur internet qu'il s'agissait d'une mauvaise instalation de JAVA donc je l'ai supprimé. Mais maintenant j'ai un autre virus et je n'arrive pas à en venir à bout. Il s'agit de C:\Windows\System32\tdlcmd.dll J'ai fait un examen complet avec Malwarebytes Antimalware. Voici el rapport: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3180 Windows 6.0.6002 Service Pack 2 24/11/2009 22:08:40 mbam-log-2009-11-24 (22-08-40).txt Type de recherche: Examen complet (C:\|D:\|E:\|G:\|) Eléments examinés: 254363 Temps écoulé: 1 hour(s), 8 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\tdlcmd.dll (Rootkit.Agent) -> Quarantined and deleted successfully. Merci de m'aider.
×
×
  • Créer...