Probléme Antivirus xp pro 2009

Résolu
Mimasu Messages postés 18 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Depuis 2 jours, j'ai un problème avec le virus "Antivirus xp pro 2009" Je n'arrive pas du tout à m'en séparer...
J'ai plusieur alertes s'affichant toutes les 5 minutes
" Warning! Sécurity report Your computer is infected! It's recommended to start spyware cleaner tool"

Et un fond d'écrant réccurent de même genre que les alertes.

J'ai compris qu'il fallait faire des scan avec d’Hijackthis, SmitfraudFix ... Mais mon niveau informatique ne me permet pas d'interprèter de façon correct les rapports donc si quelqu'un peut le faire à ma place je lui en serais très reconnaisante.

Voilà je sais bien qu'il y a plusieur poste exactement pareil mais comme chaque cas est différents je ne peut pas vraiment m'aider avec.

En Espérant un réponse
Merci d'avance
Mimasu
Configuration: Windows XP
Internet Explorer 6.0

23 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    colle un rapport smitfraudfix
    avec l'option 1

    et

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. Mimasu Messages postés 18 Statut Membre
     
    Merci ^^

    Voila les rapports

    SmitFraudFix v2.398

    Rapport fait à 10:36:57,65, 22/02/2009
    Executé à partir de C:\Documents and Settings\CECILE\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\SetPoints.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\iccum.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\CECILE\Bureau\RSIT.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CECILE

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CECILE\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CECILE\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CECILE\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\System32\\ntos.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{178D8286-23EB-423F-91DD-0EDE1E1DF1C4}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{178D8286-23EB-423F-91DD-0EDE1E1DF1C4}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ____________________________________

    log :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CECILE at 2009-02-22 10:37:02
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 7 GB (39%) free of 19 GB
    Total RAM: 254 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:37:44, on 22/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\SetPoints.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system32\iccum.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\CECILE\Bureau\RSIT.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Trend Micro\HijackThis\CECILE.exe
    C:\Documents and Settings\CECILE\Bureau\SmitfraudFix\IEDFix.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
    O4 - HKCU\..\Run: [uuimo] "c:\windows\system32\uuimo.exe" uuimo
    O4 - HKCU\..\Run: [AntivirusXP.exe] C:\Program Files\AntivirusXP\AntivirusXP.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    0
  3. Mimasu Messages postés 18 Statut Membre
     
    Les rapports,

    sinon est ce que tu sais pourquoi quand je faisais un scan avec avast (en présence d'antivirus xp pro ) mon ordi se bloquait pendant le scan ?

    Malwarebytes' Anti-Malware 1.34
    Database version: 1789
    Windows 5.1.2600 Service Pack 2

    22/02/2009 12:47:35
    mbam-log-2009-02-22 (12-47-35).txt

    Scan type: Quick Scan
    Objects scanned: 73356
    Time elapsed: 1 hour(s), 38 minute(s), 49 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 7
    Registry Data Items Infected: 7
    Folders Infected: 7
    Files Infected: 35

    Memory Processes Infected:
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{9ca1536d-5689-40ca-b92a-f646301517d7} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{09dc28c6-bce2-42b1-b3ea-8ab82f0f3b0a} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntivirusXP.exe (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update (Backdoor.Bot) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\Invité\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\Program Files\Instant Access\Center\Les Backrooms.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Instant Access\Center\Thumbs.db (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
    C:\Program Files\Insider\UnInstall.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Invité\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Invité\Application Data\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\CECILE\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
    C:\Documents and Settings\CECILE\Bureau\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nsinet.exe (Adware.InstantAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SetPoints.exe (Backdoor.Bot) -> Delete on reboot.
    C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iccum_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uuimo_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wgyiugs_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iccum_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uuimo_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wgyiugs_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekaevxtuirx.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekaibmqpbav.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekajkdkifxj.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\senekamtnqwbwb.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\senekanstidvbe.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\senekaybiqxowp.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\senekaettimovr.sys (Trojan.Agent) -> Delete on reboot.

    ___________

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CECILE at 2009-02-22 12:55:02
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 7 GB (39%) free of 19 GB
    Total RAM: 254 MB (8% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:57:48, on 22/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\windows\system32\uuimo.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Documents and Settings\CECILE\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\CECILE.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
    O4 - HKCU\..\Run: [uuimo] "c:\windows\system32\uuimo.exe" uuimo
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces 6 fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

    C:\WINDOWS\system32\NtmsData
    C:\WINDOWS\system32\303362.exe
    C:\WINDOWS\system32\aagmo.exe
    C:\WINDOWS\system32\sirenacm.dll
    C:\WINDOWS\system32\cqkwa.exe
    C:\WINDOWS\system32\awwcogw.exe

    rq :antivirus xP pro est un rogue et donc un espion, sont but est aussi de bloquer les protection , c'est pourquoi avast ne marchait pas!

    ___________

    je me mets ceci de coté:

    C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
    c:\windows\system32\iccum.exe
    C:\RECYCLER
    c:\windows\system32\uuimo.exe
    E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
    S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaettimovr.sys

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "iccum"=-
    "uuimo"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]
    0
  6. Mimasu Messages postés 18 Statut Membre
     
    C:\WINDOWS\system32\NtmsData
    0 bytes size received / Se ha recibido un archivo vacio

    C:\WINDOWS\system32\303362.exe

    Fichier 303362.exe_ reçu le 2009.02.22 13:55:59 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 17/39 (43.59%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.22 -
    AhnLab-V3 2009.2.21.0 2009.02.22 -
    AntiVir 7.9.0.87 2009.02.21 TR/Dldr.Agent.GTZ
    Authentium 5.1.0.4 2009.02.22 -
    Avast 4.8.1335.0 2009.02.22 Win32:Trojan-gen {Other}
    AVG 8.0.0.237 2009.02.21 SHeur2.QPR
    BitDefender 7.2 2009.02.22 Trojan.Vundo.GJC
    CAT-QuickHeal 10.00 2009.02.22 -
    ClamAV 0.94.1 2009.02.22 Trojan.Rootkit-1499
    Comodo 984 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.22 Trojan.Fakealert.3952
    eSafe 7.0.17.0 2009.02.19 -
    eTrust-Vet 31.6.6368 2009.02.20 Win32/FakeAlert.ABL
    F-Prot 4.4.4.56 2009.02.22 -
    F-Secure 8.0.14470.0 2009.02.22 Trojan.Win32.Monder.bdnr
    Fortinet 3.117.0.0 2009.02.22 -
    GData 19 2009.02.22 Trojan.Vundo.GJC
    Ikarus T3.1.1.45.0 2009.02.22 -
    K7AntiVirus 7.10.639 2009.02.21 -
    Kaspersky 7.0.0.125 2009.02.22 Trojan.Win32.Monder.bdnr
    McAfee 5532 2009.02.21 -
    McAfee+Artemis 5532 2009.02.21 -
    Microsoft 1.4306 2009.02.22 Program:Win32/Antivirus2009
    NOD32 3877 2009.02.22 Win32/TrojanDownloader.FakeAlert.YV
    Norman 6.00.06 2009.02.20 W32/DLoader.NMHG
    nProtect 2009.1.8.0 2009.02.22 -
    Panda 10.0.0.10 2009.02.21 -
    PCTools 4.4.2.0 2009.02.22 -
    Prevx1 V2 2009.02.22 Medium Risk Malware
    Rising 21.17.62.00 2009.02.22 Trojan.Win32.Nodef.dlm
    SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dldr.Agent.GTZ
    Sophos 4.39.0 2009.02.22 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.22 -
    TheHacker 6.3.2.4.263 2009.02.21 -
    TrendMicro 8.700.0.1004 2009.02.20 -
    VBA32 3.12.10.0 2009.02.22 suspected of Malware-Cryptor.Win32.General.3
    ViRobot 2009.2.20.1617 2009.02.20 -
    VirusBuster 4.5.11.0 2009.02.21 -

    Information additionnelle
    File size: 26624 bytes
    MD5...: 3476b1762a900e9ed70bb1b66d3425e5
    SHA1..: f4ed7da7bfb0765a5efa31b507ad9e1ced3bf2fa
    SHA256: ca3f3777a1fe39fcce238f2639a997310f1bf2e109b5b4492797f226cc903bb3
    SHA512: ea04303351f2547d0d914134f381907ae2d29b4ed698dd54330e52028f12a852
    def7d3baeb15b2a28910fe409b0ed5ec46e5eac43032ae5276e8407e9a8779b6
    ssdeep: 768:A+fu/JNYcMBrbbuqnMGSObv/ZA60GIlFAZ:AFzYc2rbban0m6wlFAZ

    PEiD..: -
    TrID..: File type identification
    Windows Screen Saver (39.4%)
    Win32 Executable Generic (25.6%)
    Win32 Dynamic Link Library (generic) (22.8%)
    Generic Win/DOS Executable (6.0%)
    DOS Executable Generic (6.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x404c89
    timedatestamp.....: 0x47d007a3 (Thu Mar 06 15:02:59 2008)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x5007 0x5200 7.66 e3fc147dd05724e2bf956c854189af8d
    .rdata 0x7000 0x3eb 0x400 0.69 4ee14d1670b4824f589d3c7602e17aea
    .data 0x8000 0xb2d 0xa00 5.86 398c4651d3c1cbfcf45248dd217f42e7
    .rsrc 0x9000 0x3d8 0x400 3.33 3908604304b040b44fd757325ad35717

    ( 5 imports )
    > GDI32.dll: CreateCompatibleDC, GetTextMetricsA, CreatePen, GetDeviceCaps, EndDoc, Polyline, Ellipse, RectInRegion, GetBkColor, ExtTextOutA, BitBlt, GetStockObject, RestoreDC, StartPage, SelectObject, SetROP2, GetTextExtentPoint32A, SetMapMode, CreateSolidBrush, SetBkColor, CreateRectRgnIndirect, CreateDIBSection, SetTextColor, Rectangle
    > USER32.dll: EnumWindows, FrameRect, LoadCursorA, RegisterClassExA, GetWindowThreadProcessId, RedrawWindow, InsertMenuA, IntersectRect, RemoveMenu, LoadImageA, RegisterWindowMessageA, SendMessageTimeoutA, EnableWindow, ReleaseCapture, InvalidateRect, DialogBoxParamA, FindWindowExA, DispatchMessageA, SetWindowPlacement, PostQuitMessage, TrackPopupMenuEx, GetMessageA, UnionRect, BeginPaint, GetDlgItemTextA, EndDialog, GetPropA, DestroyWindow, OffsetRect, SetCapture, GetSubMenu, MapWindowPoints
    > ole32.dll: CoRevokeClassObject, CoUninitialize, OleSave, CoTreatAsClass, CoLockObjectExternal, OleCreateEmbeddingHelper, CoSuspendClassObjects, OleDuplicateData, CoRegisterMessageFilter, OleCreateFromFileEx, OleCreateLinkEx, OleRegGetMiscStatus, CoGetInterfaceAndReleaseStream, BindMoniker, CoDisconnectObject, CoGetCurrentProcess, CoFreeAllLibraries, OleTranslateAccelerator, CoDosDateTimeToFileTime, CoFileTimeToDosDateTime, OleCreate
    > MSVCRT.dll: _controlfp, strcpy, _beginthread, ftell, _waccess, strlen, _wfopen, strcspn, srand, _stricmp, _chdir, strcmp, wcsrchr, strchr, _exit, wcscpy, memcmp, _itow, wcsncpy, __setusermatherr, _wsplitpath
    > KERNEL32.dll: IsValidLocale, InterlockedExchange, OpenProcess, CompareStringA, SetEnvironmentVariableA, LCMapStringW, GetFileType, PulseEvent, GetExitCodeThread, GetDriveTypeA, LoadResource, GlobalUnlock, VirtualAlloc, WideCharToMultiByte, QueryPerformanceCounter, CreateProcessA, IsValidCodePage, FlushFileBuffers, GetLocaleInfoA

    ( 0 exports )

    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0ABEB0A700BD7D9E68BF005521D78200DF8395A7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0ABEB0A700BD7D9E68BF005521D78200DF8395A7</a>

    C:\WINDOWS\system32\aagmo.exe
    Fichier aagmo.exe_ reçu le 2009.02.22 14:00:01 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 2/35 (5.72%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.22 -
    AhnLab-V3 2009.2.21.0 2009.02.22 -
    AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
    Authentium 5.1.0.4 2009.02.22 -
    Avast 4.8.1335.0 2009.02.22 -
    AVG 8.0.0.237 2009.02.21 -
    CAT-QuickHeal 10.00 2009.02.22 -
    ClamAV 0.94.1 2009.02.22 -
    Comodo 983 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.22 -
    eSafe 7.0.17.0 2009.02.19 -
    eTrust-Vet 31.6.6368 2009.02.20 -
    F-Prot 4.4.4.56 2009.02.22 -
    Fortinet 3.117.0.0 2009.02.22 -
    Ikarus T3.1.1.45.0 2009.02.22 -
    K7AntiVirus 7.10.639 2009.02.21 -
    McAfee 5532 2009.02.21 -
    McAfee+Artemis 5532 2009.02.21 -
    Microsoft 1.4306 2009.02.22 -
    NOD32 3877 2009.02.22 -
    Norman 6.00.06 2009.02.20 -
    nProtect 2009.1.8.0 2009.02.22 -
    Panda 10.0.0.10 2009.02.21 -
    PCTools 4.4.2.0 2009.02.22 -
    Prevx1 V2 2009.02.22 -
    Rising 21.17.62.00 2009.02.22 -
    SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
    Sophos 4.39.0 2009.02.22 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.22 -
    TheHacker 6.3.2.4.263 2009.02.21 -
    TrendMicro 8.700.0.1004 2009.02.20 -
    VBA32 3.12.10.0 2009.02.22 -
    ViRobot 2009.2.20.1617 2009.02.20 -
    VirusBuster 4.5.11.0 2009.02.21 -

    Information additionnelle
    File size: 225280 bytes
    MD5...: 409c8a198a95131ffc5b8d69b642f3d5
    SHA1..: 5599e1f397c101e39a5f32eacbcb43bd9cc7b61c
    SHA256: bd3ba8c5736f6217349c050c1a427d22b90ad5bd477831c1dd1274f477607b68
    SHA512: 4152f50915541d45c5bc323f6a0e6db81765f6b2e2ca19420866cc6beddaeb04
    3dfa576d5237e252b4c858acd54032ae40a2bfa594a66a55e4cc0ff3de808797
    ssdeep: 3072:Ugmb9WvwnP8ihhQx+OLfWTnnCao/Svd3Ekcqb0n2fNjIHV3B9RTCsIxdKna
    PhMLu:CpXwx+UfWTnnCqFEkpwn2fNjAo7hMLu

    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4318ac
    timedatestamp.....: 0x43ce1e8b (Wed Jan 18 10:55:07 2006)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x30a36 0x31000 7.41 de42394c7ce8e727ce83dcad200b936d
    .rdata 0x32000 0x12a0 0x2000 3.79 d52873708a8d6bafcedcf7c750ca04a2
    .data 0x34000 0x2bac 0x3000 5.28 17b00eaa06ac59a8e335b707160ca560

    ( 11 imports )
    > GDI32.dll: SetTextAlign, FrameRgn, SetWindowOrgEx, PolyBezier, CreateEllipticRgnIndirect, PlayMetaFile, RealizePalette, FillRgn, CreateHalftonePalette, GetObjectType, CopyEnhMetaFileA
    > ole32.dll: OleCreate, CoLockObjectExternal, CoDisconnectObject
    > SHELL32.dll: SHAddToRecentDocs, DragQueryPoint, Shell_NotifyIconW, SHGetDesktopFolder, SHGetSettings
    > WS2_32.dll: -, -, WSASocketW, -, -, -, WSAInstallServiceClassW, WSADuplicateSocketA, WSARecvFrom, WSAEnumNetworkEvents, -, WSAResetEvent, -, WSASendDisconnect, -, -, -, -, WSALookupServiceBeginA
    > ADVAPI32.dll: DestroyPrivateObjectSecurity, SetTokenInformation, SetServiceObjectSecurity, MakeAbsoluteSD, GetPrivateObjectSecurity, RegUnLoadKeyA, StartServiceCtrlDispatcherW, CryptDeriveKey, GetSecurityInfo, SetServiceStatus, MakeSelfRelativeSD
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
    > comdlg32.dll: ChooseColorW, GetFileTitleW
    > VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA
    > KERNEL32.dll: GetStringTypeExW, DosDateTimeToFileTime, CreateDirectoryA, _hread, CreateFileW, ReadConsoleInputW, FormatMessageW, GetDriveTypeW, lstrcpyA, InitializeCriticalSection, GlobalReAlloc, GetHandleInformation, PeekConsoleInputW, CreateWaitableTimerA, GetWindowsDirectoryA, SetConsoleMode, GetDiskFreeSpaceW, EnumDateFormatsW, GetUserDefaultLCID, VirtualQueryEx, FreeLibraryAndExitThread, EnumSystemCodePagesA, ReleaseSemaphore, lstrcmpiA, GlobalUnlock, SystemTimeToFileTime, GetTempPathW, GetModuleHandleA, ReadFile, SetEvent, ReadConsoleA, SetConsoleCursorPosition, GetCommandLineW, WaitNamedPipeA, MultiByteToWideChar, GetCompressedFileSizeW, WritePrivateProfileStructA, GlobalFindAtomW, SetProcessWorkingSetSize, FindCloseChangeNotification, PrepareTape, GetLongPathNameA, SetConsoleOutputCP, GetComputerNameW, ExpandEnvironmentStringsW, EnumResourceNamesA, GetCurrentDirectoryW, GetDriveTypeA, VirtualAlloc, lstrlenA, GetACP, GetStartupInfoA
    > USER32.dll: UnregisterHotKey, CascadeWindows, RegisterClipboardFormatW, SetDlgItemInt, CreateDialogParamA, SetMenuItemInfoW, GetSysColorBrush, EnumDesktopsW, IsCharUpperW, GetUpdateRect, DefWindowProcW, GetPropA, IsCharLowerA, IsZoomed, SetMenu, LookupIconIdFromDirectory, LoadMenuW, FlashWindow, CreateIcon, MapWindowPoints, AppendMenuA, InsertMenuA, GetCapture, CreateAcceleratorTableA, ChildWindowFromPoint
    > MSVCRT.dll: _except_handler3, __set_app_type, __p__fmode, _controlfp, _write, longjmp, _dup, _fileno, _mbschr, _strcmpi, _wsplitpath, wcscat, _mbslen, free, _wgetenv, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _wputenv, ftell, strncpy, _mbsnbcnt, _access, isdigit, _mbsicmp, _snprintf, _wmakepath, _spawnv, _wcsnset, _ismbcdigit, _chmod, _wtoi, getenv, _dup2, _unlink, isalpha

    ( 0 exports )
    0
  7. Mimasu Messages postés 18 Statut Membre
     
    C:\WINDOWS\system32\sirenacm.dll

    Fichier sirenacm.dll_ reçu le 2009.02.22 14:05:10 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 0/38 (0%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.22 -
    AhnLab-V3 2009.2.21.0 2009.02.22 -
    AntiVir 7.9.0.87 2009.02.21 -
    Authentium 5.1.0.4 2009.02.22 -
    Avast 4.8.1335.0 2009.02.22 -
    AVG 8.0.0.237 2009.02.21 -
    BitDefender 7.2 2009.02.22 -
    CAT-QuickHeal 10.00 2009.02.22 -
    ClamAV 0.94.1 2009.02.22 -
    Comodo 983 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.22 -
    eSafe 7.0.17.0 2009.02.19 -
    eTrust-Vet 31.6.6368 2009.02.20 -
    F-Prot 4.4.4.56 2009.02.22 -
    Fortinet 3.117.0.0 2009.02.22 -
    GData 19 2009.02.22 -
    Ikarus T3.1.1.45.0 2009.02.22 -
    K7AntiVirus 7.10.639 2009.02.21 -
    Kaspersky 7.0.0.125 2009.02.22 -
    McAfee 5532 2009.02.21 -
    McAfee+Artemis 5532 2009.02.21 -
    Microsoft 1.4306 2009.02.22 -
    NOD32 3877 2009.02.22 -
    Norman 6.00.06 2009.02.20 -
    nProtect 2009.1.8.0 2009.02.22 -
    Panda 10.0.0.10 2009.02.21 -
    PCTools 4.4.2.0 2009.02.22 -
    Prevx1 V2 2009.02.22 -
    Rising 21.17.62.00 2009.02.22 -
    SecureWeb-Gateway 6.7.6 2009.02.22 -
    Sophos 4.39.0 2009.02.22 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.22 -
    TheHacker 6.3.2.4.263 2009.02.21 -
    TrendMicro 8.700.0.1004 2009.02.20 -
    VBA32 3.12.10.0 2009.02.22 -
    ViRobot 2009.2.20.1617 2009.02.20 -
    VirusBuster 4.5.11.0 2009.02.21 -
    Information additionnelle
    File size: 49504 bytes
    MD5...: e5830533c13f30407e76c0584778aa4d
    SHA1..: 07e29bd5e118a576f9c4a4bd0c0cc165e8271213
    SHA256: a8ab6ce2155d02713ed245537ea85a99f58bc7a958849fb7e61f213505d36889
    SHA512: 23cf460aab9316bf4c482dc02ef9ede9d9b0c0f8cdb153be1ad71612695b4bc0
    e82fa231a37e5f4c156546ed6792de258545314d53b36470ce13b54fc54b7be2
    ssdeep: 768:8ySaFg2/meIKQZ731i7NkDnwOWt8JLxCZt9437cO3eDLB+x8va/iSjpvuC:i
    aFgqmeIF7lkN2nwOAc9Cnws+mS5h

    PEiD..: -
    TrID..: File type identification
    Windows Audio Compression Manager driver (85.9%)
    Win32 Executable Generic (9.5%)
    Generic Win/DOS Executable (2.2%)
    DOS Executable Generic (2.2%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4020dd
    timedatestamp.....: 0x498cf57f (Sat Feb 07 02:44:15 2009)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x4eff 0x5000 6.56 d46f4ee37946e98e10b5e024190d57a7
    .data 0x6000 0xa904 0x4200 6.24 117c18a2a22bc2e1939299ad5693db82
    .rsrc 0x11000 0x7a0 0x800 4.15 cdc16b3fe5ce4b1b67534dbba3de8da4
    .reloc 0x12000 0x676 0x800 4.31 ce32f4fbbfaab60d24191b62765bf518

    ( 4 imports )
    > MSVCR80.dll: _unlock, __dllonexit, _lock, _onexit, __clean_type_info_names_internal, _crt_debugger_hook, _CIcos, __3@YAXPAX@Z, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, free, _malloc_crt, _encode_pointer, memset, memcpy, _except_handler4_common, _CIpow, _CIsqrt, _CIsin
    > USER32.dll: LoadStringW
    > KERNEL32.dll: LocalAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, LocalFree
    > WINMM.dll: DefDriverProc, GetDriverModuleHandle

    ( 15 exports )
    DriverProc, Siren7_DecodeFrame, Siren7_EncodeFrame, Siren7_InitDecoderContext, Siren7_InitEncoderContext, Siren7_SizeofBitstream, Siren7_SizeofDecoderContext, Siren7_SizeofEncoderContext, _Siren7_DecodeFrame@16, _Siren7_EncodeFrame@16, _Siren7_InitDecoderContext@4, _Siren7_InitEncoderContext@4, _Siren7_SizeofBitstream@4, _Siren7_SizeofDecoderContext@0, _Siren7_SizeofEncoderContext@0

    C:\WINDOWS\system32\cqkwa.exe
    Fichier cqkwa.exe_ reçu le 2009.02.22 14:08:35 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 2/39 (5.13%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.22 -
    AhnLab-V3 2009.2.21.0 2009.02.22 -
    AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
    Authentium 5.1.0.4 2009.02.22 -
    Avast 4.8.1335.0 2009.02.22 -
    AVG 8.0.0.237 2009.02.21 -
    BitDefender 7.2 2009.02.22 -
    CAT-QuickHeal 10.00 2009.02.22 -
    ClamAV 0.94.1 2009.02.22 -
    Comodo 984 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.22 -
    eSafe 7.0.17.0 2009.02.19 -
    eTrust-Vet 31.6.6368 2009.02.20 -
    F-Prot 4.4.4.56 2009.02.22 -
    F-Secure 8.0.14470.0 2009.02.22 -
    Fortinet 3.117.0.0 2009.02.22 -
    GData 19 2009.02.22 -
    Ikarus T3.1.1.45.0 2009.02.22 -
    K7AntiVirus 7.10.639 2009.02.21 -
    Kaspersky 7.0.0.125 2009.02.22 -
    McAfee 5532 2009.02.21 -
    McAfee+Artemis 5532 2009.02.21 -
    Microsoft 1.4306 2009.02.22 -
    NOD32 3877 2009.02.22 -
    Norman 6.00.06 2009.02.20 -
    nProtect 2009.1.8.0 2009.02.22 -
    Panda 10.0.0.10 2009.02.21 -
    PCTools 4.4.2.0 2009.02.22 -
    Prevx1 V2 2009.02.22 -
    Rising 21.17.62.00 2009.02.22 -
    SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
    Sophos 4.39.0 2009.02.22 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.22 -
    TheHacker 6.3.2.4.263 2009.02.21 -
    TrendMicro 8.700.0.1004 2009.02.20 -
    VBA32 3.12.10.0 2009.02.22 -
    ViRobot 2009.2.20.1617 2009.02.20 -
    VirusBuster 4.5.11.0 2009.02.21 -
    Information additionnelle
    File size: 224768 bytes
    MD5...: 82b47b5d1a5844a692bd0dfca06d0e24
    SHA1..: ba4946298898a8b84c3bffd2727fae9b767c847c
    SHA256: 797a569936994218577b91e5128d064bc62c305bec2cfa5ade6768abed886911
    SHA512: fb1d7cee56f7a69efc6408e64d52195606bb0af1e422c8964cf54cba9174ece3
    1f045312c20c870744ac74c16a57e71dd8471513bc6be7cda073c1c2f2560872
    ssdeep: 3072:M/V6K/V98DKyHy5oV1d/B0eIyobE8NOZGBJ0rA5lkfpvaJZISAlkUFujslB
    Z41Vi:aP8DH1hobEAfl5GfpvvGoqiBgJo

    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x432b6e
    timedatestamp.....: 0x43f0d1fe (Mon Feb 13 18:37:50 2006)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x31cfc 0x31e00 7.44 cdf00222283265f77df6e6f14fa341a6
    .rdata 0x33000 0x1636 0x1800 5.28 ef591de94e3cc6e73b3ac02292a88f38
    .data 0x35000 0x325c 0x3400 5.48 c745a7eb04b3cb065ffdcbf26e9c55d5

    ( 12 imports )
    > WS2_32.dll: WSAConnect, WSASocketW, -, -, WSAGetQOSByName, -, -, -, -, WSAEnumProtocolsW, -, -, WSAGetServiceClassInfoW, -, WSAAddressToStringW, WSAAccept, -
    > SHELL32.dll: DragFinish, SHFileOperationW, SHGetSpecialFolderPathW
    > ole32.dll: CoReleaseMarshalData
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -
    > VERSION.dll: VerInstallFileA, VerQueryValueA, GetFileVersionInfoA
    > COMCTL32.dll: ImageList_DragLeave, ImageList_GetBkColor, ImageList_SetBkColor
    > ADVAPI32.dll: InitializeSecurityDescriptor, ImpersonateLoggedOnUser, RegDeleteKeyA, CryptCreateHash, ClearEventLogW, CryptHashData
    > GDI32.dll: GetViewportExtEx, ExtCreatePen, TextOutW, PlayMetaFileRecord, AddFontResourceA, GetTextMetricsA, RealizePalette, ScaleWindowExtEx, GetGlyphOutlineW
    > comdlg32.dll: CommDlgExtendedError, GetOpenFileNameA
    > USER32.dll: SystemParametersInfoW, DispatchMessageA, GetProcessWindowStation, CallWindowProcA, GetScrollBarInfo, MapVirtualKeyExW, IsWindowVisible, SetRect, LockWindowUpdate, PeekMessageA, HideCaret, AttachThreadInput, RegisterWindowMessageW, UnregisterDeviceNotification, GetUpdateRect, WindowFromPoint, TileWindows, ClipCursor, LoadImageA, ClientToScreen, DrawIconEx, DrawTextExA, EnumDesktopsW, SetWindowContextHelpId, GetMonitorInfoA, GetClassInfoW, GetClassInfoA, GetDC, GetWindowContextHelpId, DragDetect, RedrawWindow, RegisterClipboardFormatA, UnhookWindowsHook, EnumWindowStationsW
    > KERNEL32.dll: GetOverlappedResult, UnmapViewOfFile, WriteProcessMemory, GetCompressedFileSizeW, FatalAppExitA, GetThreadPriority, VirtualProtect, FlushFileBuffers, SizeofResource, SystemTimeToFileTime, ScrollConsoleScreenBufferA, GetSystemInfo, VirtualLock, lstrcmpA, GlobalFlags, GlobalGetAtomNameW, ReadFileScatter, SetConsoleTitleA, ConnectNamedPipe, GetSystemTimeAsFileTime, GetCurrentProcess, GetDiskFreeSpaceW, FileTimeToLocalFileTime, FindCloseChangeNotification, VirtualQuery, SetTimeZoneInformation, VirtualAllocEx, GlobalAddAtomA, SetThreadAffinityMask, SetEndOfFile, GetCurrentDirectoryW, CreatePipe, GlobalAddAtomW, EnumResourceNamesA, EnumTimeFormatsW, SwitchToFiber, SetFileAttributesA, GlobalReAlloc, IsDBCSLeadByteEx, SetSystemTime, SuspendThread, SetProcessShutdownParameters, EnumSystemCodePagesA, WritePrivateProfileStructA, _hread, GetProcessTimes, CreateFileW, SetVolumeLabelA, EraseTape, EnumResourceLanguagesW, DuplicateHandle, FormatMessageA, GetSystemDirectoryW, GetStartupInfoA, GetNumberFormatW, QueryDosDeviceA, LCMapStringA, lstrcpyA, FreeLibraryAndExitThread, GetOEMCP, SetEvent, SetProcessAffinityMask, GetModuleHandleA, GetFileAttributesExA, CreateDirectoryW, GlobalFindAtomW, EnumDateFormatsW, SetConsoleWindowInfo, GetCommConfig, lstrcatW, CreateDirectoryExA, ReadConsoleOutputA, VirtualAlloc
    > MSVCRT.dll: __set_app_type, floor, wcscspn, _mbslen, isalpha, isspace, _ultoa, _popen, mktime, _locking, _wcsdup, localtime, _putws, tmpnam, _mbsnbcmp, wcsncpy, vwprintf, _wcsnicmp, _mbsnbicmp, _unlink, _fcvt, strtod, _fileno, _tzset, _strnicoll, fgetc, toupper, _spawnvp, localeconv, atof, _wstrdate, fscanf, iswspace, _mbsrchr, strcspn, _controlfp, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, iswascii, strrchr, _strlwr, strtok, _wcslwr, _pctype, _chmod, towlower, _umask, _vsnwprintf, _except_handler3, _getch, vprintf, _exit, _XcptFilter, _initterm, __getmainargs, _acmdln, exit

    ( 0 exports )

    C:\WINDOWS\system32\awwcogw.exe

    Fichier awwcogw.exe_ reçu le 2009.02.22 14:10:05 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 4/39 (10.26%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.22 -
    AhnLab-V3 2009.2.21.0 2009.02.22 -
    AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
    Authentium 5.1.0.4 2009.02.22 -
    Avast 4.8.1335.0 2009.02.22 -
    AVG 8.0.0.237 2009.02.21 -
    BitDefender 7.2 2009.02.22 -
    CAT-QuickHeal 10.00 2009.02.22 -
    ClamAV 0.94.1 2009.02.22 -
    Comodo 983 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.22 -
    eSafe 7.0.17.0 2009.02.19 -
    eTrust-Vet 31.6.6368 2009.02.20 -
    F-Prot 4.4.4.56 2009.02.22 -
    F-Secure 8.0.14470.0 2009.02.22 -
    Fortinet 3.117.0.0 2009.02.22 -
    GData 19 2009.02.22 -
    Ikarus T3.1.1.45.0 2009.02.22 -
    K7AntiVirus 7.10.639 2009.02.21 -
    Kaspersky 7.0.0.125 2009.02.22 -
    McAfee 5532 2009.02.21 -
    McAfee+Artemis 5532 2009.02.21 -
    Microsoft 1.4306 2009.02.22 -
    NOD32 3877 2009.02.22 -
    Norman 6.00.06 2009.02.20 -
    nProtect 2009.1.8.0 2009.02.22 -
    Panda 10.0.0.10 2009.02.21 -
    PCTools 4.4.2.0 2009.02.22 -
    Prevx1 V2 2009.02.22 High Risk Fraudulent Security Program
    Rising 21.17.62.00 2009.02.22 -
    SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
    Sophos 4.39.0 2009.02.22 -
    Sunbelt 3.2.1855.2 2009.02.17 Trojan-Spy.Win32.Ardamax.F (vf)
    Symantec 10 2009.02.22 -
    TheHacker 6.3.2.4.263 2009.02.21 -
    TrendMicro 8.700.0.1004 2009.02.20 -
    VBA32 3.12.10.0 2009.02.22 -
    ViRobot 2009.2.20.1617 2009.02.20 -
    VirusBuster 4.5.11.0 2009.02.21 -
    Information additionnelle
    File size: 317440 bytes
    MD5...: 043120fadaad76e877cfcf03f92da4ac
    SHA1..: 197043601a83e0640cc915275b3c90d6c4daa7aa
    SHA256: 91252996912d36562fc63a8a5407f807eca9995615d960ba8446fd91a0db4b0f
    SHA512: 635f4726be4d43bbcdbe44672ef11cfaef2929ae3db40ed07b7b74d4f5322724
    e8f4c925ee5b814c399463b3d19d50b135133568407ab11f360922a65e0da327
    ssdeep: 6144:/wmNQj51xs6SVOmqxFhVCYefrDnhysrSuTm7slTWRXMSZl3l2G:4mNk51bS
    VOmqC/rDn0jNRJ9

    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (53.1%)
    Windows Screen Saver (18.4%)
    Win32 Executable Generic (12.0%)
    Win32 Dynamic Link Library (generic) (10.6%)
    Generic Win/DOS Executable (2.8%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x432c28
    timedatestamp.....: 0x42349eae (Sun Mar 13 20:12:30 2005)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x31dbc 0x31e00 7.36 0b35617bee81ae87077055dee94505f9
    .rdata 0x33000 0x1dd4 0x1e00 5.54 7b5aa81b5f79da4dd2048a87cca0a1e9
    .data 0x35000 0x197ec 0x19800 5.61 90a502df6ce8a6239cddaf48666ae325

    ( 11 imports )
    > KERNEL32.dll: GetStringTypeExW, GetUserDefaultLangID, GetVolumeInformationW, GetCompressedFileSizeW, PrepareTape, GlobalFlags, DeleteFiber, FreeEnvironmentStringsA, GetTempFileNameA, EnumResourceLanguagesW, RaiseException, SetCommMask, lstrcpyA, FileTimeToLocalFileTime, GlobalDeleteAtom, WritePrivateProfileStructA, GetLongPathNameA, OpenSemaphoreW, GlobalUnlock, ExpandEnvironmentStringsW, SetEnvironmentVariableA, GetBinaryTypeW, VirtualLock, SetThreadLocale, CreateNamedPipeW, GetTempPathW, lstrcmpA, GetHandleInformation, VirtualQuery, GetUserDefaultLCID, _llseek, GetThreadPriority, GetConsoleCursorInfo, FindResourceExW, DeleteCriticalSection, GetThreadContext, FindCloseChangeNotification, GlobalFree, LCMapStringA, lstrcatW, GetShortPathNameA, CreateMutexW, IsBadStringPtrA, SetConsoleActiveScreenBuffer, CreateDirectoryExA, GetShortPathNameW, SetLastError, SetEndOfFile, SetConsoleWindowInfo, ExitProcess, ReadConsoleInputW, GetSystemTimeAsFileTime, SetupComm, EnumSystemCodePagesW, SetThreadPriorityBoost, SetSystemTime, OpenMutexA, GetModuleHandleA, LoadResource, SetHandleCount, SetProcessWorkingSetSize, UnmapViewOfFile, LoadLibraryExA, CreatePipe, FormatMessageA, ExitThread, SetEvent, SystemTimeToFileTime, PeekConsoleInputW, SetCommTimeouts, GetTimeZoneInformation, SuspendThread, lstrcpynA, CreateDirectoryA, ReadDirectoryChangesW, SetStdHandle, LoadLibraryExW, DuplicateHandle, EraseTape, UnhandledExceptionFilter, Beep, GetPrivateProfileStringA, GetVersion, FindResourceExA, SetEnvironmentVariableW, SetConsoleCursorPosition, GetOverlappedResult, GetBinaryTypeA, lstrlenA, ReleaseMutex, GetStartupInfoA, VirtualAlloc
    > WS2_32.dll: -, -, WSALookupServiceEnd, WSAGetServiceClassInfoW, WSAConnect, WSAInstallServiceClassW, WSARecv, -, WSAAccept, WSAEnumProtocolsW, -, WSAResetEvent, -, -, -
    > ole32.dll: CoMarshalInterface, IIDFromString, CoLockObjectExternal, OleSaveToStream, CoGetInterfaceAndReleaseStream, CoRegisterClassObject, OleSetClipboard, OleCreate, CoTaskMemRealloc
    > VERSION.dll: GetFileVersionInfoSizeA, VerFindFileA, GetFileVersionInfoA
    > COMCTL32.dll: PropertySheetA, ImageList_GetIconSize
    > SHELL32.dll: ExtractIconA, SHFileOperationW, DragFinish
    > USER32.dll: CopyAcceleratorTableW, SetWindowTextW, CheckMenuItem, SetCapture, GetThreadDesktop, CharUpperA, ValidateRect, LoadKeyboardLayoutA, CheckMenuRadioItem, EnableMenuItem, GetClipCursor, DefFrameProcW, PostMessageA, EnumDisplayDevicesA, LoadMenuIndirectA, IsCharAlphaA, GetFocus, SetClassLongA, EnumDisplaySettingsW, ArrangeIconicWindows, DefDlgProcA, GetPropA, IsCharAlphaNumericA, DrawAnimatedRects, WindowFromPoint, RegisterClassW, RegisterClassExA, GetCursor, GetClassLongA, ActivateKeyboardLayout, GetDlgCtrlID, GetTabbedTextExtentW, GetWindowContextHelpId, CallWindowProcW, CreateDesktopA, GetTitleBarInfo, GetWindowRgn, BroadcastSystemMessageW, CharUpperBuffA, DialogBoxIndirectParamA, ShowScrollBar, DeferWindowPos, CopyImage, FindWindowExA, CopyRect, ChangeMenuA, CountClipboardFormats, SetUserObjectSecurity, EndDialog, SwapMouseButton, GetKeyNameTextA, GetQueueStatus, WaitForInputIdle, GetClipboardOwner, GetSubMenu, ScrollWindow, GetDlgItemTextW, SetProcessDefaultLayout, CharPrevW, GetKeyboardLayout, wvsprintfW, LoadBitmapW, GetMonitorInfoW, UnregisterClassW
    > ADVAPI32.dll: QueryServiceObjectSecurity, GetUserNameA, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetServiceDisplayNameW, RegSetValueW, GetUserNameW, GetSecurityInfo, NotifyChangeEventLog, RegOpenKeyExW, CryptGetUserKey, RegisterEventSourceW, SetServiceObjectSecurity, LockServiceDatabase, DeleteAce, RegQueryInfoKeyA, UnlockServiceDatabase, CryptGetHashParam, SetNamedSecurityInfoA, StartServiceCtrlDispatcherW, RegQueryValueExW, InitializeAcl, GetSecurityDescriptorControl, CreateProcessAsUserW, CryptGenRandom, SetSecurityDescriptorSacl, CryptSetKeyParam, EnumDependentServicesW, LookupAccountNameA, CryptExportKey, RegConnectRegistryW, GetFileSecurityA, RegNotifyChangeKeyValue, RegDeleteValueW, RegEnumKeyW, AllocateLocallyUniqueId
    > GDI32.dll: GetTextColor, ExtEscape, SetLayout, PlayEnhMetaFile, EqualRgn, SetTextAlign, SetDIBits, SetROP2, CreateDiscardableBitmap, EnumFontFamiliesW, GetCharacterPlacementA, GetPolyFillMode, GetEnhMetaFileBits, GetTextFaceA, GetROP2
    > OLEAUT32.dll: -, -, -, -, -, -, -
    > MSVCRT.dll: swscanf, iswcntrl, _wfsopen, _strnicoll, printf, asctime, clearerr, _snprintf, strerror, strncpy, towlower, strcspn, _wcslwr, wprintf, iswalnum, _fsopen, realloc, _pipe, freopen, strtok, _strncoll, isprint, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _mbsnbcpy

    ( 0 exports )

    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=41833CB000AD032DD80804BFB9DCAF0023F9B9B0' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=41833CB000AD032DD80804BFB9DCAF0023F9B9B0</a>
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    _________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::

    C:\WINDOWS\system32\NtmsData
    C:\WINDOWS\system32\303362.exe
    C:\WINDOWS\system32\aagmo.exe
    C:\WINDOWS\system32\cqkwa.exe
    C:\WINDOWS\system32\awwcogw.exe
    C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
    c:\windows\system32\iccum.exe
    C:\RECYCLER
    c:\windows\system32\uuimo.exe
    E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­ndowsupdate.com
    S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaettimovr.sys
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
    "iccum"=-
    "uuimo"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ______________________

    mets a jour internet explorer

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ________________________

    colle un scan avec un des deux suivant pour etre sûr que c'est bon!

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  9. Mimasu Messages postés 18 Statut Membre
     
    Pendant le scan de Combofix je n'ai pas eu cette étape " Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. "

    Par contre j'ai eu une demande d'installation d'une console à propos de windows ( je ne me souviens plus très bien ) qu'il vallait mieux installer, ce que j'ai fais.
    Il y a aussi eu une alerte me prévenant que Google à bloqué un programme qui tentait de changer les paramètres, il fallait cliqué pour modifier ces paramètres ce que je n'ai pas fait puisqu'il fallait toucher à rien.

    Donc j'espère ne pas avoir fais de bétise.

    raports

    ComboFix 09-02-21.01 - CECILE 2009-02-22 14:37:44.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.254.73 [GMT 1:00]
    Lancé depuis: c:\documents and settings\CECILE\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\CECILE\Bureau\CFscript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\CECILE\Application Data\inst.exe
    c:\windows\b138.exe.bin
    c:\windows\dialerexe.ini
    c:\windows\msettings.ini
    c:\windows\N039_jpg.zip
    c:\windows\pack.epk
    c:\windows\system32\303362.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\bgcjnz_navfx.dat
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\Microsoft\backup.ftp
    c:\windows\system32\Microsoft\backup.tftp
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\uniq.tll
    c:\windows\system32\uuimo.dat
    c:\windows\system32\uuimo.exe
    c:\windows\system32\uuimo_navps.dat
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\winlogon2.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_seneka

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-22 14:46 . 2009-02-22 14:49 294 --a------ c:\windows\system32\iccum_navps.dat
    2009-02-22 10:48 . 2009-02-22 10:48 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Malwarebytes
    2009-02-22 10:37 . 2009-02-22 10:38 <REP> d----c--- C:\rsit
    2009-02-22 09:29 . 2009-02-22 14:47 <REP> d----c--- c:\documents and settings\CECILE\Tracing
    2009-02-22 00:04 . 2009-02-22 00:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-22 00:04 . 2009-02-22 00:04 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-22 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-22 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-21 23:25 . 2009-02-21 23:25 <REP> d-------- c:\program files\Trend Micro
    2009-02-21 20:17 . 2009-02-21 20:17 <REP> d-------- c:\windows\E5431FB5B3EB46C88275F6447131C98A.TMP
    2009-02-21 12:51 . 2009-02-21 12:55 <REP> d-------- c:\windows\system32\NtmsData
    2009-02-17 22:43 . 2009-02-22 14:50 2,937 --a------ c:\windows\system32\iccum.dat
    2009-02-17 22:41 . 2009-02-17 22:41 266,240 --a------ c:\windows\system32\iccum.exe
    2009-02-14 23:25 . 2009-02-14 23:25 225,280 --a------ c:\windows\system32\aagmo.exe
    2009-02-09 16:10 . 2009-02-09 16:10 <REP> d----c--- c:\documents and settings\CECILE\Application Data\vlc
    2009-02-09 16:06 . 2009-02-09 16:06 <REP> d-------- c:\program files\VideoLAN
    2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
    2009-02-04 10:07 . 2009-02-04 10:07 224,768 --a------ c:\windows\system32\cqkwa.exe
    2009-01-29 23:09 . 2009-01-29 23:09 317,440 --a------ c:\windows\system32\awwcogw.exe
    2009-01-28 22:12 . 2009-01-28 22:12 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Yahoo!
    2009-01-28 22:09 . 2009-02-21 18:45 <REP> d-------- c:\program files\Yahoo!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-22 13:44 --------- dc----w c:\documents and settings\CECILE\Application Data\WTablet
    2009-02-22 13:01 --------- d-----w c:\program files\Fichiers communs\EPSON
    2009-02-22 13:01 --------- d-----w c:\program files\EPSON
    2009-02-22 12:34 --------- d-----w c:\program files\Google
    2009-02-21 22:04 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2009-02-21 18:44 --------- d-----w c:\program files\MSXML 4.0
    2009-02-21 17:40 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-02-21 11:04 --------- dc----w c:\documents and settings\CECILE\Application Data\OpenOffice.org2
    2009-02-19 10:41 --------- d-----w c:\program files\Windows Live
    2009-02-17 22:47 --------- d-----w c:\program files\DivX
    2009-01-25 17:11 --------- d-----w c:\program files\Shareaza
    2009-01-04 16:18 --------- d-----w c:\program files\Audacity
    2009-01-02 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-02 14:38 --------- d-----w c:\program files\NETGEAR
    2009-01-02 14:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-12-27 14:53 --------- dc----w c:\documents and settings\All Users\Application Data\Adobe Systems
    2008-12-26 14:40 606,848 ----a-w c:\windows\flashax.exe
    2008-12-26 14:40 12,288 ----a-w c:\windows\impborl.dll
    2008-12-25 18:31 --------- d-----w c:\program files\eMule
    2008-12-25 09:59 --------- d-----w c:\program files\ASUS
    2008-12-24 15:40 --------- dc----w c:\documents and settings\All Users\Application Data\espionServerData
    2008-12-24 15:33 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
    2008-12-24 15:20 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
    2008-12-24 14:45 --------- dc----w c:\documents and settings\CECILE\Application Data\Ambient Design
    2008-12-24 14:35 --------- dc----w c:\documents and settings\CECILE\Application Data\Bamboo Scribe
    2008-12-24 14:03 --------- d-----w c:\program files\PenLauncher
    2008-12-24 12:45 --------- d-----w c:\program files\Tablet
    2008-12-24 12:36 --------- dc----w c:\documents and settings\Invité\Application Data\WTablet
    2008-05-16 16:41 47,360 -c--a-w c:\documents and settings\CECILE\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "iccum"="c:\windows\system32\iccum.exe" [2009-02-17 266240]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-22 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-27 185872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2009-01-02 483412]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-04 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-04 20560]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-24 3032360]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-06-15 17149]
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2009-01-02 43392]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-24 15144]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-uuimo - c:\windows\system32\uuimo.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://fr.yahoo.com
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-22 14:48:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\WTablet\Pen_TabletUser.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-22 14:56:55 - La machine a redémarré [CECILE]
    ComboFix-quarantined-files.txt 2009-02-22 13:56:49

    Avant-CF: 8 331 419 648 octets libres
    Après-CF: 9,317,298,176 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    170 --- E O F --- 2009-02-13 15:05:18

    ________________________________________

    Scan Bitdefender

    Statistiques

    Temps
    00:54:22

    Fichiers
    49638

    Directoires
    4821

    Secteurs de boot
    0

    Archives
    848

    Paquets programmes
    1977

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    4

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    4

    Info sur les moteurs

    Définition virus
    2680774

    Version des moteurs
    AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

    Analyse des plugins
    17

    Archive des plugins
    45

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    4

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
    Détecté avec: Adware.NaviPromo.Gen.3

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
    Supprimé

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
    Détecté avec: Adware.NaviPromo.Gen.3

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
    Supprimé

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
    Infecté par: Trojan.Vundo.GJC

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
    Echec de la désinfection

    C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
    Supprimé

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
    Infecté par: Trojan.Vundo.GJC

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
    Echec de la désinfection

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
    Supprimé
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.

    :processus
    explorer.exe
    :services
    seneka
    :files
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
    C:\WINDOWS\system32\NtmsData
    C:\WINDOWS\system32\303362.exe
    C:\WINDOWS\system32\aagmo.exe
    C:\WINDOWS\system32\cqkwa.exe
    C:\WINDOWS\system32\awwcogw.exe
    C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
    c:\windows\system32\iccum.exe
    C:\RECYCLER
    c:\windows\system32\uuimo.exe
    E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­ndowsupdate.com
    C:\WINDOWS\system32\drivers\senekaettimovr.sys
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
    "iccum"=-
    "uuimo"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________
    0
  11. Mimasu Messages postés 18 Statut Membre
     
    Error: Unable to interpret <:processus > in the current context!
    Error: Unable to interpret <explorer.exe > in the current context!
    ========== SERVICES/DRIVERS ==========
    Unable to stop service seneka .
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe not found.
    C:\WINDOWS\system32\NtmsData moved successfully.
    File/Folder C:\WINDOWS\system32\303362.exe not found.
    C:\WINDOWS\system32\aagmo.exe moved successfully.
    C:\WINDOWS\system32\cqkwa.exe moved successfully.
    C:\WINDOWS\system32\awwcogw.exe moved successfully.
    C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP moved successfully.
    c:\windows\system32\iccum.exe moved successfully.
    File/Folder C:\RECYCLER not found.
    File/Folder c:\windows\system32\uuimo.exe not found.
    File/Folder E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­­ndowsupdate.com not found.
    File/Folder C:\WINDOWS\system32\drivers\senekaettimovr.sys not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\CECILE\LOCALS~1\Temp\~DFC6F5.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02222009_165406

    Files moved on Reboot...
    C:\DOCUME~1\CECILE\LOCALS~1\Temp\~DFC6F5.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat moved successfully.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapport rsit et dis nous comment se comporte ton pc
    0
  13. Mimasu Messages postés 18 Statut Membre
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CECILE at 2009-02-22 19:57:15
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 9 GB (46%) free of 19 GB
    Total RAM: 254 MB (36% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:57:54, on 22/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Documents and Settings\CECILE\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\CECILE.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    0
  14. Mimasu Messages postés 18 Statut Membre
     
    Bon et bien mon ordinateur est débarrassé du virus enfin en tout cas mon fond d'écran est débloqué, plus d'alertes ect...
    Maintenant il est toujours un peu lent mais ça je suppose qu'il faudra que je fasse un nettoyage de programmes qui ne servent à rien.
    Voilà Merci beacoup pour m'avoir débarrasé de ce rogue.
    Dernière question qu'est ce que je fait de tout ces logiciels que j'ai installé ?
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    lance hijakchits, fais DO a system scan only et fixe ces lignes (fix cheked)

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum

    ____________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    c:\windows\system32\iccum.exe
    C:\RECYCLER
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "iccum"=-

    Enregistre ce fichier sous le nom CFscript (attention aux majuscules)

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ______________________

    mets a jour internet explorer

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ________________________

    a plus
    0
  16. Mimasu Messages postés 18 Statut Membre
     
    voilà

    ComboFix 09-02-21.01 - CECILE 2009-02-22 20:36:39.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.254.81 [GMT 1:00]
    Lancé depuis: c:\documents and settings\CECILE\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\CECILE\Bureau\CFscript
    AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\iccum.dat
    c:\windows\system32\iccum_navps.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-22 20:34 . 2009-02-22 20:34 <REP> d----c--- C:\32788R22FWJFW
    2009-02-22 16:54 . 2009-02-22 16:54 <REP> d----c--- C:\_OTMoveIt
    2009-02-22 15:20 . 2009-02-22 16:24 <REP> d-------- c:\windows\BDOSCAN8
    2009-02-22 10:48 . 2009-02-22 10:48 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Malwarebytes
    2009-02-22 10:37 . 2009-02-22 10:38 <REP> d----c--- C:\rsit
    2009-02-22 09:29 . 2009-02-22 20:25 <REP> d----c--- c:\documents and settings\CECILE\Tracing
    2009-02-22 00:04 . 2009-02-22 00:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-22 00:04 . 2009-02-22 00:04 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-22 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-22 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-21 23:25 . 2009-02-21 23:25 <REP> d-------- c:\program files\Trend Micro
    2009-02-09 16:10 . 2009-02-09 16:10 <REP> d----c--- c:\documents and settings\CECILE\Application Data\vlc
    2009-02-09 16:06 . 2009-02-09 16:06 <REP> d-------- c:\program files\VideoLAN
    2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
    2009-01-28 22:12 . 2009-01-28 22:12 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Yahoo!
    2009-01-28 22:09 . 2009-02-21 18:45 <REP> d-------- c:\program files\Yahoo!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-22 15:57 --------- dc----w c:\documents and settings\CECILE\Application Data\WTablet
    2009-02-22 13:01 --------- d-----w c:\program files\Fichiers communs\EPSON
    2009-02-22 13:01 --------- d-----w c:\program files\EPSON
    2009-02-22 12:34 --------- d-----w c:\program files\Google
    2009-02-21 22:04 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2009-02-21 18:44 --------- d-----w c:\program files\MSXML 4.0
    2009-02-21 17:40 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-02-21 11:04 --------- dc----w c:\documents and settings\CECILE\Application Data\OpenOffice.org2
    2009-02-19 10:41 --------- d-----w c:\program files\Windows Live
    2009-02-17 22:47 --------- d-----w c:\program files\DivX
    2009-01-25 17:11 --------- d-----w c:\program files\Shareaza
    2009-01-04 16:18 --------- d-----w c:\program files\Audacity
    2009-01-03 10:37 260,096 ----a-w c:\windows\system32\gsqsecw.exe
    2009-01-02 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-02 14:38 --------- d-----w c:\program files\NETGEAR
    2009-01-02 14:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-12-31 16:03 221,184 ----a-w c:\windows\system32\wssyc.exe
    2008-12-29 11:08 212,992 ----a-w c:\windows\system32\wmymcgk.exe
    2008-12-27 14:53 --------- dc----w c:\documents and settings\All Users\Application Data\Adobe Systems
    2008-12-26 14:40 606,848 ----a-w c:\windows\flashax.exe
    2008-12-26 14:40 12,288 ----a-w c:\windows\impborl.dll
    2008-12-25 18:31 --------- d-----w c:\program files\eMule
    2008-12-25 09:59 --------- d-----w c:\program files\ASUS
    2008-12-24 15:40 --------- dc----w c:\documents and settings\All Users\Application Data\espionServerData
    2008-12-24 15:33 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
    2008-12-24 15:20 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
    2008-12-24 14:45 --------- dc----w c:\documents and settings\CECILE\Application Data\Ambient Design
    2008-12-24 14:35 --------- dc----w c:\documents and settings\CECILE\Application Data\Bamboo Scribe
    2008-12-24 14:03 --------- d-----w c:\program files\PenLauncher
    2008-12-24 12:45 --------- d-----w c:\program files\Tablet
    2008-12-24 12:36 --------- dc----w c:\documents and settings\Invité\Application Data\WTablet
    2008-12-21 14:28 282,624 ----a-w c:\windows\system32\iiikiys.exe
    2008-12-21 10:06 220,672 ----a-w c:\windows\system32\ogkaa.exe
    2008-11-27 17:12 361,984 ----a-w c:\windows\system32\sougskm.exe
    2008-05-16 16:41 47,360 -c--a-w c:\documents and settings\CECILE\Application Data\pcouffin.sys
    2003-06-20 02:05 49,776 ----a-w c:\windows\inf\usbhub20.sys
    2003-06-20 02:05 24,752 ----a-w c:\windows\inf\hidclass.sys
    2003-06-20 02:05 20,688 ----a-w c:\windows\inf\usbd.sys
    2003-06-20 02:05 19,728 ----a-w c:\windows\inf\usbehci.sys
    2003-06-20 02:05 138,288 ----a-w c:\windows\inf\usbport.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-22_14.55.06.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-22 14:21:02 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
    + 2009-02-22 14:21:02 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
    + 2009-02-22 14:21:03 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
    + 2009-02-22 14:21:06 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
    + 2006-05-25 00:21:00 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
    + 2006-05-25 00:21:14 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
    + 2009-02-22 14:21:08 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
    + 2009-02-22 14:21:03 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
    + 2006-05-25 00:22:06 53,248 ----a-w c:\windows\bdoscandel.exe
    + 2006-05-25 00:21:00 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
    + 2006-05-25 00:21:14 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
    + 2009-02-22 15:57:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-22 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-27 185872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2009-01-02 483412]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-04 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-04 20560]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-24 3032360]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-06-15 17149]
    S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2009-01-02 43392]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-24 15144]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://fr.yahoo.com
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-22 20:41:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-02-22 20:45:25
    ComboFix-quarantined-files.txt 2009-02-22 19:45:11
    ComboFix2.txt 2009-02-22 13:56:59

    Avant-CF: 9 056 944 128 octets libres
    Après-CF: 9,131,393,024 octets libres

    151 --- E O F --- 2009-02-13 15:05:18
    0
  17. Mimasu Messages postés 18 Statut Membre
     
    C'est fait
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapoprt rsit pour verifier que tout es ok
    0
  19. Mimasu Messages postés 18 Statut Membre
     
    voilà

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CECILE at 2009-02-22 21:43:59
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 9 GB (45%) free of 19 GB
    Total RAM: 254 MB (11% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:54, on 22/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Documents and Settings\CECILE\Bureau\RSIT.exe
    C:\Documents and Settings\CECILE\Bureau\CECILE.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    0
  • 1
  • 2