drame
-
Compteur de contenus
20 -
Inscription
-
Dernière visite
drame's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Bonjour à tous, ça faisais longtemps que je n'étais pas passé Alors aujourdhui un collégue à voulu m'installer un logiciel, il l'avait mis sur clef USB. Seulement non seulement l'autorun de la clef était infecté (il me semble que j'ai pu éviter ce virus) par contre le logiciel aussi comprenait un danger qu'antivir m'a détecté. Mon collègue affirme que c'est un "faux positif". Voulant m'assurer que rien ne soit rentré sur ma machine, j'ai fais un test antivir en mode sans échec qui ne m'a pas donné de resultats particulier, voici le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34:26, on 14/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\dream\AppData\Local\Temp\Rar$EX07.788\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0F8ADC-0388-4300-A1B2-3EEB8497E9BD}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate1c9b49365d42e46) (gupdate1c9b49365d42e46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7620 bytes Tout est ok ? Merci d'avance
-
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Merci pour tout je note les conseils. Par contre je suis un garçon et pas une fille C'est bon je met le topic comme résolu. -
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Ne t'inquiètes pas Gof, c'est déja très bien comme ça, je comprend que tu n'ai pas beaucoup de temps. Pas de dysfonctionnement notable ni d'alertes Antivir. -
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Bonjour, c'est quand je lance Rooter.exe que ça me fait ça. -
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Bonsoir, j'ai essayé de lancer le logiciel mais au bout d'un moment il y'a un message d'erreur "Utilitaire (QGREP) de recherche de chaînes de caractères a cessé de fonctionner" Puis le programme ne fais plus rien (j'ai laissé 30 mn mais il n'y a pas eu de changement). -
résolu antivir + malwarebytes
drame a répondu à un(e) sujet de sakapuss dans Sécurisation, prévention
Ah toi aussi tu a des soucis de mise à jour sur ce logiciel. Peut être ça vient du site et pas de nous. -
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Plusieurs petit souci. Tout d'abbord impossible de mettre à jour le logiciel (pourtant sur le parefeu j'ai autorisé l'accès au logiciel donc je comprend pas) enfin bref j'ai quand même fais l'analyse, ça m'a trouvé un élément qui va être supprimé lors du prochain redémarrage en principe. Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1768 Windows 6.0.6001 Service Pack 1 02/04/2009 16:14:36 mbam-log-2009-04-02 (16-14-36).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 168797 Temps écoulé: 2 hour(s), 16 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\zPharaoh.exe (Worm.Mabezat) -> Delete on reboot. Puis aussi un autre souci pendant l'analyse Antivir s'est alarmé et apparement ma clef est encore infecté Dans le fichier 'D:\Avant\Avant.exe' un virus ou un programme indésirable 'WORM/Rontok.D' [worm] a été détecté. Action exécutée : Supprimer le fichier Dans le fichier 'D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe' un virus ou un programme indésirable 'TR/Crypt.ULPM.Gen' [trojan] a été détecté. Action exécutée : Déplacer le fichier en quarantaine Le deuxieme j'ai pas osé le supprimer alors je l'ai mis en quarentaine. -
[Résolu]Clef USB infectée ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
01/04/2009 - 17:29:04,15 - Vaccin USB - Gof Lecteur détectés : Le volume dans le lecteur C s'appelle Vista Le numéro de série du volume est 780C-F237 Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est 68D4-F9FC Le volume dans le lecteur E s'appelle Data Le numéro de série du volume est C20F-EE1F Répertoires et fichiers vaccins : c:\autorun.inf - Vaccin Ok c:\adober.exe - Vaccin Ok c:\copy.exe - Vaccin Ok c:\comment.htt - Vaccin Ok c:\host.exe - Vaccin Ok c:\info.exe - Vaccin Ok c:\msvcr71.dll - Vaccin Ok c:\ravmon.exe - Vaccin Ok c:\ravmon.log - Vaccin Ok c:\sqlserv.exe - Vaccin Ok c:\start.exe - Vaccin Ok c:\temp.exe - Vaccin Ok c:\temp1.exe - Vaccin Ok c:\temp2.exe - Vaccin Ok c:\winfile.exe - Vaccin Ok c:\zPharaoh.exe - Vaccin Ok c:\ntdelect.com - Vaccin Ok d:\autorun.inf - Vaccin Ok d:\adober.exe - Vaccin Ok d:\copy.exe - Vaccin Ok d:\comment.htt - Vaccin Ok d:\host.exe - Vaccin Ok d:\info.exe - Vaccin Ok d:\msvcr71.dll - Vaccin Ok d:\ravmon.exe - Vaccin Ok d:\ravmon.log - Vaccin Ok d:\sqlserv.exe - Vaccin Ok d:\start.exe - Vaccin Ok d:\temp.exe - Vaccin Ok d:\temp1.exe - Vaccin Ok d:\temp2.exe - Vaccin Ok d:\winfile.exe - Vaccin Ok d:\zPharaoh.exe - Vaccin Ok d:\ntdelect.com - Vaccin Ok e:\autorun.inf - Vaccin Ok e:\adober.exe - Vaccin Ok e:\copy.exe - Vaccin Ok e:\comment.htt - Vaccin Ok e:\host.exe - Vaccin Ok e:\info.exe - Vaccin Ok e:\msvcr71.dll - Vaccin Ok e:\ravmon.exe - Vaccin Ok e:\ravmon.log - Vaccin Ok e:\sqlserv.exe - Vaccin Ok e:\start.exe - Vaccin Ok e:\temp.exe - Vaccin Ok e:\temp1.exe - Vaccin Ok e:\temp2.exe - Vaccin Ok e:\winfile.exe - Vaccin Ok e:\zPharaoh.exe - Vaccin Ok e:\ntdelect.com - Vaccin Ok Examen fonctions Autorun BDR : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDrives REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run 01/04/2009 - 17:29:07,32 : Fin. Logfile of random's system information tool 1.06 (written by random/random) Run by dream at 2009-04-01 17:34:46 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 14 GB (24%) free of 57 GB Total RAM: 1021 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:35:41, on 01/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\oodtray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Users\dream\Downloads\RSIT.exe C:\Program Files\trend micro\dream.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7860 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-30 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-12 654832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-07-30 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-14 411768] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2006-12-14 493688] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2006-12-11 530552] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-07 3772416] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-15 102400] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976] "NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-07 90191] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-07 7766016] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-07 81920] "OODefragTray"=C:\Windows\system32\oodtray.exe [2007-06-28 2512128] "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-30 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] c:\program files\valve\steam\steam.exe [2008-03-29 1271032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-30 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2006-12-15 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel de l'Encyclopédie Universelle Larousse.lnk] C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2007-08-12 124912] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1089abf9-6624-11dd-8b1d-00a0d16c95e2}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9f77fd-184b-11dd-a031-00a0d16c95e2}] shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{563fddf1-c4e8-11dc-bab3-00a0d16c95e2}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1f65e5e-0a4f-11de-a1d8-00a0d16c95e2}] shell\AutoRun\command - D:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-04-01 17:34:50 ----D---- C:\Program Files\trend micro 2009-04-01 17:29:05 ----RASHD---- C:\zPharaoh.exe 2009-04-01 17:29:05 ----RASHD---- C:\winfile.exe 2009-04-01 17:29:05 ----RASHD---- C:\ntdelect.com 2009-04-01 17:29:04 ----RASHD---- C:\temp2.exe 2009-04-01 17:29:04 ----RASHD---- C:\temp1.exe 2009-04-01 17:29:04 ----RASHD---- C:\temp.exe 2009-04-01 17:29:04 ----RASHD---- C:\start.exe 2009-04-01 17:29:04 ----RASHD---- C:\sqlserv.exe 2009-04-01 17:29:04 ----RASHD---- C:\ravmon.log 2009-04-01 17:29:04 ----RASHD---- C:\ravmon.exe 2009-04-01 17:29:04 ----RASHD---- C:\msvcr71.dll 2009-04-01 17:29:04 ----RASHD---- C:\info.exe 2009-04-01 17:29:04 ----RASHD---- C:\host.exe 2009-04-01 17:29:04 ----RASHD---- C:\copy.exe 2009-04-01 17:29:04 ----RASHD---- C:\comment.htt 2009-04-01 17:29:04 ----RASHD---- C:\autorun.inf 2009-04-01 17:29:04 ----RASHD---- C:\adober.exe 2009-04-01 17:29:03 ----HD---- C:\bdtmp 2009-03-11 12:22:05 ----A---- C:\Windows\system32\wmp.dll 2009-03-11 12:22:03 ----A---- C:\Windows\system32\wmploc.DLL 2009-03-11 12:22:03 ----A---- C:\Windows\system32\spwmp.dll 2009-03-11 12:22:03 ----A---- C:\Windows\system32\dxmasf.dll 2009-03-11 12:21:59 ----A---- C:\Windows\system32\schannel.dll ======List of files/folders modified in the last 1 months====== 2009-04-01 17:35:12 ----D---- C:\Windows\Prefetch 2009-04-01 17:35:05 ----D---- C:\Windows\Temp 2009-04-01 17:34:50 ----RD---- C:\Program Files 2009-04-01 17:31:50 ----D---- C:\Windows\System32 2009-04-01 17:31:50 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-04-01 17:31:49 ----D---- C:\Windows\inf 2009-04-01 17:29:56 ----D---- C:\Windows\Internet Logs 2009-04-01 11:23:58 ----D---- C:\ProgramData\Google Updater 2009-03-30 20:40:27 ----SHD---- C:\System Volume Information 2009-03-25 13:55:15 ----D---- C:\Windows\system32\catroot2 2009-03-13 18:12:10 ----SHD---- C:\Windows\Installer 2009-03-11 13:00:28 ----D---- C:\Program Files\Windows Media Player 2009-03-11 12:36:15 ----D---- C:\Windows\winsxs 2009-03-11 12:21:40 ----D---- C:\Windows\system32\catroot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-08-31 1161152] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 E100B;Pilote de carte Intel ® PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-19 159744] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-17 1651752] R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-07 4456416] R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S1 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [2005-08-01 64896] S3 ag55dxnf;ag55dxnf; C:\Windows\system32\drivers\ag55dxnf.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-02-14 216320] S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-02-14 208256] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-09-12 9216] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-30 138680] R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-06-28 1049856] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-14 428152] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152] R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 87288] -----------------EOF----------------- Voila les Trois rapports en tout ! Si j'ai bien compris la meilleure façon de ne pas me faire infecter par clef USB c'est de toujours ouvrir par le clic droit et faire "explorer" ? -
Bonjour à tous, j'explique mon problème. Il y'a quelques jours une amie à moi m'a filé sa clef USB pour me donner un cours, à peine branché mon Antivir s'éveille et annonce un virus dans son autorun. (Il faut savoir qu'elle avais Avast et qu'il n'a rien repérer :tsss): Le virus se nommait 'WORM/Autorun.dmh.8' [worm] et je l'ai supprimé. Deuxieme histoire deux jours aprés : Je vais dans une agence de photocopie avec un document sur ma clef USB. Je la met dans leur ordinateur pour imprimer un document. Rentré chez moi je remet ma clef USB dans le port, et Hop Antivir s'excite et me trouve un virus dans l'autorun WORM/Autorun.dmh.8 (le même que celui de la clef USB de cette amie, alors je pense qu'il n'a pas été vraiment supprimé) et dans un autre fichier .exe qui c'est créer sur la clef USB et qui prend le même nom que l'agence ou j'ai fais les photocopies. WORM/Rontok.D' [worm Je les ai supprimé tout deux mais je ne sais pas si ça a vraiment fonctionné. Voila le rapport Hijackthis (je précise qu'il y'a eu une sorte "d'erreur" pendant le scan de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:06:41, on 01/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\oodtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\dream\AppData\Local\Temp\Rar$EX00.335\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7539 bytes
-
Antivir detecte Mabezat.B.91, fausse alerte ?
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Merci pour la reponse Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.17 - AhnLab-V3 5.0.0.2 2009.03.17 - AntiVir 7.9.0.116 2009.03.17 - Authentium 5.1.0.4 2009.03.17 - Avast 4.8.1335.0 2009.03.17 - AVG 8.0.0.237 2009.03.17 - BitDefender 7.2 2009.03.17 - CAT-QuickHeal 10.00 2009.03.17 - ClamAV 0.94.1 2009.03.17 - Comodo 1062 2009.03.17 - DrWeb 4.44.0.09170 2009.03.17 - eSafe 7.0.17.0 2009.03.17 - eTrust-Vet 31.6.6388 2009.03.09 - F-Prot 4.4.4.56 2009.03.16 - F-Secure 8.0.14470.0 2009.03.17 - Fortinet 3.117.0.0 2009.03.17 - GData 19 2009.03.17 - Ikarus T3.1.1.45.0 2009.03.17 - K7AntiVirus 7.10.674 2009.03.17 - Kaspersky 7.0.0.125 2009.03.17 - McAfee 5555 2009.03.16 - McAfee+Artemis 5555 2009.03.16 - McAfee-GW-Edition 6.7.6 2009.03.17 - Microsoft 1.4405 2009.03.17 - NOD32 3943 2009.03.17 - Norman 6.00.06 2009.03.17 - nProtect 2009.1.8.0 2009.03.17 - Panda 10.0.0.10 2009.03.17 - PCTools 4.4.2.0 2009.03.17 - Prevx1 V2 2009.03.17 - Rising 21.21.12.00 2009.03.17 - Sophos 4.39.0 2009.03.17 - Sunbelt 3.2.1858.2 2009.03.17 - Symantec 1.4.4.12 2009.03.17 - TheHacker 6.3.3.0.283 2009.03.16 - TrendMicro 8.700.0.1004 2009.03.17 - VBA32 3.12.10.1 2009.03.16 - ViRobot 2009.3.17.1652 2009.03.17 - VirusBuster 4.6.5.0 2009.03.17 - Information additionnelle File size: 77824 bytes MD5...: 66f2803bb90335d1977cf3a5342a37fe SHA1..: 0ebc97148e5202c9dba3ccda935d19ccc3c9f2b3 SHA256: 08b05a8408b7cc225dfa29b5d898df6f9597649ba657fecbc73d82d1aaa24a72 SHA512: 2a98e1b02e691a18b1fc53742b1fb6581364df4679c247b2208f416b0ff3bc5b<br>fe91f5e0af0bd5954a83f220eb71ce8a37ff9aea83df88b1548d7e92625f0453 ssdeep: 1536:9kmMUJAAt/5cBfWMDlYbTj4uMrE3UJRZ+x4WWL47bEKIhBdkExMT5csG:9l<br>MUW0hcBfWMDlYJEzZ+IL47bEv<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xbd00<br>timedatestamp.....: 0x430471e2 (Thu Aug 18 11:32:50 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xbed7 0xc000 6.43 e3e93568b01e742f2d8cf9b7ddd364e9<br>.rdata 0xd000 0x279e 0x3000 3.95 fb0f5f430df9c3e271f366555439bda1<br>.data 0x10000 0x40c 0x1000 0.85 d92f0db172b95ca44a4cb48b27f2dbf7<br>.rsrc 0x11000 0x1b50 0x2000 4.29 77710ed16fe418eaff1c65195824cbca<br><br>( 8 imports ) <br>> SHFOLDER.dll: SHGetFolderPathW<br>> KERNEL32.dll: InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, ReadFile, CompareFileTime, CloseHandle, GetFileTime, MultiByteToWideChar, WriteFile, WaitForSingleObject, RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetLastError, Sleep, GetProcAddress, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, SetEvent, EnterCriticalSection, LeaveCriticalSection, FreeLibrary, SizeofResource, LoadResource, GetCommandLineW, IsValidLocale, GetUserDefaultLCID, SetFilePointer, LoadLibraryA, GetVersionExA, LocalAlloc, CreateThread, ExitProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetStartupInfoW, GetModuleHandleA, LocalFree<br>> USER32.dll: TranslateMessage<br>> ADVAPI32.dll: RegCloseKey<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoInitialize, CoTaskMemRealloc, CoCreateInstance, CoRevokeClassObject, CoTaskMemAlloc, StringFromGUID2, CoRegisterClassObject<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> SHLWAPI.dll: PathFindExtensionW, PathFileExistsW, PathIsURLW<br>> MSVCR71.dll: __p__commode, __setusermatherr, _initterm, __wgetmainargs, _amsg_exit, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, __set_app_type, _terminate@@YAXXZ, _onexit, __dllonexit, __1type_info@@UAE@XZ, __security_error_handler, wcsstr, _wtoi, wcschr, __p__fmode, _controlfp, _adjust_fdiv, free, _CxxThrowException, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _wcsicmp, _wcsicoll, wcsrchr, memset, wcslen, memcmp, malloc, _except_handler3, memcpy, ___V@YAXPAX@Z, _purecall, wcsncpy, realloc, ___U@YAPAXI@Z, memmove, wcscmp, _vsnwprintf<br><br>( 0 exports ) <br> -
Antivir detecte Mabezat.B.91, fausse alerte ?
drame a posté un sujet dans Analyses et éradication malwares
Bonjour. A l'instant, Antivir m'a détecté un worm Mabezat.B.91 dans C:\Microsoft Works\WkDStore.exe En tapant ça sur google je constate que c'est arrivé à plein de monde reçement et ça a a l'air d'être une fausse alerte. http://forum.pcastuces.com/worm_mabezat_b_...=1 -
[Résolu] Infecté par un vieux virus : Sality
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Je te remerci pour ton aide et ta patience ! -
[Résolu] Infecté par un vieux virus : Sality
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:07, on 18/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\oodtray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\dream\AppData\Local\Temp\Rar$EX08.625\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8122 bytes -
[Résolu] Infecté par un vieux virus : Sality
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
Voila, depuis le temps que je devais le faire, j'ai désinstallé Avast et mis Antivir à la place. En tout cas merci bien pour l'aide ! Rapide et efficace. Maintenant est-ce que tout est terminé ou il me reste des choses à faire ? -
[Résolu] Infecté par un vieux virus : Sality
drame a répondu à un(e) sujet de drame dans Analyses et éradication malwares
ComboFix 09-02-15.01 - dream 2009-02-18 0:12:43.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1021.463 [GMT 1:00] Lancé depuis: c:\users\dream\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\dream\Desktop\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 081212-0] *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *disabled* FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: D:\tel.xls.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_abakkyx5 ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 )))))))))))))))))))))))))))))))))))) . 2009-02-17 22:58 . 2009-02-17 22:59 <REP> d-------- C:\rsit 2009-02-17 13:13 . 2009-02-17 13:13 <REP> d-------- c:\users\dream\AppData\Roaming\Malwarebytes 2009-02-17 13:13 . 2009-02-17 13:13 <REP> d-------- c:\users\All Users\Malwarebytes 2009-02-17 13:13 . 2009-02-17 13:13 <REP> d-------- c:\programdata\Malwarebytes 2009-02-17 13:13 . 2009-02-17 13:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-17 13:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-17 13:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-12 14:15 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-12 14:14 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-17 23:18 352,614 ---ha-w c:\windows\system32\drivers\vsconfig.xml 2009-02-17 22:08 --------- d-----w c:\programdata\Google Updater 2009-02-16 21:19 --------- d-----w c:\program files\Free FLV Converter 2009-02-15 22:01 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-15 22:01 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 16:59 25,159 ----a-w c:\users\dream\AppData\Roaming\nvModes.dat 2009-01-18 13:18 17,987,583 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-01-11 19:14 --------- d-----w c:\program files\OrangeHSS 2009-01-05 14:40 --------- d-----w c:\program files\Securitoo 2009-01-05 14:37 --------- d-----w c:\program files\Common Files\France Telecom 2009-01-04 12:44 --------- d-----w c:\users\dream\AppData\Roaming\Grisoft 2008-12-30 02:03 2,739,200 ----a-w c:\windows\Internet Logs\xDBC495.tmp 2008-12-25 23:06 31,893,378 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_25_23_58_34_full.dmp.zip 2008-12-24 20:46 31,799,702 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_24_20_35_06_full.dmp.zip 2008-12-22 13:00 31,786,475 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_22_00_10_05_full.dmp.zip 2008-12-21 20:34 31,700,913 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_21_19_24_08_full.dmp.zip 2008-12-05 04:20 274,432 ----a-w c:\windows\System32\TubeFinder.exe 2008-11-25 15:35 67,141 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_25_16_17_21_small.dmp.zip 2008-07-29 01:02 174 --sha-w c:\program files\desktop.ini 2007-08-18 11:59 16,429,768 ----a-w c:\users\dream\setupfre.exe 2007-07-30 09:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-07-30 09:44 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-07-30 09:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-17_23.32.01,68 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2009-02-17 12:50:26 789,808 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-02-17 23:16:38 789,888 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-02-17 21:56:08 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-17 23:18:19 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2009-02-17 21:56:02 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-17 23:18:18 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2009-02-17 22:24:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-02-17 23:18:07 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-17 22:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-17 23:18:07 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-02-17 22:24:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-17 23:18:07 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.ac3filter"= ac3filter.acm "msacm.l3codec"= l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel de l'Encyclopédie Universelle Larousse.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hyperappel de l'Encyclopédie Universelle Larousse.lnk backup=c:\windows\pss\Hyperappel de l'Encyclopédie Universelle Larousse.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk backup=c:\windows\pss\Outil de mise à jour Google.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] --a------ 2006-12-07 16:49 55416 c:\program files\TOSHIBA\TBS\HSON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-29 13:06 1271032 c:\program files\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-30 18:52 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] --a------ 2006-12-15 17:11 577536 c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F5E540FD-AD1A-4957-B7C2-40A09D2E140B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-06-20 111184] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-06-20 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-08-18 51792] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-04-23 1153368] R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2006-12-18 7168] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-01-05 28224] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1089abf9-6624-11dd-8b1d-00a0d16c95e2}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9f77fd-184b-11dd-a031-00a0d16c95e2}] \shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{563fddf1-c4e8-11dc-bab3-00a0d16c95e2}] \shell\AutoRun\command - D:\LaunchU3.exe -a . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR FF - ProfilePath - c:\users\dream\AppData\Roaming\Mozilla\Firefox\Profiles\hux9wjr8.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 00:18:42 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\windows\System32\rundll32.exe c:\windows\System32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\windows\ehome\ehmsas.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\System32\oodag.exe c:\windows\System32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\OrangeHSS\Systray\SystrayApp.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\conime.exe . ************************************************************************** . Heure de fin: 2009-02-18 0:27:19 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-17 23:24:56 ComboFix2.txt 2009-02-17 22:34:29 Avant-CF: 16 950 775 808 octets libres Après-CF: 16,650,149,888 octets libres 215 --- E O F --- 2009-02-17 12:14:41 Pour Hijackis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:29:59, on 18/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\oodtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\dream\AppData\Local\Temp\Rar$EX00.504\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7586 bytes Sinon Avast me signale un fichier supsect C:\ComboFix\catchme.sys mais je doute que ce soit un virus Puis il veut redémarrer pour le supprimer mais j'ai refusé, enfin j'espere que j'ai bien fait. Sinon avais-je vraiment ce virus Sality ?