pecko14
-
Compteur de contenus
292 -
Inscription
-
Dernière visite
Tout ce qui a été posté par pecko14
-
Si j'utilise la méthode de Sogno, faut-il tout de même que je recopie toutes les clés pour chaque soft et les faire fusionner ensuite? Ou n'ai-je besoin que de la clé écrite par Sogno? Que me conseilles-tu de faire?
-
Salut! Effectivement cela m'était arrivé plusieurs jours après l'installation de SMR pour Firefox. Je vais suivre ta procédure et je te tiens au courant oGu. Encore merci.
-
Ok merci messieurs!!!! (ou mesdames en fait... ) Je vais voir tout cela dés que possible et je vous donnerai des retours dés demain. Par contre, la dernière fois, à chaque fois que je voulais lancer Firefox, une fenêtre apparaissait me demandant avec quel compte d'utilisateur je souhaitais ouvrir ce programme. Thanos m'a aidé en créant un fichier fix.reg et depuis tout va mieux. Cela ne risque pas de recommencer si je recréé des clés avec SMR?
-
Bonjour à tous! Il y a peu de temps, j'ai installé le programme StripMyRights sur les conseils de oGu afin de sécuriser un peu plus mon système. J'ai lu le tuto réalisé par oGu à ce sujet (très bon tuto en passant!) et j'y ai appris pas mal de choses. Cependant il me reste quelques petites questions que j'aimerai voir s'éclaircir car je suis novice. 1) Etant donné que je lance toutes mes applications via des raccourcis se trouvant sur le bureau, dois-je créer les clés pour ces raccourcis ou bien suivre la procédure normale?? 2) J'ai entendu parler d'une clé pour sécuriser tout le bureau d'un coup... Cela serait-il donc une solution plus simple dans mon cas? 3) Est-il possible de créer des clés pour des programmes tels que LimeWire ou du genre Sopcast (je sais ce n'est pas très prudent de ma part ) ?? Merci pour vos conseils éclairés qui, j'en suis certain, me seront fort utiles.
-
En savoir plus
Merci à toi pour ton aide. Tu as été très patient et a bien su m'expliquer tout ça. Merci mille fois de m'avoir rendu ce service. T'es un vrai chef!!!
-
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Merci pour tout Thanos!!! J'ai juste une petite question Thanos... Le pare-feu Windows qui est d'origine sur mon ordinateur ne suffit-il pas ou n'est-il pas assez performant? Sinon je vais faire tout le reste dés que possible. Oups! Je viens juste de m'apercevoir que tu me disais plus haut que le pare-feu Windows n'était pas efficace!!! Donc j'en changerai aussi. Encore merci à toi pour ton aide si précieuse et ta patience. @+ -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Je n'ai aucune fenêtre de ce type qui apparaît lorsque j'ouvre Outlook (que je n'utilise jamais) ou Windows Live Messenger (que j'utilise très rarement). A priori je n'ai plus de souci avec cette fenêtre, et tant mieux. Je vais lire le tuto de oGu a propos de StripMyRights parce que j'aimerai bien en apprendre un peu plus sur ce logiciel, donc merci pour le lien!! On peut maintenant passer à la suite dés que tu seras prêt. Fais moi signe. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Bien joué Thanos!!!! T'es un chef. Cette stupide fenêtre n'apparaît plus lorsque j'ouvre Firefox. Merci pour tout. Cependant tu te trompais car ça ne me faisait absolument pas la même chose avec OutLook ni MSN, enfin je ne crois pas. Vu que tu m'as réparé ça en touchant au registre, je me demande s'il est possible que je me sois fais ça tout seul en utilisant CCleaner et notamment en corrigeant les erreurs que celui-ci pouvait me trouver sur le registre??? Qu'est-ce que t'en dis? Encore merci à toi Thanos. Dis moi ce que je dois faire maintenant (à moins que ce ne soit terminé). Et je voulais aussi savoir ce que je dois faire des logiciels RSIT et JavaRa? Dois-je les conserver ou non? -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Voici le rapport de look.bat : ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100000007000B000000000007000B0000003F0000000 20000000400010001000000000000000000000000000000440000000100560061007200460069006C 00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F0 06E00000000000904E404F0030000010053007400720069006E006700460069006C00650049006E00 66006F000000CC03000001003000340030003900300034004500340000004A001900010043006F006 D006D0065006E007400730000004300720079007300740061006C002000530051004C002000440065 007300690067006E0065007200200037002E0030000000000088003400010043006F006D007000610 06E0079004E0061006D006500000000005300650061006700610074006500200053006F0066007400 7700610072006500200049006E0066006F0072006D006100740069006F006E0020004D0061006E006 100670065006D0065006E0074002000470072006F00750070002C00200049006E0063002E000000AE 00450001004C006500670061006C0043006F007000790072006900670068007400000043006F00700 07900720069006700680074002000280063002900200031003900390031002D003100390039001000 000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe ApplicationGoo REG_BINARY 5409000054020000000200008C0334000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE000001000200A8112E0400000200A8112E0400003F0000002 00000000400000001000000000000000000000000000000EC020000010053007400720069006E0067 00460069006C00650049006E0066006F000000C802000001003000300030003000300034006200300 0000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C00 2000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E006 1006D006500000000005300410050002000410047002C002000570061006C006C0064006F00720066 00000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E0 0000000005300410050002000460072006F006E00740065006E006400200066006F00720020005700 69006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006 F006E000000000034003500320030002E0032002E0030002E00310030003700300000003200090001 0049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E0 05400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200 000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000 100530065007200760069006300650020005000610063006B00200033000000230054020000000200 008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F000000000 0BD04EFFE0000010003009E112604000003009E11260400003F000000200000000400000001000000 000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006 E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F 006D006D0065006E007400730000004F007200690067006E0061006C0020005600650072007300690 06F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300 410050002000410047002C002000570061006C006C0064006F0072006600000000005A00190001004 60069006C0065004400650073006300720069007000740069006F006E000000000053004100500020 00460072006F006E00740065006E006400200066006F0072002000570069006E0064006F007700730 0000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500 310030002E0033002E0030002E003100300036003200000032000900010049006E007400650072006 E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001 004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0 000003CFD060004000000000000006505000002000000030000000000010053006500720076006900 6300650020005000610063006B0020003300000023005402000000020000200334000000560053005 F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000004 00F003000000000400F00300003F00000000000000040001000100000000000000000000000000000 07E020000010053007400720069006E006700460069006C00650049006E0066006F0000005A020000 01003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004 E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065 004400650073006300720069007000740069006F006E00000000005300410050002000460072006F0 06E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003600 0B000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002 E003100300030003800000000002C000600010049006E007400650072006E0061006C004E0061006D 0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790 072006900670068007400000043006F0070007900720069006700680074002000A900200031003900 390033002D0031003900390037002000530041005000200041004700000000002800000001004C006 500670061006C0054007200610064000200000000000000010000004C0000003CFD06000400000000 000000650500000200000003000000000001005300650072007600690063006500200050006100630 06B0020003300000023005402000000020000180334000000560053005F0056004500520053004900 4F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400DD03000000000400DD030 0003F0000000000000004000100010000000000000000000000000000007802000001005300740072 0069006E006700460069006C00650049006E0066006F0000005402000001003000340030003900300 034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000 530041005000200041004700000000005A0019000100460069006C006500440065007300630072006 9007000740069006F006E00000000005300410050002000460072006F006E00740065006E00640020 0066006F0072002000570069006E0064006F00770073000000000034000A000100460069006C00650 0560065007200730069006F006E000000000034002E0030002E0030002E0039003800390000002C00 0600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E0054000 0005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F 0070007900720069006700680074002000A900200031003900390033002D003100390039003700200 0530041005000200041004700000000002800000001004C006500670061006C005400720061006400 65006D000200000000000000010000004C0000003CFD0600040000000000000065050000020000000 300000000000100530065007200760069006300650020005000610063006B002000330000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe ApplicationGoo REG_BINARY 5802000054020000000200006C0734000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F0000000 00000000400040001000000000000000000000000000000CC060000010053007400720069006E0067 00460069006C00650049006E0066006F0000005403000001003000340030003900300034004200300 0000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D007000 61006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006 F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073 006300720069007000740069006F006E00000000004D006900630072006F0073006F0066007400200 0450078006300680061006E0067006500200053006500720076006500720020005300650074007500 7000000036000B000100460069006C006500560065007200730069006F006E000000000035002E003 5002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C 004E0061006D00650000005300650074007500700000009C003C0001004C006500670061006C00430 06F007000790072006900670068007400000043006F00700079007200690067006800740020000200 000000000000010000004C0000003CFD0600050000000000000065050000020000000300000002000 000530065007200760069006300650020005000610063006B002000340000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100010001000C000000010001000C000000000000000 00000000400000001000000000000000000000000000000440000000000560061007200460069006C 00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F0 06E00000000000904B004A4010000010053007400720069006E006700460069006C00650049006E00 66006F00000080010000010030003400300039003000340042003000000040002000010043006F006 D00700061006E0079004E0061006D00650000000000440065004C006F0072006D00650020004D0061 007000700069006E0067000000440022000100500072006F0064007500630074004E0061006D00650 0000000005200650067002000280044004C0069006200620079005C006D0073006600290000000000 340014000100460069006C006500560065007200730069006F006E000000000031002E00300031002 E0030003000310032000000380014000100500072006F006400750063007400560065007200730069 006F006E00000031002E00300031002E003000300031003200000034001200010049006E007400650 072006E0061006C004E0061006D00650000004D004E00470052004500470033003200000000000200 000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000 100530065007200760069006300650020005000610063006B002000330000002300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msnmsgr.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE GlobalFlag REG_SZ 0x00200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE GlobalFlag REG_SZ 0x00200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe ApplicationGoo REG_BINARY 140200001002000000020000B40234000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100350007000000000035000700000000003F0000000 0000000040000000100000000000000000000000000000012020000010053007400720069006E0067 00460069006C00650049006E0066006F000000EE01000001003000340030003900300034006200300 0000042001100010043006F006D00700061006E0079004E0061006D00650000000000500065006F00 70006C00650053006F00660074002C00200049006E0063002E0000000000280000000100460069006 C0065004400650073006300720069007000740069006F006E00000000002A0005000100460069006C 006500560065007200730069006F006E000000000037002E0035003300000000009C003C0001004C0 06500670061006C0043006F007000790072006900670068007400000043006F007000790072006900 6700680074002000A900200031003900380038002D0031003900390038002000500065006F0070006 C00650053006F00660074002C00200049006E0063002E002000200041006C006C0020005200690067 0068007400730020005200650073006500720076006500640000003C000A0001004F0072006900670 069006E0061006C00460069006C0065006E0061006D00650000007000730064006D0074002E001000 000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F0000000 00000000400040001000000000000000000000000000000E4060000010053007400720069006E0067 00460069006C00650049006E0066006F0000006003000001003000340030003900300034004200300 0000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D007000 61006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006 F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073 006300720069007000740069006F006E00000000004D006900630072006F0073006F0066007400200 0450078006300680061006E0067006500200053006500720076006500720020005300650074007500 7000000036000B000100460069006C006500560065007200730069006F006E000000000035002E003 5002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C 004E0061006D00650000005300650074007500700000009E003D0001004C006500670061006C00430 06F007000790072006900670068007400000043006F00700079007200690067006800740020000200 000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000 000530065007200760069006300650020005000610063006B00200033000000240054020000000200 00A40834000000560053005F00560045005200530049004F004E005F0049004E0046004F000000000 0BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000 00000000000000000000000004080000010053007400720069006E006700460069006C00650049006 E0066006F000000F0030000010030003400300039003000340042003000000018000000010043006F 006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D0 06500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100 740069006F006E000000680020000100460069006C006500440065007300630072006900700074006 9006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E 00670065002000530065007200760065007200200053006500740075007000000036000B000100460 069006C006500560065007200730069006F006E000000000035002E0035002E003100390036003000 2E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005 30065007400750070000000A600410001004C006500670061006C0043006F00700079007200690067 0068007400000043006F00700079007200690067006800740020000200000000000000010000004C0 000003CFD060005000000000000006505000002000000000000000000000053006500720076006900 6300650020005000610063006B0020003300000024005402000000020000180434000000560053005 F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005 000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000 078030000010053007400720069006E006700460069006C00650049006E0066006F00000054030000 010030003400300039003000340042003000000018000000010043006F006D006D0065006E0074007 30000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D00690063 0072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680 020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D00 6900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007 200760065007200200053006500740075007000000036000B000100460069006C0065005600650072 00730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C00060 0010049006E007400650072006E0061006C004E0061006D0065000000530065007400750070000000 9A003B0001004C006500670061006C0043006F007000790072006900670068007400000043006F007 00079007200690067006800740020000200000000000000010000004C0000003CFD06000500000000 000000650500000200000000000000000000005300650072007600690063006500200050006100630 06B002000330000002400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE000001001C0008000000000000000800000000003F0000000 0000000040000000100000000000000000000000000000064020000010053007400720069006E0067 00460069006C00650049006E0066006F0000004002000001003000340030003900300034006200300 0000044001200010043006F006D00700061006E0079004E0061006D0065000000000043006F007200 65006C00200043006F00720070006F0072006100740069006F006E0000004E0013000100460069006 C0065004400650073006300720069007000740069006F006E000000000043006F00720065006C0020 00530065007400750070002000570069007A00610072006400000000002C0006000100460069006C0 06500560065007200730069006F006E000000000038002E0030003200380000004600130001004900 6E007400650072006E0061006C004E0061006D006500000043006F00720065006C002000530065007 400750070002000570069007A00610072006400000000006C00240001004C006500670061006C0043 006F007000790072006900670068007400000043006F0070007900720069006700680074002000A90 0200031003900390037002C00200043006F00720065006C00200043006F00720070006F0072000800 000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thunderbird.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE DisableHeapLookAside REG_SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll CheckAppHelp REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE ApplicationGoo REG_BINARY 1402000010020000000200007C0334000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100000001000900260000000100090026003F0000000 00000000400000001000000000000000000000000000000DC020000010053007400720069006E0067 00460069006C00650049006E0066006F000000B802000001003000340030003900300034006200300 0000066002700010043006F006D006D0065006E0074007300000042007500730069006E0065007300 7300200049006E00740065006C006C006900670065006E006300650020006F006E002000450076006 5007200790020004400650073006B0074006F0070000000000048001400010043006F006D00700061 006E0079004E0061006D0065000000000043006F0067006E006F007300200049006E0063006F00720 070006F0072006100740065006400000060001C000100460069006C00650044006500730063007200 69007000740069006F006E000000000043006F0067006E006F0073002000470065006E00650072006 9006300200049006E007300740061006C006C006100740069006F006E00000038000C000100460069 006C006500560065007200730069006F006E000000000031002C00200030002C002000330038002C0 020003900000030000800010049006E007400650072006E0061006C004E0061006D00650000000100 000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YahooMessenger.exe Debugger REG_SZ StripMyRights.exe /D /L N HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger REG_SZ ntsd -d GlobalFlag REG_SZ 0x000010F0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE ApplicationGoo REG_BINARY 140200001002000000020000A40234000000560053005F00560045005200530049004F004E005F00 49004E0046004F0000000000BD04EFFE00000100000001000100000000000100010000003F0000000 0000000010001000100000000000000000000000000000004020000010053007400720069006E0067 00460069006C00650049006E0066006F000000E001000001003000340030003900300034004500340 0000020000000010043006F006D00700061006E0079004E0061006D00650000000000580018000100 460069006C0065004400650073006300720069007000740069006F006E000000000049004E0053005 40041004C004C0020004D004600430020004100700070006C00690063006100740069006F006E0000 00300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E0 0300030003100000030000800010049006E007400650072006E0061006C004E0061006D0065000000 49004E005300540041004C004C0000002400000001004C006500670061006C0043006F00700079007 200690067006800740000002800000001004C006500670061006C00540072006100640065006D0061 0072006B0073000000000040000C0001004F0072006900670069006E0061006C00460069006C00650 06E0061006D006500000049004E005300540041004C004C002E004500580045000000300008000800 000000000000 Bon courage à toi! -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Salut! - Je n'ai jamais fait de manipulations sur StripMyRights car je ne sais pas trop comment ça marche, donc je ne m'y risque pas. - Je n'ai jamais fait non plus de modifications de permissions sur des dossiers - Et je n'ai pas installé l'onglet sécurité sur mon Windows (je ne sais même pas ce que c'est en fait...) Donc je ne jamais rien fait de tout cela, en tout cas pas de mon plein gré. Je télécharge le logiciel et te poste un rapport le plus vite possible. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Comment ça un "compte d'utilisateur limité"?? Je ne sais pas à quoi cela correspond. Je n'ai qu'un compte sur mon ordinateur et c'est de celui-là dont je me sers pour tout faire. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Ok merci. Surtout si tu as besoin d'un nouveau rapport n'hésite pas je suis là! -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
De plus, le pourcentage d'utilisation de l'UC est très variable (du moins lorsque Firefox est ouvert, sinon je ne sais pas il faut que je vérifie) passant de 2% à 16, puis 24 pour atteindre des pourcentages tels que 76 et même parfois 100%!!! Alors je n'y connais rien là dedans mais ça me paraît un peu louche quand même... Qu'en penses-tu? -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Salut! Merci pour m'avoir aidé à me débarrasser de ces malwares. Par contre j'ai fait ce que tu m'as dit pour Firefox et la fenêtre continue d'apparaitre. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Salut! Pour ce qui est de Firefox, la case "exécuter en utilisant d'autres informations d'identification" est déjà décochée... Si tu as d'autres idées à ce sujet, ça m'arrangerait par ce que cette fenêtre commence un petit peu à être pénible. Pour le reste , voici mon nouveau rapport RSIT : Logfile of random's system information tool 1.04 (written by random/random) Run by Pierrot at 2008-11-16 00:54:13 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 24 GB (21%) free of 114 GB Total RAM: 510 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:54:26, on 16/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Secunia\PSI (RC4)\psi.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Pierrot\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Pierrot.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7133 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-07-20 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-16 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-16 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-16 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-06-10 339968] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512] "PadTouch"=C:\Program Files\TOSHIBA\PadTouch\PadExe.exe [2004-02-12 1019904] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-27 184320] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-21 88363] "CeEPOWER"=C:\Program Files\TOSHIBA\Power Management\CePMTray.exe [2004-08-18 135168] ""= [] "CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-08-06 643072] "EzButton"=C:\Program Files\EzButton\EzButton.EXE [2004-07-07 712704] "TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-07-28 53248] "ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe [2004-07-14 24576] "SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-04-30 118784] "NDSTray.exe"=NDSTray.exe [] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-16 136600] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-07-20 122939] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-15 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-09-08 3513344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Pierrot\Menu Démarrer\Programmes\Démarrage Secunia PSI (RC4).lnk - C:\Program Files\Secunia\PSI (RC4)\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast" "C:\Documents and Settings\Pierrot\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Pierrot\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2008-11-16 00:46:24 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-16 00:46:24 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-16 00:46:24 ----A---- C:\WINDOWS\system32\java.exe 2008-11-16 00:46:24 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-14 23:30:25 ----D---- C:\Program Files\Secunia 2008-11-14 23:11:29 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2008-11-14 22:55:26 ----D---- C:\Program Files\VideoLAN 2008-11-14 00:52:57 ----D---- C:\rsit 2008-11-13 23:05:10 ----D---- C:\Program Files\baidu 2008-11-13 23:04:57 ----D---- C:\Documents and Settings\Pierrot\Application Data\PPMate 2008-11-13 23:04:54 ----D---- C:\Program Files\Fichiers communs\Synacast 2008-11-13 23:04:50 ----D---- C:\Program Files\PPMate 2008-11-13 23:02:33 ----D---- C:\Program Files\PeerTV 2008-11-13 23:01:34 ----D---- C:\Program Files\SopCast 2008-11-13 22:38:51 ----D---- C:\Program Files\Trend Micro 2008-11-12 22:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 22:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 22:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-12 19:15:48 ----D---- C:\Program Files\TVAnts 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\korwbrkr.dll 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\chtbrkr.dll 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\chsbrkr.dll 2008-11-12 18:50:36 ----A---- C:\WINDOWS\system32\msir3jp.dll 2008-11-12 18:50:24 ----A---- C:\WINDOWS\system32\kbd101a.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnecNT.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnecAT.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnec95.dll 2008-11-12 18:50:02 ----A---- C:\WINDOWS\system32\c_is2022.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbdkor.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbd103.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbd101c.dll 2008-11-12 18:49:31 ----A---- C:\WINDOWS\system32\kbd101b.dll 2008-11-12 18:49:30 ----A---- C:\WINDOWS\system32\kbd106.dll 2008-11-12 17:43:02 ----D---- C:\Program Files\Lavalys 2008-11-10 00:18:21 ----D---- C:\Documents and Settings\Pierrot\Application Data\dvdcss 2008-11-04 02:09:41 ----D---- C:\Program Files\MSECache 2008-10-24 19:40:46 ----A---- C:\WINDOWS\system32\StripMyRights.exe 2008-10-24 17:13:31 ----D---- C:\Program Files\hpHosts 2008-10-24 17:09:52 ----RASHD---- C:\winfile.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp2.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp1.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp.exe 2008-10-24 17:09:52 ----RASHD---- C:\sqlserv.exe 2008-10-24 17:09:52 ----RASHD---- C:\ravmon.log 2008-10-24 17:09:52 ----RASHD---- C:\ravmon.exe 2008-10-24 17:09:52 ----RASHD---- C:\msvcr71.dll 2008-10-24 17:09:52 ----RASHD---- C:\info.exe 2008-10-24 17:09:52 ----RASHD---- C:\host.exe 2008-10-24 17:09:52 ----RASHD---- C:\copy.exe 2008-10-24 17:09:52 ----RASHD---- C:\comment.htt 2008-10-24 17:09:52 ----RASHD---- C:\autorun.inf 2008-10-24 17:09:52 ----RASHD---- C:\adober.exe 2008-10-24 17:09:52 ----A---- C:\VaccinUSB.txt 2008-10-24 15:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-21 13:44:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-18 15:12:11 ----D---- C:\Program Files\MSXML 4.0 2008-10-18 02:24:00 ----D---- C:\Documents and Settings\Pierrot\Application Data\WinRAR 2008-10-17 19:26:59 ----D---- C:\Documents and Settings\Pierrot\Application Data\Teleca 2008-10-17 19:26:45 ----D---- C:\Documents and Settings\Pierrot\Application Data\Sony Ericsson 2008-10-17 19:22:25 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-10-17 19:22:17 ----D---- C:\Program Files\Fichiers communs\Teleca Shared 2008-10-17 19:22:15 ----D---- C:\Program Files\Sony Ericsson 2008-10-17 19:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca 2008-10-17 19:21:12 ----D---- C:\WINDOWS\Downloaded Installations 2008-10-17 19:16:55 ----D---- C:\Program Files\Disc2Phone 2008-10-17 18:44:18 ----D---- C:\Documents and Settings\Pierrot\Application Data\Sonic ======List of files/folders modified in the last 1 months====== 2008-11-16 00:54:19 ----D---- C:\WINDOWS\Prefetch 2008-11-16 00:46:47 ----SHD---- C:\WINDOWS\Installer 2008-11-16 00:46:27 ----D---- C:\WINDOWS\Temp 2008-11-16 00:46:24 ----D---- C:\WINDOWS\system32 2008-11-16 00:46:04 ----D---- C:\Program Files\Java 2008-11-16 00:37:40 ----D---- C:\Program Files\Mozilla Firefox 2008-11-16 00:25:16 ----D---- C:\WINDOWS 2008-11-16 00:24:50 ----D---- C:\WINDOWS\system32\Macromed 2008-11-15 04:00:33 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-15 03:49:39 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-15 03:49:38 ----HD---- C:\WINDOWS\inf 2008-11-15 03:04:29 ----D---- C:\Documents and Settings\Pierrot\Application Data\Skype 2008-11-15 02:24:27 ----D---- C:\Documents and Settings\Pierrot\Application Data\skypePM 2008-11-15 02:23:29 ----D---- C:\Program Files\CCleaner 2008-11-14 23:30:30 ----D---- C:\WINDOWS\system32\drivers 2008-11-14 23:30:25 ----RD---- C:\Program Files 2008-11-14 23:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-14 23:28:04 ----D---- C:\Program Files\Fichiers communs\Adobe 2008-11-14 23:27:34 ----D---- C:\Program Files\Adobe 2008-11-14 23:13:14 ----D---- C:\Program Files\Fichiers communs 2008-11-14 23:11:55 ----SD---- C:\WINDOWS\Tasks 2008-11-13 23:08:50 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-12 22:29:23 ----D---- C:\WINDOWS\Debug 2008-11-12 22:24:00 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 22:23:20 ----D---- C:\WINDOWS\WinSxS 2008-11-12 18:50:31 ----RSD---- C:\WINDOWS\Fonts 2008-11-12 18:50:28 ----D---- C:\WINDOWS\Help 2008-11-11 18:28:38 ----D---- C:\Documents and Settings\Pierrot\Application Data\LimeWire 2008-11-04 02:10:06 ----D---- C:\Program Files\Microsoft Office 2008-11-04 02:10:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-28 18:07:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-27 02:17:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-25 02:50:41 ----SD---- C:\Documents and Settings\Pierrot\Application Data\Microsoft 2008-10-17 19:33:56 ----D---- C:\Documents and Settings\Pierrot\Application Data\Adobe 2008-10-17 19:25:39 ----DC---- C:\WINDOWS\system32\DRVSTORE ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-10 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-08-17 90480] R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400] R1 SrvcEPECioctl;SrvcEPECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-08-16 5376] R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-07-30 6400] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400] R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-07-30 6400] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-07-20 25723] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-07-20 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-07-20 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-07-20 2271] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-07-20 86138] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-07-20 14587] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-07-20 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-07-20 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-07-20 100603] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-21 1265388] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497] R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-06-25 58240] R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-08-20 4224] R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2004-07-12 36480] R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-07-12 330624] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-10-27 7808] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w22n51;Pilote Intel® PRO/Wireless 2200 Adapter; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136] S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-10 376832] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe [2004-06-23 36960] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 36864] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-17 106496] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-16 152984] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Par contre maintenant, dés que j'essaie d'ouvrir Firefox, une fenêtre apparait. Voici à quoi celle-ci ressemble et ce qu'elle m'affiche : Si je choisis la 1ère option, la fenêtre réapparait toujours instantanément. Qu'est-ce que c'est encore que ça? :P -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Salut Thanos! Pour ce qui est de la console Java, j'ai bien fait tout ce que tu m'as dit et lorsque je cherche une mise à jour via "jucheck.exe" le logiciel me spécifie que je dispose déjà de la dernière version disponible de celui-ci sur mon système. Est-ce normal? qu'est-ce qui a bien pu causer cela alors?? Je vais de ce pas désinstaller complètement Norton. Pour Adobe Reader, est-ce que je peux aussi supprimer l'update 6.0.2 ou faut-il que je la laisse sur mon système?? -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
J'ai bien fait tout ce que tu m'as dit Thanos. Et voici le rapport de MBAM qui m'a trouvé plusieurs infections que j'ai supprimé. Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1397 Windows 5.1.2600 Service Pack 3 14/11/2008 16:47:25 mbam-log-2008-11-14 (16-47-25).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 106488 Temps écoulé: 1 hour(s), 4 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\Program Files\baidu\bar\BaiduBar.dll (BHO.Baidu) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Adware.Cinmus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Adware.Cinmus) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\baidu\bar (Adware.Cinmus) -> Delete on reboot. Fichier(s) infecté(s): C:\Program Files\baidu\bar\BaiduBar.dll (BHO.Baidu) -> Delete on reboot. C:\zPharaoh.exe (Worm.Mabezat) -> Delete on reboot. J'ai donc redémarré mon PC pour supprimer certaines de ces infections, et là magie... Windows Installer ne se lance plus au démarrage. On dirait que ça a marché!! Est-ce que je dois supprimer les infections de mon dossier de quarantaine sur MBAM? Sinon je n'ai jamais eu d'infection se propageant via clé USB (enfin pas que je sache) j'ai juste installé VaccinUSB sur les conseils d'un autre membre du forum (oGu) afin de sécuriser au mieux mon système. Ce n'était donc qu'une mesure préventive. En tout cas bonne chance avec mon rapport. Et j'attends de tes nouvelles. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Tout d'abord merci pour ta réponse Thanos. J'ai donc fait ce que tu m'as dit. Voici tout d'abord le "log.txt" : Logfile of random's system information tool 1.04 (written by random/random) Run by Pierrot at 2008-11-14 00:52:57 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 24 GB (21%) free of 114 GB Total RAM: 510 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:53:24, on 14/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\Program Files\PeerTV\VLC\vlc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Pierrot\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Pierrot.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7298 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-07-20 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-06-10 339968] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512] "PadTouch"=C:\Program Files\TOSHIBA\PadTouch\PadExe.exe [2004-02-12 1019904] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-27 184320] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-21 88363] "CeEPOWER"=C:\Program Files\TOSHIBA\Power Management\CePMTray.exe [2004-08-18 135168] ""= [] "CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-08-06 643072] "EzButton"=C:\Program Files\EzButton\EzButton.EXE [2004-07-07 712704] "TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-07-28 53248] "ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe [2004-07-14 24576] "SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-04-30 118784] "NDSTray.exe"=NDSTray.exe [] "SSC_UserPrompt"=C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-16 218240] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-07-20 122939] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-15 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-09-08 3513344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2008-11-14 00:52:57 ----D---- C:\rsit 2008-11-13 23:05:10 ----D---- C:\Program Files\baidu 2008-11-13 23:04:57 ----D---- C:\Documents and Settings\Pierrot\Application Data\PPMate 2008-11-13 23:04:54 ----D---- C:\Program Files\Fichiers communs\Synacast 2008-11-13 23:04:50 ----D---- C:\Program Files\PPMate 2008-11-13 23:02:33 ----D---- C:\Program Files\PeerTV 2008-11-13 23:01:34 ----D---- C:\Program Files\SopCast 2008-11-13 22:38:51 ----D---- C:\Program Files\Trend Micro 2008-11-12 22:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 22:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 22:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-12 19:15:48 ----D---- C:\Program Files\TVAnts 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\korwbrkr.dll 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\chtbrkr.dll 2008-11-12 18:50:37 ----A---- C:\WINDOWS\system32\chsbrkr.dll 2008-11-12 18:50:36 ----A---- C:\WINDOWS\system32\msir3jp.dll 2008-11-12 18:50:24 ----A---- C:\WINDOWS\system32\kbd101a.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnecNT.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnecAT.dll 2008-11-12 18:50:16 ----A---- C:\WINDOWS\system32\kbdnec95.dll 2008-11-12 18:50:02 ----A---- C:\WINDOWS\system32\c_is2022.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbdkor.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbd103.dll 2008-11-12 18:49:41 ----A---- C:\WINDOWS\system32\kbd101c.dll 2008-11-12 18:49:31 ----A---- C:\WINDOWS\system32\kbd101b.dll 2008-11-12 18:49:30 ----A---- C:\WINDOWS\system32\kbd106.dll 2008-11-12 17:43:02 ----D---- C:\Program Files\Lavalys 2008-11-10 00:18:21 ----D---- C:\Documents and Settings\Pierrot\Application Data\dvdcss 2008-11-09 04:20:58 ----D---- C:\Documents and Settings\Pierrot\Application Data\vlc 2008-11-04 02:09:41 ----D---- C:\Program Files\MSECache 2008-10-24 19:40:46 ----A---- C:\WINDOWS\system32\StripMyRights.exe 2008-10-24 17:13:31 ----D---- C:\Program Files\hpHosts 2008-10-24 17:09:52 ----RASHD---- C:\zPharaoh.exe 2008-10-24 17:09:52 ----RASHD---- C:\winfile.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp2.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp1.exe 2008-10-24 17:09:52 ----RASHD---- C:\temp.exe 2008-10-24 17:09:52 ----RASHD---- C:\sqlserv.exe 2008-10-24 17:09:52 ----RASHD---- C:\ravmon.log 2008-10-24 17:09:52 ----RASHD---- C:\ravmon.exe 2008-10-24 17:09:52 ----RASHD---- C:\msvcr71.dll 2008-10-24 17:09:52 ----RASHD---- C:\info.exe 2008-10-24 17:09:52 ----RASHD---- C:\host.exe 2008-10-24 17:09:52 ----RASHD---- C:\copy.exe 2008-10-24 17:09:52 ----RASHD---- C:\comment.htt 2008-10-24 17:09:52 ----RASHD---- C:\autorun.inf 2008-10-24 17:09:52 ----RASHD---- C:\adober.exe 2008-10-24 17:09:52 ----A---- C:\VaccinUSB.txt 2008-10-24 15:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-21 13:44:58 ----N---- C:\WINDOWS\SchedLgU.Txt 2008-10-18 15:12:11 ----D---- C:\Program Files\MSXML 4.0 2008-10-18 02:24:00 ----D---- C:\Documents and Settings\Pierrot\Application Data\WinRAR 2008-10-17 19:26:59 ----D---- C:\Documents and Settings\Pierrot\Application Data\Teleca 2008-10-17 19:26:45 ----D---- C:\Documents and Settings\Pierrot\Application Data\Sony Ericsson 2008-10-17 19:22:25 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-10-17 19:22:17 ----D---- C:\Program Files\Fichiers communs\Teleca Shared 2008-10-17 19:22:15 ----D---- C:\Program Files\Sony Ericsson 2008-10-17 19:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca 2008-10-17 19:21:12 ----D---- C:\WINDOWS\Downloaded Installations 2008-10-17 19:16:55 ----D---- C:\Program Files\Disc2Phone 2008-10-17 18:44:18 ----D---- C:\Documents and Settings\Pierrot\Application Data\Sonic 2008-10-16 04:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-16 04:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-16 04:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-10-16 02:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-16 02:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-16 02:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ ======List of files/folders modified in the last 1 months====== 2008-11-14 00:53:11 ----D---- C:\WINDOWS\Prefetch 2008-11-14 00:12:58 ----D---- C:\Program Files\Mozilla Firefox 2008-11-13 23:09:09 ----RD---- C:\Program Files 2008-11-13 23:08:50 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-13 23:08:45 ----D---- C:\WINDOWS\Temp 2008-11-13 23:08:44 ----D---- C:\WINDOWS\system32 2008-11-13 23:08:39 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-13 23:04:54 ----D---- C:\Program Files\Fichiers communs 2008-11-13 22:47:04 ----D---- C:\WINDOWS 2008-11-13 22:46:51 ----D---- C:\Program Files\CCleaner 2008-11-13 16:46:44 ----D---- C:\Documents and Settings\Pierrot\Application Data\Skype 2008-11-13 14:47:04 ----D---- C:\Documents and Settings\Pierrot\Application Data\skypePM 2008-11-13 06:23:25 ----SHD---- C:\WINDOWS\Installer 2008-11-12 22:29:23 ----D---- C:\WINDOWS\Debug 2008-11-12 22:24:04 ----HD---- C:\WINDOWS\inf 2008-11-12 22:24:03 ----D---- C:\WINDOWS\system32\drivers 2008-11-12 22:24:00 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 22:23:20 ----D---- C:\WINDOWS\WinSxS 2008-11-12 18:50:31 ----RSD---- C:\WINDOWS\Fonts 2008-11-12 18:50:28 ----D---- C:\WINDOWS\Help 2008-11-11 18:28:38 ----D---- C:\Documents and Settings\Pierrot\Application Data\LimeWire 2008-11-09 04:19:58 ----D---- C:\Program Files\VideoLAN 2008-11-04 02:10:06 ----D---- C:\Program Files\Microsoft Office 2008-11-04 02:10:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-28 18:07:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-27 02:17:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-25 02:50:41 ----SD---- C:\Documents and Settings\Pierrot\Application Data\Microsoft 2008-10-23 23:50:12 ----SD---- C:\WINDOWS\Tasks 2008-10-17 19:33:56 ----D---- C:\Documents and Settings\Pierrot\Application Data\Adobe 2008-10-17 19:25:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-17 19:18:23 ----D---- C:\Program Files\Adobe 2008-10-17 19:18:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-10 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-08-17 90480] R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400] R1 SrvcEPECioctl;SrvcEPECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-08-16 5376] R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-07-30 6400] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400] R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-07-30 6400] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-07-20 25723] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-07-20 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-07-20 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-07-20 2271] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-07-20 86138] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-07-20 14587] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-07-20 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-07-20 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-07-20 100603] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-21 1265388] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497] R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-06-25 58240] R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-08-20 4224] R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2004-07-12 36480] R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-07-12 330624] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w22n51;Pilote Intel® PRO/Wireless 2200 Adapter; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136] S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-10 376832] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe [2004-06-23 36960] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 36864] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-17 106496] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Et voici maintenant le "info.txt" : info.txt logfile of random's system information tool 1.04 2008-11-14 00:53:32 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7646-A00000000001} Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0} ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB} Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{7054ED85-498D-4D20-906F-14646AEC5581} Console TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x40c Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9} Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hpHosts-->"C:\Program Files\hpHosts\unins000.exe" InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9} Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117} Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu" PeerTV 1.1.2-->"C:\Program Files\PeerTV\uninstall.exe" Pilote du DVD-RAM-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" DVD-RAM Driver PPMate Network TV 2.3.1.69-->C:\Program Files\PPMate\uninst.exe Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x40c REMOVE Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\ Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SMSC IrCC V5.1.3600.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC} SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL TOSHIBA Software Modem-->Tosmreg -U Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0x40c TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe" Utilitaire Economie TOSHIBA-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D674A81F-0216-4523-B6AB-3F18D789798E} /l1036 Utilitaire Hotkey TOSHIBA-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1036 Utilitaire TouchPad ON/OFF-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1036 VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324} Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF} Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 000webhost.com 127.0.0.1 005.free-counter.co.uk 127.0.0.1 006.free-counter.co.uk 127.0.0.1 007.free-counter.co.uk 127.0.0.1 007guard.com 127.0.0.1 008.free-counter.co.uk 127.0.0.1 00a0-f0d5-a44e-33s6.cnc-inc.cn 127.0.0.1 00fun.com 127.0.0.1 00hq.com ======Security center information====== AV: Avira AntiVir PersonalEdition ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Teleca Shared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0d06 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip -----------------EOF----------------- Bon courage à toi pour déchiffrer tout ça, même si j'imagine que tu as l'habitude de ce type de rapports. Merci de ton aide. -
[Résolu] TR/Drop.Agent.qqj' [trojan]
pecko14 a répondu à un(e) sujet de pecko14 dans Analyses et éradication malwares
Je viens tout juste de refaire un scan de mon ordinateur sur KasperSky Online, et celui-ci ne me trouve plus rien tout comme AntiVir. Cependant dés que je redémarre mon ordinateur, Microsoft Word 2002 tente de s'installer. Qu'est-ce que je peux faire pour arrêter ça??? J'ai vraiment besoin de conseil s'il vous plaît. Merci. -
Bonjour à tous!! Je pense avoir un trojan sur mon PC ou quelque chose dans le genre. En effet, j'ai télécharger un fichier RAR qui était corrompu et que mon antivirus (Avira AntiVir) m'a notifié lorsque j'ai voulu le dézipper. J'ai donc lancé un scan complet de mon système et AntiVir m'a détecter une infection : TR/Drop.Agent.qqj' [trojan] J'ai déplacé ce fichier en quarantaine puis je l'ai supprimé. Seulement voilà, depuis lorsque je démarre mon ordi Windows Installer se lance automatiquement et tente de m'installer le logiciel Microsoft Word 2002 et échoue me demandant d'insérer le CD d'installation de ce même logiciel. Comment puis-je réparer ça et empêcher que Windows Installer ne se lance au démarrage?? Je n'y connais pas grand chose en informatique et je vous avoue que je suis un peu désemparé... Si cela peut vous aider, voici le rapport de mon scan AntiVir : Avira AntiVir Personal Report file date: mercredi 12 novembre 2008 19:48 Scanning for 1026777 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Pierrot Computer name: PIERRE-OLIVIER Version information: BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:24:00 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 22:39:26 ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 22:39:27 ANTIVIR3.VDF : 7.1.0.70 84480 Bytes 11/11/2008 03:43:08 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 16/10/2008 01:30:49 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 03:43:10 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:39:30 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:39:53 AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 03:43:09 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 22:39:29 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 22:39:28 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 22:39:24 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 22:39:23 AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 01:30:19 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 22:39:21 AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 01:30:10 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 03/10/2008 16:54:31 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 12 novembre 2008 19:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '66' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Pierrot\Local Settings\Application Data\Mozilla\Firefox\Profiles\6iduyf0f.default\Cache\AC4221EAd01 [0] Archive type: ZIP --> RemoteControl.exe [DETECTION] Is the TR/Drop.Agent.qqj Trojan [NOTE] The file was moved to '494f2ceb.qua'! End of the scan: mercredi 12 novembre 2008 21:02 Used time: 1:14:09 Hour(s) The scan has been done completely. 5376 Scanning directories 210775 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 210773 Files not concerned 6578 Archives were scanned 1 Warnings 1 Notes Merci d'avance pour vos réponses. P.S : J'avais déjà posté sur ce sujet mais dans le mauvais forum (software) et comme je n'ai pas eu de réponse je reposte ce sujet ici, éspèrant avoir des réponses. Si quelqu'un pouvait supprimer le précédent sujet ce serait bien car je ne sais pas comment faire. Désolé... Et encore merci à vous!
-
Bonjour à tous!! Je pense avoir un trojan sur mon PC ou quelque chose dans le genre. En effet, j'ai télécharger un fichier RAR qui était corrompu et que mon antivirus (Avira AntiVir) m'a notifié lorsque j'ai voulu le dézipper. J'ai donc lancé un scan complet de mon système et AntiVir m'a détecter une infection : TR/Drop.Agent.qqj' [trojan] J'ai déplacé ce fichier en quarantaine puis je l'ai supprimé. Seulement voilà, depuis lorsque je démarre mon ordi Windows Installer se lance automatiquement et tente de m'installer le logiciel Microsoft Word 2002 et échoue me demandant d'insérer le CD d'installation de ce même logiciel. Comment puis-je réparer ça et empêcher que Windows Installer ne se lance au démarrage?? Je n'y connais pas grand chose en informatique et je vous avoue que je suis un peu désemparé... Si cela peut vous aider, voici le rapport de mon scan AntiVir : Avira AntiVir Personal Report file date: mercredi 12 novembre 2008 19:48 Scanning for 1026777 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Pierrot Computer name: PIERRE-OLIVIER Version information: BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:24:00 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 22:39:26 ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 22:39:27 ANTIVIR3.VDF : 7.1.0.70 84480 Bytes 11/11/2008 03:43:08 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 16/10/2008 01:30:49 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 03:43:10 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:39:30 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:39:53 AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 03:43:09 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 22:39:29 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 22:39:28 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 22:39:24 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 22:39:23 AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 01:30:19 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 22:39:21 AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 01:30:10 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 03/10/2008 16:54:31 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 12 novembre 2008 19:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '66' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Pierrot\Local Settings\Application Data\Mozilla\Firefox\Profiles\6iduyf0f.default\Cache\AC4221EAd01 [0] Archive type: ZIP --> RemoteControl.exe [DETECTION] Is the TR/Drop.Agent.qqj Trojan [NOTE] The file was moved to '494f2ceb.qua'! End of the scan: mercredi 12 novembre 2008 21:02 Used time: 1:14:09 Hour(s) The scan has been done completely. 5376 Scanning directories 210775 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 210773 Files not concerned 6578 Archives were scanned 1 Warnings 1 Notes Merci d'avance pour vos réponses.
-
Ok merci à toi Marcodel!! @+
-
Ok merci. Je vais donc les supprimer de ce pas. Cependant j'aimerai savoir à quoi exactement servent les codecs? Si c'est bien utile (j'ai cru comprendre que VLC permettait de lire toutes les vidéos sans avoir besoin de codecs)? Et si oui alors quels codecs télécharger? Merci.
-
Non je ne suis pas certain de leur origine a toutes. Mes certaines vidéos qu'un ami m'a donné sur CD sont également impossible à lire. Comment ça se fait??