Aller au contenu

Emmanuel007

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male

Autres informations

  • Mes langues
    français, anglais

Emmanuel007's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Emmanuel007
  2. Emmanuel007
    Bonjour, J'essaie d'installer XP sur une ASUS A8V-VM (qui gère le RAID et le SATA2) J'ai 2 DD Western Digtal Caviar Blue 500Go. Le Bios (version 0401, qu'importe) a crée un "Array 0 des 2 DD avec 950 Go, jusque là TVB ! Après ca se gâte, XP demande un driver sur A: Western me renvoie sur le fabricant de la CM. Et je n'ai pas (car CM donnée) et après avoir cherché, sur ASUS et ailleurs, pas trouvé, et cela doit tenir sur une disquette 1,44Mo (?) C'est là que je sollicite votre aide Merci, Emmanuel PS : dispo pour d'autres infos Config dans le profil.
  3. Emmanuel007

    changer mon profil

    En savoir plus  
  4. Emmanuel007
    Bonjour, En effet, tout va bien, plus de message de FS. J'ai fini les mises à jour, mais comme je suis avec F-secure (et que je n'ai rien besoin d'autre, à part MBAM), à chaque démarrage, windows me demande une mise à jour, si je veux installer un logiciel contre les malveillances, et je ne peux m'en débarrasser et dire NON ! , c'est tout bon !! Il revient à chaque fois. Sinon, je suis passé à Firefox et c'est bien, on s'y habitue vite (j'ai aussi mis à jour IE8) J'ai aussi mis sur DVD des trucs qui ne me servent ou serviraient jamais, je tourne maintenant avec un DD80go avec au moins 30go de libre !! Le bonheur, je peux continuer à engranger les connaissances du net !! Merci, PS : je vais ouvrir un nouveau topic, car mes sélections s'impriment en pica 2, économie de papier pour sûr !! mais pour lire à tête reposée c'est impossible...
  5. Emmanuel007
    Oui, FS contrôle les applications qui veulent se connecter (pour des mises à jour certainement des logiciels ci-dessus) Emmanuel
  6. Emmanuel007
    Bonjour, Merci Thanos pour toute ton aide, J'ai mis à jour java, adobe et windows, cela m'a pris 2 jours... Maintenant mon anti-virus me demande s'il doit accepter les connexions "sortantes" je crois que j'ai dis non parce que j'avais besoin d'utiliser l'ordinateur. Ca marche bien à part que je dois demander à fsecure de me remettre la mise à jour 2010 car la version 2009 rame et leur lien ne fonctionne plus http://newsletter.f-secure.com/re?l=ew1o5yI45h5k02I5 Et c'est d'après eux une version 60 % plus rapide. je cherche à les contacter, Bon, je change le topic, je le met à RESOLU. Merci à toi, Emmanuel
  7. Emmanuel007
    Bonjour J'ai utilisé hijack pour retirer les 3 entrées "vides". Surprenant, tout était coché par défaut !! Il faut être vigilant ! Mon PC se porte visiblement bien, 30s à l'extinction sauf hier soir (3 mn ?) , démarrage entre 2 et 3 mn. Il faut préciser que le PC a 5 ans et demi. Je n'ai pas trouvé OTM , j'ai supprimé le répertoire. Je te remercie d'avoir consacré du temps à me débarasser de ce virus. Je pense que l'on a dû cliquer sur "éliminer le virus" sur une fenêtre XP anti malware 2010" par confusion avec l'antivirus FS2010, et le virus s'est donc installé. Merci encore, Emmanuel
  8. Emmanuel007
    Logfile of random's system information tool 1.06 (written by random/random) Run by Emmanuel at 2010-03-25 23:21:05 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 12 GB (15%) free of 79 GB Total RAM: 511 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21:26, on 25/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\etMon.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Emmanuel\Bureau\RSIT.exe C:\Program Files\trend micro\Emmanuel.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file) O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file) O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe O4 - HKLM\..\Run: [soundMan] c:\windows\system32\sndvol32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 5603 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}] NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {265EEE8E-3228-44D3-AEA5-F7FDF5860049} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "etMonitor"=C:\WINDOWS\etMon.exe [2005-07-26 40960] "SoundMan"=c:\windows\system32\sndvol32.exe [2001-08-28 139264] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "SchedulingAgent"=mstinit.exe /firstlogon [] "F-Secure Manager"=C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE [2008-10-14 182936] "F-Secure TNB"=C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe [2008-10-14 957024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\windows\system32\upnpui.dll [2004-08-19 240128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "Locktaskbar"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\Program Files\3DO\Scenarios\uTorrent\uTorrent.exe"="C:\Program Files\3DO\Scenarios\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\Emmanuel\Application Data\U3\0D506361107198A9\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="C:\Documents and Settings\Emmanuel\Application Data\U3\0D506361107198A9\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5de680a-5b96-11db-99ba-00012921c9d1}] shell\AutoRun\command - G:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2010-03-24 22:35:21 ----D---- C:\Documents and Settings\Emmanuel\Application Data\Malwarebytes 2010-03-24 22:35:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-24 22:35:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-23 22:28:36 ----D---- C:\Program Files\CCleaner 2010-03-23 10:29:30 ----D---- C:\Program Files\trend micro 2010-03-23 10:29:26 ----D---- C:\rsit 2010-03-22 22:36:28 ----A---- C:\TCleaner.txt 2010-03-22 22:36:15 ----D---- C:\WINDOWS\Temp 2010-03-21 19:02:47 ----D---- C:\_OTM 2010-03-21 18:58:43 ----D---- C:\WINDOWS\ERDNT 2010-03-21 18:57:55 ----D---- C:\Program Files\ERUNT 2010-03-21 16:12:11 ----D---- C:\Program Files\F-Secure Internet Security 2010-03-21 15:39:35 ----A---- C:\cwshredder.exe 2010-03-21 15:13:59 ----D---- C:\Program Files\Support Tools 2010-03-21 14:16:36 ----D---- C:\WINDOWS\Prefetch 2010-03-21 13:46:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-03-21 11:31:02 ----A---- C:\WINDOWS\system32\cnbjmon2.dll 2010-03-21 11:29:18 ----RD---- C:\WINDOWS\Offline Web Pages 2010-03-21 11:29:18 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrslv.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrdm.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\racpldlg.dll 2010-03-21 11:28:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2010-03-21 11:28:42 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2010-03-21 11:28:41 ----A---- C:\WINDOWS\system32\inetres.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\isign32.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\inetcfg.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\icwphbk.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\icwdial.dll 2010-03-21 11:28:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2010-03-21 11:28:33 ----A---- C:\WINDOWS\system32\qmgr.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srsvc.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srrstr.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srclient.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\msconf.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\mnmdd.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\ils.dll 2010-03-21 11:28:22 ----A---- C:\WINDOWS\system32\msoert2.dll 2010-03-21 11:28:22 ----A---- C:\WINDOWS\system32\msoeacct.dll 2010-03-21 11:28:21 ----A---- C:\WINDOWS\system32\schedsvc.dll 2010-03-21 11:28:21 ----A---- C:\WINDOWS\system32\inetcomm.dll 2010-03-21 11:28:20 ----A---- C:\WINDOWS\system32\mstinit.exe 2010-03-21 11:28:20 ----A---- C:\WINDOWS\system32\mstask.dll 2010-03-21 11:26:42 ----D---- C:\Program Files\ComPlus Applications 2010-03-21 11:26:27 ----HD---- C:\Program Files\WindowsUpdate 2010-03-21 11:26:27 ----D---- C:\Program Files\Services en ligne 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\sndrec32.exe 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\hypertrm.dll 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\accwiz.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\rdshost.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\qprocess.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\mtxoci.dll 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\msdtctm.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\xolehlp.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\msdtclog.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\msdtc.exe 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\comuid.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\colbact.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\clbcatex.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\catsrvps.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\catsrv.dll 2010-03-21 11:26:16 ----A---- C:\WINDOWS\system32\clbcatq.dll 2010-03-21 11:26:12 ----A---- C:\WINDOWS\system32\servdeps.dll 2010-03-21 11:26:12 ----A---- C:\WINDOWS\system32\mmfutil.dll 2010-03-21 11:26:11 ----A---- C:\WINDOWS\system32\cmprops.dll 2010-03-21 11:26:06 ----D---- C:\Program Files\MSN 2010-03-21 11:26:06 ----A---- C:\WINDOWS\system32\mplay32.exe 2010-03-21 11:26:04 ----A---- C:\WINDOWS\system32\mspaint.exe 2010-03-21 11:26:04 ----A---- C:\WINDOWS\system32\clipbrd.exe 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuauserv.dll 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuaueng.dll 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuauclt.exe 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\spider.exe 2010-03-21 11:26:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2010-03-21 11:26:02 ----A---- C:\WINDOWS\system32\mstscax.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\sessmgr.exe 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\remotepg.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\rdchost.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\mstsc.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\termsrv.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpclip.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\icaapi.dll 2010-03-21 11:25:59 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2010-03-21 11:25:59 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2010-03-21 11:25:58 ----A---- C:\WINDOWS\system32\catsrvut.dll 2010-03-21 11:25:57 ----A---- C:\WINDOWS\system32\comsvcs.dll 2010-03-21 11:25:51 ----A---- C:\WINDOWS\system32\licwmi.dll 2010-03-21 11:12:41 ----A---- C:\WINDOWS\system32\ksuser.dll 2010-03-21 11:10:25 ----A---- C:\WINDOWS\system32\irclass.dll 2010-03-21 11:10:24 ----A---- C:\WINDOWS\system32\spxcoins.dll 2010-03-21 11:10:23 ----A---- C:\WINDOWS\system32\storprop.dll 2010-03-21 09:48:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2010-03-10 22:59:07 ----D---- C:\Documents and Settings\Emmanuel\Application Data\DassaultSystemes ======List of files/folders modified in the last 1 months====== 2010-03-25 19:55:34 ----A---- C:\WINDOWS\Ulead32.ini 2010-03-25 19:31:51 ----D---- C:\Program Files\Paint Shop Pro 6 2010-03-25 07:09:12 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-25 07:07:10 ----D---- C:\WINDOWS\system32\drivers 2010-03-25 07:07:10 ----D---- C:\WINDOWS\ime 2010-03-25 07:06:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-25 07:02:53 ----D---- C:\WINDOWS 2010-03-24 22:35:02 ----RD---- C:\Program Files 2010-03-24 14:53:46 ----A---- C:\WINDOWS\system.ini 2010-03-23 23:22:51 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-23 23:02:16 ----D---- C:\Program Files\Visioimg 2010-03-23 22:31:54 ----D---- C:\WINDOWS\Debug 2010-03-23 22:31:53 ----D---- C:\WINDOWS\Minidump 2010-03-21 17:38:17 ----SHD---- C:\RECYCLER 2010-03-21 16:14:25 ----D---- C:\WINDOWS\system32 2010-03-21 16:14:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-21 16:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\fssg 2010-03-21 15:14:11 ----SHD---- C:\WINDOWS\Installer 2010-03-21 15:14:05 ----D---- C:\WINDOWS\Help 2010-03-21 14:59:48 ----D---- C:\WINDOWS\security 2010-03-21 14:46:18 ----D---- C:\Documents and Settings\Emmanuel\Application Data\uTorrent 2010-03-21 14:44:43 ----ASH---- C:\boot.ini 2010-03-21 14:44:43 ----A---- C:\WINDOWS\win.ini 2010-03-21 14:19:34 ----D---- C:\WINDOWS\system32\inetsrv 2010-03-21 14:18:21 ----HD---- C:\WINDOWS\inf 2010-03-21 14:15:56 ----D---- C:\WINDOWS\AppPatch 2010-03-21 14:15:55 ----D---- C:\WINDOWS\system32\wbem 2010-03-21 14:15:54 ----RSD---- C:\WINDOWS\Fonts 2010-03-21 14:12:27 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-21 14:08:39 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-21 14:08:38 ----D---- C:\WINDOWS\system32\Setup 2010-03-21 14:02:00 ----D---- C:\Program Files\Movie Maker 2010-03-21 14:02:00 ----D---- C:\Program Files\Internet Explorer 2010-03-21 14:01:58 ----D---- C:\WINDOWS\system32\Restore 2010-03-21 14:01:57 ----D---- C:\WINDOWS\system32\npp 2010-03-21 14:01:57 ----D---- C:\WINDOWS\msagent 2010-03-21 14:01:53 ----D---- C:\WINDOWS\srchasst 2010-03-21 14:01:50 ----D---- C:\Program Files\NetMeeting 2010-03-21 14:01:46 ----D---- C:\WINDOWS\system32\Com 2010-03-21 14:01:42 ----D---- C:\Program Files\Windows Media Player 2010-03-21 14:01:40 ----D---- C:\Program Files\Windows NT 2010-03-21 14:01:39 ----D---- C:\Program Files\Outlook Express 2010-03-21 14:01:27 ----D---- C:\Program Files\Fichiers communs\System 2010-03-21 14:00:55 ----D---- C:\WINDOWS\system32\oobe 2010-03-21 14:00:52 ----D---- C:\WINDOWS\system32\usmt 2010-03-21 14:00:48 ----D---- C:\WINDOWS\system 2010-03-21 13:57:49 ----RD---- C:\WINDOWS\Web 2010-03-21 13:57:02 ----RASH---- C:\NTDETECT.COM 2010-03-21 13:52:56 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-21 13:45:53 ----D---- C:\WINDOWS\EHome 2010-03-21 12:02:42 ----D---- C:\WINDOWS\system32\1036 2010-03-21 12:02:37 ----D---- C:\WINDOWS\Media 2010-03-21 12:02:31 ----D---- C:\WINDOWS\twain_32 2010-03-21 12:01:57 ----D---- C:\WINDOWS\system32\icsxml 2010-03-21 12:00:58 ----D---- C:\WINDOWS\system32\1033 2010-03-21 11:59:18 ----D---- C:\WINDOWS\Driver Cache 2010-03-21 11:44:10 ----D---- C:\WINDOWS\Registration 2010-03-21 11:39:08 ----SHD---- C:\System Volume Information 2010-03-21 11:36:55 ----D---- C:\WINDOWS\system32\config 2010-03-21 11:36:55 ----D---- C:\WINDOWS\nview 2010-03-21 11:30:38 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-21 11:30:33 ----A---- C:\WINDOWS\ODBCINST.INI 2010-03-21 11:30:02 ----D---- C:\WINDOWS\system32\ias 2010-03-21 11:29:09 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-03-21 11:10:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2010-03-21 09:50:03 ----D---- C:\WINDOWS\SoftwareDistribution 2010-03-16 12:01:37 ----D---- C:\CD_Beton_03_Contexts 2010-03-08 23:20:52 ----D---- C:\Documents and Settings\Emmanuel\Application Data\Skype 2010-03-08 21:02:36 ----D---- C:\Documents and Settings\Emmanuel\Application Data\skypePM 2010-03-03 13:17:19 ----D---- C:\Program Files\Microsoft Works 2010-02-28 15:33:34 ----D---- C:\Games ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys [] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1998-11-12 25920] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-18 278728] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-18 25416] R3 DCamUSBET;Micrometrics 122CU; C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 88704] R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120] R3 FiltUSBET;ET USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-12 103680] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [] R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-23 908000] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 ScanUSBET;ET USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 5760] R3 SFC4;SFC4; C:\WINDOWS\System32\drivers\SFC4.sys [1998-09-16 41472] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2008-10-14 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE [2008-10-14 117400] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe [2008-10-14 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2008-10-14 510560] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2008-10-14 55904] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-28 19456] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-08-28 79360] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Par contre pas d'info.txt dans la barre des taches, ni dans c:\rsit (c'est celui d'il y a 2 jours) Emmanuel
  9. Emmanuel007
    Salut, Il y a bien 2 éléments mis en quarantaine par FS 2009. Ils sont dans : c:\syteme volume restoration\_restore{...\A0006004.0xe c:\syteme volume restoration\_restore{...\A0000296.0xe Ce matin, le rapport FS secure était vide (et j'en était évidemment étonné) Le 2ème rapport de MBAM débuté à midi est nickel : **************************** Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3910 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 25/03/2010 17:36:11 mbam-log-2010-03-25 (17-36-11).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 280482 Temps écoulé: 1 hour(s), 42 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ****************************** A 17h36 je suis rentré et fermé une fenêtre FSecure, ce qui a clot le rapport MBAM (qui était fini depuis au moins 4 heures) puisque débuté vers midi. Emmanuel
  10. Emmanuel007
    Bonjour, j'ai suivi la procédure hier soir, ci-après le log (que j'ai retrouvé) N'ayant pas réussi à retrouver le log (il est dans application data ! et non dans program files) j'ai relancé le logiciel en matinée, le nouveau log est ok. Seul bémol, pendant les scan, même le dernier qui est nickel, mon antivirus (FS 2009 depuis ma réinstallation, car FS 2010 était une promotion pour mon abonnement 2 ans --> avril 2011 et donc maintenant indisponible) détecte des trojans backdoor ??? ************************************* Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3910 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 25/03/2010 07:02:54 mbam-log-2010-03-25 (07-02-54).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 281467 Temps écoulé: 2 hour(s), 7 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Emmanuel\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Emmanuel\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Emmanuel\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\Systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. ********************************** Merci pour tout, Emmanuel Quelle galère, même protégé, c'est pas fini....
  11. Emmanuel007
    Bonjour, Crée ton post (en haut nouveau) je suis sur que l'on va bien suivre ton pb (je le connais..) Voir l'entête (J'ai utilisé SRENG2 ERUNT OTM qui a redémarré le système. Au redémarrage, il s'est lancé puis fermé et là tout est revenu) Zlob, c'est le nom du virus... Emmanuel
  12. Emmanuel007
    Bonjour et merci de ton aide, Voici le log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Emmanuel at 2010-03-23 10:29:26 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 11 GB (14%) free of 79 GB Total RAM: 511 MB (29% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:47, on 23/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\etMon.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Emmanuel\Bureau\RSIT.exe C:\Program Files\trend micro\Emmanuel.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (file missing) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (file missing) O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe O4 - HKLM\..\Run: [soundMan] c:\windows\system32\sndvol32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 5598 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}] NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}] Browsing Protection Class - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "etMonitor"=C:\WINDOWS\etMon.exe [2005-07-26 40960] "SoundMan"=c:\windows\system32\sndvol32.exe [2001-08-28 139264] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "SchedulingAgent"=mstinit.exe /firstlogon [] "F-Secure Manager"=C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE [2008-10-14 182936] "F-Secure TNB"=C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe [2008-10-14 957024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\windows\system32\upnpui.dll [2004-08-19 240128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "Locktaskbar"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\Program Files\3DO\Scenarios\uTorrent\uTorrent.exe"="C:\Program Files\3DO\Scenarios\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\Emmanuel\Application Data\U3\0D506361107198A9\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="C:\Documents and Settings\Emmanuel\Application Data\U3\0D506361107198A9\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5de680a-5b96-11db-99ba-00012921c9d1}] shell\AutoRun\command - G:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2010-03-23 10:29:30 ----D---- C:\Program Files\trend micro 2010-03-23 10:29:26 ----D---- C:\rsit 2010-03-22 22:36:28 ----A---- C:\TCleaner.txt 2010-03-22 22:36:15 ----D---- C:\WINDOWS\Temp 2010-03-21 19:02:47 ----D---- C:\_OTM 2010-03-21 18:58:43 ----D---- C:\WINDOWS\ERDNT 2010-03-21 18:57:55 ----D---- C:\Program Files\ERUNT 2010-03-21 16:12:11 ----D---- C:\Program Files\F-Secure Internet Security 2010-03-21 15:39:35 ----A---- C:\cwshredder.exe 2010-03-21 15:37:17 ----A---- C:\rundll32.exe 2010-03-21 15:37:10 ----A---- C:\WINDOWS\rundll32.exe 2010-03-21 15:13:59 ----D---- C:\Program Files\Support Tools 2010-03-21 14:16:36 ----D---- C:\WINDOWS\Prefetch 2010-03-21 13:46:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-03-21 11:31:02 ----A---- C:\WINDOWS\system32\cnbjmon2.dll 2010-03-21 11:29:18 ----RD---- C:\WINDOWS\Offline Web Pages 2010-03-21 11:29:18 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrslv.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrdm.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2010-03-21 11:28:44 ----A---- C:\WINDOWS\system32\racpldlg.dll 2010-03-21 11:28:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2010-03-21 11:28:42 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2010-03-21 11:28:41 ----A---- C:\WINDOWS\system32\inetres.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\isign32.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\inetcfg.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\icwphbk.dll 2010-03-21 11:28:39 ----A---- C:\WINDOWS\system32\icwdial.dll 2010-03-21 11:28:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2010-03-21 11:28:33 ----A---- C:\WINDOWS\system32\qmgr.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srsvc.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srrstr.dll 2010-03-21 11:28:27 ----A---- C:\WINDOWS\system32\srclient.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\msconf.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\mnmdd.dll 2010-03-21 11:28:26 ----A---- C:\WINDOWS\system32\ils.dll 2010-03-21 11:28:22 ----A---- C:\WINDOWS\system32\msoert2.dll 2010-03-21 11:28:22 ----A---- C:\WINDOWS\system32\msoeacct.dll 2010-03-21 11:28:21 ----A---- C:\WINDOWS\system32\schedsvc.dll 2010-03-21 11:28:21 ----A---- C:\WINDOWS\system32\inetcomm.dll 2010-03-21 11:28:20 ----A---- C:\WINDOWS\system32\mstinit.exe 2010-03-21 11:28:20 ----A---- C:\WINDOWS\system32\mstask.dll 2010-03-21 11:26:42 ----D---- C:\Program Files\ComPlus Applications 2010-03-21 11:26:27 ----HD---- C:\Program Files\WindowsUpdate 2010-03-21 11:26:27 ----D---- C:\Program Files\Services en ligne 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\sndrec32.exe 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\hypertrm.dll 2010-03-21 11:26:20 ----A---- C:\WINDOWS\system32\accwiz.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\rdshost.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\qprocess.exe 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\mtxoci.dll 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2010-03-21 11:26:19 ----A---- C:\WINDOWS\system32\msdtctm.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\xolehlp.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\msdtclog.dll 2010-03-21 11:26:18 ----A---- C:\WINDOWS\system32\msdtc.exe 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\comuid.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\colbact.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\clbcatex.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\catsrvps.dll 2010-03-21 11:26:17 ----A---- C:\WINDOWS\system32\catsrv.dll 2010-03-21 11:26:16 ----A---- C:\WINDOWS\system32\clbcatq.dll 2010-03-21 11:26:12 ----A---- C:\WINDOWS\system32\servdeps.dll 2010-03-21 11:26:12 ----A---- C:\WINDOWS\system32\mmfutil.dll 2010-03-21 11:26:11 ----A---- C:\WINDOWS\system32\cmprops.dll 2010-03-21 11:26:06 ----D---- C:\Program Files\MSN 2010-03-21 11:26:06 ----A---- C:\WINDOWS\system32\mplay32.exe 2010-03-21 11:26:04 ----A---- C:\WINDOWS\system32\mspaint.exe 2010-03-21 11:26:04 ----A---- C:\WINDOWS\system32\clipbrd.exe 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuauserv.dll 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuaueng.dll 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\wuauclt.exe 2010-03-21 11:26:03 ----A---- C:\WINDOWS\system32\spider.exe 2010-03-21 11:26:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2010-03-21 11:26:02 ----A---- C:\WINDOWS\system32\mstscax.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\sessmgr.exe 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\remotepg.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\rdchost.dll 2010-03-21 11:26:01 ----A---- C:\WINDOWS\system32\mstsc.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\termsrv.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\rdpclip.exe 2010-03-21 11:26:00 ----A---- C:\WINDOWS\system32\icaapi.dll 2010-03-21 11:25:59 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2010-03-21 11:25:59 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2010-03-21 11:25:58 ----A---- C:\WINDOWS\system32\catsrvut.dll 2010-03-21 11:25:57 ----A---- C:\WINDOWS\system32\comsvcs.dll 2010-03-21 11:25:51 ----A---- C:\WINDOWS\system32\licwmi.dll 2010-03-21 11:21:51 ----A---- C:\WINDOWS\pnplog.txt 2010-03-21 11:12:41 ----A---- C:\WINDOWS\system32\ksuser.dll 2010-03-21 11:10:25 ----A---- C:\WINDOWS\system32\irclass.dll 2010-03-21 11:10:24 ----A---- C:\WINDOWS\system32\spxcoins.dll 2010-03-21 11:10:23 ----A---- C:\WINDOWS\system32\storprop.dll 2010-03-21 09:48:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2010-03-10 22:59:07 ----D---- C:\Documents and Settings\Emmanuel\Application Data\DassaultSystemes ======List of files/folders modified in the last 1 months====== 2010-03-23 10:29:30 ----RD---- C:\Program Files 2010-03-22 22:36:15 ----D---- C:\WINDOWS 2010-03-22 19:53:25 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-22 07:26:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-21 17:38:17 ----SHD---- C:\RECYCLER 2010-03-21 16:14:25 ----D---- C:\WINDOWS\system32 2010-03-21 16:14:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-21 16:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\fssg 2010-03-21 15:55:36 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-21 15:14:11 ----SHD---- C:\WINDOWS\Installer 2010-03-21 15:14:05 ----D---- C:\WINDOWS\Help 2010-03-21 15:01:01 ----D---- C:\WINDOWS\Debug 2010-03-21 14:59:48 ----D---- C:\WINDOWS\security 2010-03-21 14:46:18 ----D---- C:\Documents and Settings\Emmanuel\Application Data\uTorrent 2010-03-21 14:44:43 ----ASH---- C:\boot.ini 2010-03-21 14:44:43 ----A---- C:\WINDOWS\win.ini 2010-03-21 14:44:43 ----A---- C:\WINDOWS\system.ini 2010-03-21 14:19:43 ----A---- C:\WINDOWS\imsins.BAK 2010-03-21 14:19:34 ----D---- C:\WINDOWS\system32\inetsrv 2010-03-21 14:18:21 ----HD---- C:\WINDOWS\inf 2010-03-21 14:17:00 ----A---- C:\WINDOWS\setuplog.txt 2010-03-21 14:15:56 ----D---- C:\WINDOWS\AppPatch 2010-03-21 14:15:55 ----D---- C:\WINDOWS\system32\wbem 2010-03-21 14:15:54 ----RSD---- C:\WINDOWS\Fonts 2010-03-21 14:15:45 ----D---- C:\WINDOWS\system32\drivers 2010-03-21 14:12:27 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-21 14:08:39 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-21 14:08:38 ----D---- C:\WINDOWS\system32\Setup 2010-03-21 14:08:33 ----D---- C:\WINDOWS\ime 2010-03-21 14:02:00 ----D---- C:\Program Files\Movie Maker 2010-03-21 14:02:00 ----D---- C:\Program Files\Internet Explorer 2010-03-21 14:01:58 ----D---- C:\WINDOWS\system32\Restore 2010-03-21 14:01:57 ----D---- C:\WINDOWS\system32\npp 2010-03-21 14:01:57 ----D---- C:\WINDOWS\msagent 2010-03-21 14:01:53 ----D---- C:\WINDOWS\srchasst 2010-03-21 14:01:50 ----D---- C:\Program Files\NetMeeting 2010-03-21 14:01:46 ----D---- C:\WINDOWS\system32\Com 2010-03-21 14:01:42 ----D---- C:\Program Files\Windows Media Player 2010-03-21 14:01:40 ----D---- C:\Program Files\Windows NT 2010-03-21 14:01:39 ----D---- C:\Program Files\Outlook Express 2010-03-21 14:01:27 ----D---- C:\Program Files\Fichiers communs\System 2010-03-21 14:00:55 ----D---- C:\WINDOWS\system32\oobe 2010-03-21 14:00:52 ----D---- C:\WINDOWS\system32\usmt 2010-03-21 14:00:48 ----D---- C:\WINDOWS\system 2010-03-21 13:57:49 ----RD---- C:\WINDOWS\Web 2010-03-21 13:57:02 ----RASH---- C:\NTDETECT.COM 2010-03-21 13:52:56 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-21 13:45:53 ----D---- C:\WINDOWS\EHome 2010-03-21 12:02:42 ----D---- C:\WINDOWS\system32\1036 2010-03-21 12:02:37 ----D---- C:\WINDOWS\Media 2010-03-21 12:02:31 ----D---- C:\WINDOWS\twain_32 2010-03-21 12:01:57 ----D---- C:\WINDOWS\system32\icsxml 2010-03-21 12:00:58 ----D---- C:\WINDOWS\system32\1033 2010-03-21 11:59:18 ----D---- C:\WINDOWS\Driver Cache 2010-03-21 11:44:10 ----D---- C:\WINDOWS\Registration 2010-03-21 11:40:42 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-21 11:39:08 ----SHD---- C:\System Volume Information 2010-03-21 11:36:55 ----D---- C:\WINDOWS\system32\config 2010-03-21 11:36:55 ----D---- C:\WINDOWS\nview 2010-03-21 11:30:45 ----A---- C:\WINDOWS\OEWABLog.txt 2010-03-21 11:30:38 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-21 11:30:33 ----A---- C:\WINDOWS\ODBCINST.INI 2010-03-21 11:30:02 ----D---- C:\WINDOWS\system32\ias 2010-03-21 11:29:09 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-03-21 11:10:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2010-03-21 09:50:03 ----D---- C:\WINDOWS\SoftwareDistribution 2010-03-20 17:40:25 ----D---- C:\Program Files\Paint Shop Pro 6 2010-03-18 16:48:00 ----D---- C:\Program Files\Visioimg 2010-03-16 19:02:30 ----A---- C:\WINDOWS\Ulead32.ini 2010-03-16 12:01:37 ----D---- C:\CD_Beton_03_Contexts 2010-03-11 07:39:15 ----D---- C:\WINDOWS\Minidump 2010-03-08 23:20:52 ----D---- C:\Documents and Settings\Emmanuel\Application Data\Skype 2010-03-08 21:02:36 ----D---- C:\Documents and Settings\Emmanuel\Application Data\skypePM 2010-03-03 13:17:19 ----D---- C:\Program Files\Microsoft Works 2010-02-28 15:33:34 ----D---- C:\Games 2010-02-25 00:14:30 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys [] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1998-11-12 25920] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-18 278728] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-18 25416] R3 DCamUSBET;Micrometrics 122CU; C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 88704] R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120] R3 FiltUSBET;ET USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-12 103680] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [] R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-23 908000] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 ScanUSBET;ET USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 5760] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SFC4;SFC4; C:\WINDOWS\System32\drivers\SFC4.sys [1998-09-16 41472] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2008-10-14 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE [2008-10-14 117400] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe [2008-10-14 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2008-10-14 510560] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2008-10-14 55904] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-28 19456] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-08-28 79360] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Voici info.txt info.txt logfile of random's system information tool 1.06 2010-03-23 10:29:54 ======Uninstall list====== -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" -->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" -->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield" -->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget" -->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NAC Support" -->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS" -->"C:\Program Files\F-Secure\Uninstall\fsuninst.exe" /UninstRegKey:"News Service" -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Add-in ODF pour Microsoft Word-->MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Canon S400-->C:\WINDOWS\system32\CNMCP2P.exe "-PRINTERNAMECanon S400" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S400 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S400 Installer\Inst2\cnmi0409.dll" Capb2i V3.2-->"C:\Program Files\Capb2i V3.2\unins000.exe" Carcassonne-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}\setup.exe" CinemaForge-->C:\WINDOWS\system32\xmirage.exe c:\program files\CinemaForge\UninstallCF.xmfg Colonization for Windows - www.classic-gaming.net-->"C:\Program Files\CGN\Colonization for Windows\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe" dBpowerAMP-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP.dat DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" eDrawings 2007-->MsiExec.exe /I{90671EEE-B4F8-424C-A2F9-CB4FB819EFA5} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" Flatbed Scanner v1.40-->C:\WINDOWS\twain_32\A4CIS600\UNINST.EXE Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe" Free PDF to Word Converter 1.5-->"C:\Program Files\Free PDF to Word Converter\unins000.exe" FreeMind-->"C:\Program Files\FreeMind\unins000.exe" F-Secure Internet Security 2009-->"C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall F-Secure PSC Prerequisites-->MsiExec.exe /I{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3} Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe" Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x40c Heroes of Might and Magic® III The Shadow of Death-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll HijackThis 2.0.2-->"C:\Documents and Settings\Emmanuel\Mes documents\Logiciels\HijackThis.exe" /uninstall IKEA HomePlanner Office-->MsiExec.exe /I{EA8A00F7-42F3-451A-8FE6-B0947FDC393D} Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iPhoto Plus 4-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu" IZArc 3.6-->"C:\Program Files\IZArc\unins000.exe" Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Jedi Knight de LucasArts-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LucasArts\Jedi Knight\DeIsL1.isu" KalOnlineEng-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D7F824B-6744-4C30-B78B-0966E9BD461D}\Setup.exe" -l0x9 K-Lite Codec Pack 2.75 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Les Aventures de Porcinet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D6FB37A-CBCA-11D6-8940-0002A5E32BEF}\setup.exe" Les Aventures de Porcinet Lupas Rename 2000 v4.2-->"C:\Program Files\Lupas Rename 2000\unins000.exe" Machines & Matériaux 1.0-->"C:\Program Files\M&m\unins000.exe" Ma-Config.com plugin-->MsiExec.exe /I{1EF0CD25-69FA-4A4A-9975-83E69C6F1886} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works 2000-->MsiExec.exe /I{8EB0AE92-5BAC-11D3-AF2F-00C04F443448} Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL Net Transport 1.87.258-->"C:\Program Files\Xi\NetTransport 2\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe" OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe" programme-->C:\Techno-flash\DecouvOrdi 2-1\DésinstallDecouvOrdi 2-1.exe QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8} Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B} Sid Meier's Civilization IV Colonization-->C:\Program Files\InstallShield Installation Information\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}\setup.exe -runfromtemp -l0x040c -removeonly Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SolidWorks eDrawings 2009-->MsiExec.exe /I{B10E8648-1EC1-4FE8-B7C9-18C70CD48172} Starship Troopers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{978A2104-8363-11D4-AA23-0000E889C4DA}\Setup.exe" Sweet Home 3D version 2.0-->"C:\Program Files\Sweet Home 3D\unins000.exe" TextBridge Classic-->"C:\PROGRA~1\TEXTBR~1\bin\setup.exe" -funinstal.ins USB Video Device Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3D5ECF7-7AE4-4B53-8A7E-1F850D6AE6B4}\Setup.exe" Video Download Capture V2.1.9-->"C:\Program Files\Apowersoft\Video Download Capture\unins000.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u VirtualDub-MPEG2 v1.6.19 b24587 Fr-->"C:\Program Files\VirtualDub-MPEG2\unins000.exe" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe West Point Bridge Designer 2007-->C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini" WinBirds 4.0-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\SITTELLE\WinBirds 4.0\DeIsL1.isu" -c"C:\Program Files\SITTELLE\WinBirds 4.0\_ISREG32.DLL" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B} Windows XP Service Pack 2-->C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe WinHTTrack Website Copier 3.40-2-->"C:\Program Files\WinHTTrack\unins000.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: F-Secure Internet Security 2009 9.00 FW: F-Secure Internet Security 2009 9.00 ======System event log====== Computer Name: EMMANUEL Event Code: 7036 Message: Le service Téléphonie est entré dans l'état : en cours d'exécution. Record Number: 58532 Source Name: Service Control Manager Time Written: 20100227041326.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service F-Secure Anti-Virus Firewall Daemon. Record Number: 58531 Source Name: Service Control Manager Time Written: 20100227041325.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: EMMANUEL Event Code: 7036 Message: Le service F-Secure ORSP Client est entré dans l'état : en cours d'exécution. Record Number: 58530 Source Name: Service Control Manager Time Written: 20100227041325.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 7036 Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution. Record Number: 58529 Source Name: Service Control Manager Time Written: 20100227041324.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service F-Secure ORSP Client. Record Number: 58528 Source Name: Service Control Manager Time Written: 20100227041324.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: EMMANUEL Event Code: 103 Message: wuaueng.dll (3196) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0). Record Number: 13944 Source Name: ESENT Time Written: 20100316104422.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 102 Message: wuaueng.dll (3196) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 13943 Source Name: ESENT Time Written: 20100316103919.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 100 Message: wuauclt (3196) Le moteur de base de données 5.01.2600.2180 est démarré. Record Number: 13942 Source Name: ESENT Time Written: 20100316103919.000000+060 Event Type: Informations User: Computer Name: EMMANUEL Event Code: 103 Message: Record Number: 13941 Source Name: Message from F-Secure Anti-Virus on Time Written: 20100316103909.000000+060 Event Type: erreur User: Computer Name: EMMANUEL Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 13940 Source Name: SecurityCenter Time Written: 20100316103842.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Support Tools\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0207 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip -----------------EOF-----------------
  13. Emmanuel007
    Bonjour, J'ai été infecté hier par quelque chose comme XP antimalware 2010... Je ne comprends pas comment c'est arrivé, ma femme utilisait un logiciel de notes sur Internet le matin et quand j'ai récupéré mon poste, FSECURE avait disparu et la seule sécurité visible (?) était XP Anti-Malware 2010 qui détectait une cinquantaine de virus.....(voulez-vous vous enregistrer ...) aussi j'ai fermé toutes les fenêtres car j'ai confiance en mon antivirus et redémarré. Mon antivirus était plombé. J'ai réinstallé windows XP, réinstallé FSECURE de façon anarchique puis j'ai tenté vers 18 h après 8 heures d'acharnement à suivre une procédure analogue (sur pcastuces) d'un autre au même moment ou presque (sinon , j'allais certainement au reformatage) J'ai utilisé SRENG2 ERUNT OTM qui a redémarré le système. Au redémarrage, il s'est lancé puis fermé et là tout est revenu. Je n'en reviens pas encore que FS 2010 Internet Security ai eu une faille alors que depuis 3 ans c'était nickel. Quelqu'un peut-il me rassurer, le virus est-il bien effacé ? J'ai un log de hijackthis202. Emmanuel PS : merci Thanos
×
×
  • Créer...