Sujet Précédent Sujet Suivant

Probléme Antivirus xp pro 2009

Résolu/Fermé
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009 - 22 févr. 2009 à 09:53
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 févr. 2009 à 22:10
Bonjour,
Depuis 2 jours, j'ai un problème avec le virus "Antivirus xp pro 2009" Je n'arrive pas du tout à m'en séparer...
J'ai plusieur alertes s'affichant toutes les 5 minutes
" Warning! Sécurity report Your computer is infected! It's recommended to start spyware cleaner tool"

Et un fond d'écrant réccurent de même genre que les alertes.

J'ai compris qu'il fallait faire des scan avec d’Hijackthis, SmitfraudFix ... Mais mon niveau informatique ne me permet pas d'interprèter de façon correct les rapports donc si quelqu'un peut le faire à ma place je lui en serais très reconnaisante.

Voilà je sais bien qu'il y a plusieur poste exactement pareil mais comme chaque cas est différents je ne peut pas vraiment m'aider avec.

En Espérant un réponse
Merci d'avance
Mimasu
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 10:19
slt

colle un rapport smitfraudfix
avec l'option 1

et




Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 10:42
Merci ^^

Voila les rapports

SmitFraudFix v2.398

Rapport fait à 10:36:57,65, 22/02/2009
Executé à partir de C:\Documents and Settings\CECILE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\SetPoints.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\iccum.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CECILE\Bureau\RSIT.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CECILE


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CECILE\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CECILE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CECILE\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\System32\\ntos.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{178D8286-23EB-423F-91DD-0EDE1E1DF1C4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{178D8286-23EB-423F-91DD-0EDE1E1DF1C4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin






____________________________________





log :

Logfile of random's system information tool 1.05 (written by random/random)
Run by CECILE at 2009-02-22 10:37:02
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (39%) free of 19 GB
Total RAM: 254 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:44, on 22/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\SetPoints.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\iccum.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CECILE\Bureau\RSIT.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\CECILE.exe
C:\Documents and Settings\CECILE\Bureau\SmitfraudFix\IEDFix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Update] SetPoints.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] SetPoints.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\nsinet.exe /res
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
O4 - HKCU\..\Run: [uuimo] "c:\windows\system32\uuimo.exe" uuimo
O4 - HKCU\..\Run: [AntivirusXP.exe] C:\Program Files\AntivirusXP\AntivirusXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
0
Réponse 3 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 10:44
ok


installe malwarebyte et mets le a jour puis colle un scan rapide avec

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


et vire tout ce qui est trouvé


puis remets un rapport RSIT


a plus
0
Réponse 4 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 13:05
Les rapports,

sinon est ce que tu sais pourquoi quand je faisais un scan avec avast (en présence d'antivirus xp pro ) mon ordi se bloquait pendant le scan ?



Malwarebytes' Anti-Malware 1.34
Database version: 1789
Windows 5.1.2600 Service Pack 2

22/02/2009 12:47:35
mbam-log-2009-02-22 (12-47-35).txt

Scan type: Quick Scan
Objects scanned: 73356
Time elapsed: 1 hour(s), 38 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 7
Registry Data Items Infected: 7
Folders Infected: 7
Files Infected: 35

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{9ca1536d-5689-40ca-b92a-f646301517d7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{09dc28c6-bce2-42b1-b3ea-8ab82f0f3b0a} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntivirusXP.exe (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Invité\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Les Backrooms.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Thumbs.db (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Insider\UnInstall.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invité\Application Data\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\CECILE\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\CECILE\Bureau\AntivirusXP.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsinet.exe (Adware.InstantAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SetPoints.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iccum_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuimo_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgyiugs_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iccum_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuimo_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgyiugs_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaevxtuirx.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaibmqpbav.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekajkdkifxj.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekamtnqwbwb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekanstidvbe.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaybiqxowp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaettimovr.sys (Trojan.Agent) -> Delete on reboot.







___________





Logfile of random's system information tool 1.05 (written by random/random)
Run by CECILE at 2009-02-22 12:55:02
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 7 GB (39%) free of 19 GB
Total RAM: 254 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:48, on 22/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\uuimo.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\CECILE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\CECILE.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
O4 - HKCU\..\Run: [uuimo] "c:\windows\system32\uuimo.exe" uuimo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 13:38
analyse ces 6 fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

C:\WINDOWS\system32\NtmsData
C:\WINDOWS\system32\303362.exe
C:\WINDOWS\system32\aagmo.exe
C:\WINDOWS\system32\sirenacm.dll
C:\WINDOWS\system32\cqkwa.exe
C:\WINDOWS\system32\awwcogw.exe






rq :antivirus xP pro est un rogue et donc un espion, sont but est aussi de bloquer les protection , c'est pourquoi avast ne marchait pas!

___________


je me mets ceci de coté:



C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
c:\windows\system32\iccum.exe
C:\RECYCLER
c:\windows\system32\uuimo.exe
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaettimovr.sys

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iccum"=-
"uuimo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]
0
Réponse 6 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 14:06
C:\WINDOWS\system32\NtmsData
0 bytes size received / Se ha recibido un archivo vacio




C:\WINDOWS\system32\303362.exe

Fichier 303362.exe_ reçu le 2009.02.22 13:55:59 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 17/39 (43.59%)


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 TR/Dldr.Agent.GTZ
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.02.21 SHeur2.QPR
BitDefender 7.2 2009.02.22 Trojan.Vundo.GJC
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 Trojan.Rootkit-1499
Comodo 984 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 Trojan.Fakealert.3952
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 Win32/FakeAlert.ABL
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.22 Trojan.Win32.Monder.bdnr
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.22 Trojan.Vundo.GJC
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 Trojan.Win32.Monder.bdnr
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 Program:Win32/Antivirus2009
NOD32 3877 2009.02.22 Win32/TrojanDownloader.FakeAlert.YV
Norman 6.00.06 2009.02.20 W32/DLoader.NMHG
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 Medium Risk Malware
Rising 21.17.62.00 2009.02.22 Trojan.Win32.Nodef.dlm
SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dldr.Agent.GTZ
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -

Information additionnelle
File size: 26624 bytes
MD5...: 3476b1762a900e9ed70bb1b66d3425e5
SHA1..: f4ed7da7bfb0765a5efa31b507ad9e1ced3bf2fa
SHA256: ca3f3777a1fe39fcce238f2639a997310f1bf2e109b5b4492797f226cc903bb3
SHA512: ea04303351f2547d0d914134f381907ae2d29b4ed698dd54330e52028f12a852
def7d3baeb15b2a28910fe409b0ed5ec46e5eac43032ae5276e8407e9a8779b6
ssdeep: 768:A+fu/JNYcMBrbbuqnMGSObv/ZA60GIlFAZ:AFzYc2rbban0m6wlFAZ

PEiD..: -
TrID..: File type identification
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404c89
timedatestamp.....: 0x47d007a3 (Thu Mar 06 15:02:59 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5007 0x5200 7.66 e3fc147dd05724e2bf956c854189af8d
.rdata 0x7000 0x3eb 0x400 0.69 4ee14d1670b4824f589d3c7602e17aea
.data 0x8000 0xb2d 0xa00 5.86 398c4651d3c1cbfcf45248dd217f42e7
.rsrc 0x9000 0x3d8 0x400 3.33 3908604304b040b44fd757325ad35717

( 5 imports )
> GDI32.dll: CreateCompatibleDC, GetTextMetricsA, CreatePen, GetDeviceCaps, EndDoc, Polyline, Ellipse, RectInRegion, GetBkColor, ExtTextOutA, BitBlt, GetStockObject, RestoreDC, StartPage, SelectObject, SetROP2, GetTextExtentPoint32A, SetMapMode, CreateSolidBrush, SetBkColor, CreateRectRgnIndirect, CreateDIBSection, SetTextColor, Rectangle
> USER32.dll: EnumWindows, FrameRect, LoadCursorA, RegisterClassExA, GetWindowThreadProcessId, RedrawWindow, InsertMenuA, IntersectRect, RemoveMenu, LoadImageA, RegisterWindowMessageA, SendMessageTimeoutA, EnableWindow, ReleaseCapture, InvalidateRect, DialogBoxParamA, FindWindowExA, DispatchMessageA, SetWindowPlacement, PostQuitMessage, TrackPopupMenuEx, GetMessageA, UnionRect, BeginPaint, GetDlgItemTextA, EndDialog, GetPropA, DestroyWindow, OffsetRect, SetCapture, GetSubMenu, MapWindowPoints
> ole32.dll: CoRevokeClassObject, CoUninitialize, OleSave, CoTreatAsClass, CoLockObjectExternal, OleCreateEmbeddingHelper, CoSuspendClassObjects, OleDuplicateData, CoRegisterMessageFilter, OleCreateFromFileEx, OleCreateLinkEx, OleRegGetMiscStatus, CoGetInterfaceAndReleaseStream, BindMoniker, CoDisconnectObject, CoGetCurrentProcess, CoFreeAllLibraries, OleTranslateAccelerator, CoDosDateTimeToFileTime, CoFileTimeToDosDateTime, OleCreate
> MSVCRT.dll: _controlfp, strcpy, _beginthread, ftell, _waccess, strlen, _wfopen, strcspn, srand, _stricmp, _chdir, strcmp, wcsrchr, strchr, _exit, wcscpy, memcmp, _itow, wcsncpy, __setusermatherr, _wsplitpath
> KERNEL32.dll: IsValidLocale, InterlockedExchange, OpenProcess, CompareStringA, SetEnvironmentVariableA, LCMapStringW, GetFileType, PulseEvent, GetExitCodeThread, GetDriveTypeA, LoadResource, GlobalUnlock, VirtualAlloc, WideCharToMultiByte, QueryPerformanceCounter, CreateProcessA, IsValidCodePage, FlushFileBuffers, GetLocaleInfoA

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0ABEB0A700BD7D9E68BF005521D78200DF8395A7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0ABEB0A700BD7D9E68BF005521D78200DF8395A7</a>


C:\WINDOWS\system32\aagmo.exe
Fichier aagmo.exe_ reçu le 2009.02.22 14:00:01 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 2/35 (5.72%)


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.21 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
Fortinet 3.117.0.0 2009.02.22 -
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3877 2009.02.22 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 -
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -


Information additionnelle
File size: 225280 bytes
MD5...: 409c8a198a95131ffc5b8d69b642f3d5
SHA1..: 5599e1f397c101e39a5f32eacbcb43bd9cc7b61c
SHA256: bd3ba8c5736f6217349c050c1a427d22b90ad5bd477831c1dd1274f477607b68
SHA512: 4152f50915541d45c5bc323f6a0e6db81765f6b2e2ca19420866cc6beddaeb04
3dfa576d5237e252b4c858acd54032ae40a2bfa594a66a55e4cc0ff3de808797
ssdeep: 3072:Ugmb9WvwnP8ihhQx+OLfWTnnCao/Svd3Ekcqb0n2fNjIHV3B9RTCsIxdKna
PhMLu:CpXwx+UfWTnnCqFEkpwn2fNjAo7hMLu

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4318ac
timedatestamp.....: 0x43ce1e8b (Wed Jan 18 10:55:07 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x30a36 0x31000 7.41 de42394c7ce8e727ce83dcad200b936d
.rdata 0x32000 0x12a0 0x2000 3.79 d52873708a8d6bafcedcf7c750ca04a2
.data 0x34000 0x2bac 0x3000 5.28 17b00eaa06ac59a8e335b707160ca560

( 11 imports )
> GDI32.dll: SetTextAlign, FrameRgn, SetWindowOrgEx, PolyBezier, CreateEllipticRgnIndirect, PlayMetaFile, RealizePalette, FillRgn, CreateHalftonePalette, GetObjectType, CopyEnhMetaFileA
> ole32.dll: OleCreate, CoLockObjectExternal, CoDisconnectObject
> SHELL32.dll: SHAddToRecentDocs, DragQueryPoint, Shell_NotifyIconW, SHGetDesktopFolder, SHGetSettings
> WS2_32.dll: -, -, WSASocketW, -, -, -, WSAInstallServiceClassW, WSADuplicateSocketA, WSARecvFrom, WSAEnumNetworkEvents, -, WSAResetEvent, -, WSASendDisconnect, -, -, -, -, WSALookupServiceBeginA
> ADVAPI32.dll: DestroyPrivateObjectSecurity, SetTokenInformation, SetServiceObjectSecurity, MakeAbsoluteSD, GetPrivateObjectSecurity, RegUnLoadKeyA, StartServiceCtrlDispatcherW, CryptDeriveKey, GetSecurityInfo, SetServiceStatus, MakeSelfRelativeSD
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
> comdlg32.dll: ChooseColorW, GetFileTitleW
> VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA
> KERNEL32.dll: GetStringTypeExW, DosDateTimeToFileTime, CreateDirectoryA, _hread, CreateFileW, ReadConsoleInputW, FormatMessageW, GetDriveTypeW, lstrcpyA, InitializeCriticalSection, GlobalReAlloc, GetHandleInformation, PeekConsoleInputW, CreateWaitableTimerA, GetWindowsDirectoryA, SetConsoleMode, GetDiskFreeSpaceW, EnumDateFormatsW, GetUserDefaultLCID, VirtualQueryEx, FreeLibraryAndExitThread, EnumSystemCodePagesA, ReleaseSemaphore, lstrcmpiA, GlobalUnlock, SystemTimeToFileTime, GetTempPathW, GetModuleHandleA, ReadFile, SetEvent, ReadConsoleA, SetConsoleCursorPosition, GetCommandLineW, WaitNamedPipeA, MultiByteToWideChar, GetCompressedFileSizeW, WritePrivateProfileStructA, GlobalFindAtomW, SetProcessWorkingSetSize, FindCloseChangeNotification, PrepareTape, GetLongPathNameA, SetConsoleOutputCP, GetComputerNameW, ExpandEnvironmentStringsW, EnumResourceNamesA, GetCurrentDirectoryW, GetDriveTypeA, VirtualAlloc, lstrlenA, GetACP, GetStartupInfoA
> USER32.dll: UnregisterHotKey, CascadeWindows, RegisterClipboardFormatW, SetDlgItemInt, CreateDialogParamA, SetMenuItemInfoW, GetSysColorBrush, EnumDesktopsW, IsCharUpperW, GetUpdateRect, DefWindowProcW, GetPropA, IsCharLowerA, IsZoomed, SetMenu, LookupIconIdFromDirectory, LoadMenuW, FlashWindow, CreateIcon, MapWindowPoints, AppendMenuA, InsertMenuA, GetCapture, CreateAcceleratorTableA, ChildWindowFromPoint
> MSVCRT.dll: _except_handler3, __set_app_type, __p__fmode, _controlfp, _write, longjmp, _dup, _fileno, _mbschr, _strcmpi, _wsplitpath, wcscat, _mbslen, free, _wgetenv, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _wputenv, ftell, strncpy, _mbsnbcnt, _access, isdigit, _mbsicmp, _snprintf, _wmakepath, _spawnv, _wcsnset, _ismbcdigit, _chmod, _wtoi, getenv, _dup2, _unlink, isalpha

( 0 exports )
0
Réponse 7 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 14:13
C:\WINDOWS\system32\sirenacm.dll

Fichier sirenacm.dll_ reçu le 2009.02.22 14:05:10 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/38 (0%)


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 -
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.22 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.22 -
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 -
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3877 2009.02.22 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 -
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 -
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Information additionnelle
File size: 49504 bytes
MD5...: e5830533c13f30407e76c0584778aa4d
SHA1..: 07e29bd5e118a576f9c4a4bd0c0cc165e8271213
SHA256: a8ab6ce2155d02713ed245537ea85a99f58bc7a958849fb7e61f213505d36889
SHA512: 23cf460aab9316bf4c482dc02ef9ede9d9b0c0f8cdb153be1ad71612695b4bc0
e82fa231a37e5f4c156546ed6792de258545314d53b36470ce13b54fc54b7be2
ssdeep: 768:8ySaFg2/meIKQZ731i7NkDnwOWt8JLxCZt9437cO3eDLB+x8va/iSjpvuC:i
aFgqmeIF7lkN2nwOAc9Cnws+mS5h

PEiD..: -
TrID..: File type identification
Windows Audio Compression Manager driver (85.9%)
Win32 Executable Generic (9.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4020dd
timedatestamp.....: 0x498cf57f (Sat Feb 07 02:44:15 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4eff 0x5000 6.56 d46f4ee37946e98e10b5e024190d57a7
.data 0x6000 0xa904 0x4200 6.24 117c18a2a22bc2e1939299ad5693db82
.rsrc 0x11000 0x7a0 0x800 4.15 cdc16b3fe5ce4b1b67534dbba3de8da4
.reloc 0x12000 0x676 0x800 4.31 ce32f4fbbfaab60d24191b62765bf518

( 4 imports )
> MSVCR80.dll: _unlock, __dllonexit, _lock, _onexit, __clean_type_info_names_internal, _crt_debugger_hook, _CIcos, __3@YAXPAX@Z, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, free, _malloc_crt, _encode_pointer, memset, memcpy, _except_handler4_common, _CIpow, _CIsqrt, _CIsin
> USER32.dll: LoadStringW
> KERNEL32.dll: LocalAlloc, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, LocalFree
> WINMM.dll: DefDriverProc, GetDriverModuleHandle

( 15 exports )
DriverProc, Siren7_DecodeFrame, Siren7_EncodeFrame, Siren7_InitDecoderContext, Siren7_InitEncoderContext, Siren7_SizeofBitstream, Siren7_SizeofDecoderContext, Siren7_SizeofEncoderContext, _Siren7_DecodeFrame@16, _Siren7_EncodeFrame@16, _Siren7_InitDecoderContext@4, _Siren7_InitEncoderContext@4, _Siren7_SizeofBitstream@4, _Siren7_SizeofDecoderContext@0, _Siren7_SizeofEncoderContext@0



C:\WINDOWS\system32\cqkwa.exe
Fichier cqkwa.exe_ reçu le 2009.02.22 14:08:35 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 2/39 (5.13%)


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.22 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 984 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.22 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.22 -
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 -
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3877 2009.02.22 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 -
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Information additionnelle
File size: 224768 bytes
MD5...: 82b47b5d1a5844a692bd0dfca06d0e24
SHA1..: ba4946298898a8b84c3bffd2727fae9b767c847c
SHA256: 797a569936994218577b91e5128d064bc62c305bec2cfa5ade6768abed886911
SHA512: fb1d7cee56f7a69efc6408e64d52195606bb0af1e422c8964cf54cba9174ece3
1f045312c20c870744ac74c16a57e71dd8471513bc6be7cda073c1c2f2560872
ssdeep: 3072:M/V6K/V98DKyHy5oV1d/B0eIyobE8NOZGBJ0rA5lkfpvaJZISAlkUFujslB
Z41Vi:aP8DH1hobEAfl5GfpvvGoqiBgJo

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x432b6e
timedatestamp.....: 0x43f0d1fe (Mon Feb 13 18:37:50 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x31cfc 0x31e00 7.44 cdf00222283265f77df6e6f14fa341a6
.rdata 0x33000 0x1636 0x1800 5.28 ef591de94e3cc6e73b3ac02292a88f38
.data 0x35000 0x325c 0x3400 5.48 c745a7eb04b3cb065ffdcbf26e9c55d5

( 12 imports )
> WS2_32.dll: WSAConnect, WSASocketW, -, -, WSAGetQOSByName, -, -, -, -, WSAEnumProtocolsW, -, -, WSAGetServiceClassInfoW, -, WSAAddressToStringW, WSAAccept, -
> SHELL32.dll: DragFinish, SHFileOperationW, SHGetSpecialFolderPathW
> ole32.dll: CoReleaseMarshalData
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
> VERSION.dll: VerInstallFileA, VerQueryValueA, GetFileVersionInfoA
> COMCTL32.dll: ImageList_DragLeave, ImageList_GetBkColor, ImageList_SetBkColor
> ADVAPI32.dll: InitializeSecurityDescriptor, ImpersonateLoggedOnUser, RegDeleteKeyA, CryptCreateHash, ClearEventLogW, CryptHashData
> GDI32.dll: GetViewportExtEx, ExtCreatePen, TextOutW, PlayMetaFileRecord, AddFontResourceA, GetTextMetricsA, RealizePalette, ScaleWindowExtEx, GetGlyphOutlineW
> comdlg32.dll: CommDlgExtendedError, GetOpenFileNameA
> USER32.dll: SystemParametersInfoW, DispatchMessageA, GetProcessWindowStation, CallWindowProcA, GetScrollBarInfo, MapVirtualKeyExW, IsWindowVisible, SetRect, LockWindowUpdate, PeekMessageA, HideCaret, AttachThreadInput, RegisterWindowMessageW, UnregisterDeviceNotification, GetUpdateRect, WindowFromPoint, TileWindows, ClipCursor, LoadImageA, ClientToScreen, DrawIconEx, DrawTextExA, EnumDesktopsW, SetWindowContextHelpId, GetMonitorInfoA, GetClassInfoW, GetClassInfoA, GetDC, GetWindowContextHelpId, DragDetect, RedrawWindow, RegisterClipboardFormatA, UnhookWindowsHook, EnumWindowStationsW
> KERNEL32.dll: GetOverlappedResult, UnmapViewOfFile, WriteProcessMemory, GetCompressedFileSizeW, FatalAppExitA, GetThreadPriority, VirtualProtect, FlushFileBuffers, SizeofResource, SystemTimeToFileTime, ScrollConsoleScreenBufferA, GetSystemInfo, VirtualLock, lstrcmpA, GlobalFlags, GlobalGetAtomNameW, ReadFileScatter, SetConsoleTitleA, ConnectNamedPipe, GetSystemTimeAsFileTime, GetCurrentProcess, GetDiskFreeSpaceW, FileTimeToLocalFileTime, FindCloseChangeNotification, VirtualQuery, SetTimeZoneInformation, VirtualAllocEx, GlobalAddAtomA, SetThreadAffinityMask, SetEndOfFile, GetCurrentDirectoryW, CreatePipe, GlobalAddAtomW, EnumResourceNamesA, EnumTimeFormatsW, SwitchToFiber, SetFileAttributesA, GlobalReAlloc, IsDBCSLeadByteEx, SetSystemTime, SuspendThread, SetProcessShutdownParameters, EnumSystemCodePagesA, WritePrivateProfileStructA, _hread, GetProcessTimes, CreateFileW, SetVolumeLabelA, EraseTape, EnumResourceLanguagesW, DuplicateHandle, FormatMessageA, GetSystemDirectoryW, GetStartupInfoA, GetNumberFormatW, QueryDosDeviceA, LCMapStringA, lstrcpyA, FreeLibraryAndExitThread, GetOEMCP, SetEvent, SetProcessAffinityMask, GetModuleHandleA, GetFileAttributesExA, CreateDirectoryW, GlobalFindAtomW, EnumDateFormatsW, SetConsoleWindowInfo, GetCommConfig, lstrcatW, CreateDirectoryExA, ReadConsoleOutputA, VirtualAlloc
> MSVCRT.dll: __set_app_type, floor, wcscspn, _mbslen, isalpha, isspace, _ultoa, _popen, mktime, _locking, _wcsdup, localtime, _putws, tmpnam, _mbsnbcmp, wcsncpy, vwprintf, _wcsnicmp, _mbsnbicmp, _unlink, _fcvt, strtod, _fileno, _tzset, _strnicoll, fgetc, toupper, _spawnvp, localeconv, atof, _wstrdate, fscanf, iswspace, _mbsrchr, strcspn, _controlfp, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, iswascii, strrchr, _strlwr, strtok, _wcslwr, _pctype, _chmod, towlower, _umask, _vsnwprintf, _except_handler3, _getch, vprintf, _exit, _XcptFilter, _initterm, __getmainargs, _acmdln, exit

( 0 exports )



C:\WINDOWS\system32\awwcogw.exe


Fichier awwcogw.exe_ reçu le 2009.02.22 14:10:05 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 4/39 (10.26%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.22 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.22 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.22 -
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 -
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3877 2009.02.22 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 High Risk Fraudulent Security Program
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.Dropper.Gen
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 Trojan-Spy.Win32.Ardamax.F (vf)
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Information additionnelle
File size: 317440 bytes
MD5...: 043120fadaad76e877cfcf03f92da4ac
SHA1..: 197043601a83e0640cc915275b3c90d6c4daa7aa
SHA256: 91252996912d36562fc63a8a5407f807eca9995615d960ba8446fd91a0db4b0f
SHA512: 635f4726be4d43bbcdbe44672ef11cfaef2929ae3db40ed07b7b74d4f5322724
e8f4c925ee5b814c399463b3d19d50b135133568407ab11f360922a65e0da327
ssdeep: 6144:/wmNQj51xs6SVOmqxFhVCYefrDnhysrSuTm7slTWRXMSZl3l2G:4mNk51bS
VOmqC/rDn0jNRJ9

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x432c28
timedatestamp.....: 0x42349eae (Sun Mar 13 20:12:30 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x31dbc 0x31e00 7.36 0b35617bee81ae87077055dee94505f9
.rdata 0x33000 0x1dd4 0x1e00 5.54 7b5aa81b5f79da4dd2048a87cca0a1e9
.data 0x35000 0x197ec 0x19800 5.61 90a502df6ce8a6239cddaf48666ae325

( 11 imports )
> KERNEL32.dll: GetStringTypeExW, GetUserDefaultLangID, GetVolumeInformationW, GetCompressedFileSizeW, PrepareTape, GlobalFlags, DeleteFiber, FreeEnvironmentStringsA, GetTempFileNameA, EnumResourceLanguagesW, RaiseException, SetCommMask, lstrcpyA, FileTimeToLocalFileTime, GlobalDeleteAtom, WritePrivateProfileStructA, GetLongPathNameA, OpenSemaphoreW, GlobalUnlock, ExpandEnvironmentStringsW, SetEnvironmentVariableA, GetBinaryTypeW, VirtualLock, SetThreadLocale, CreateNamedPipeW, GetTempPathW, lstrcmpA, GetHandleInformation, VirtualQuery, GetUserDefaultLCID, _llseek, GetThreadPriority, GetConsoleCursorInfo, FindResourceExW, DeleteCriticalSection, GetThreadContext, FindCloseChangeNotification, GlobalFree, LCMapStringA, lstrcatW, GetShortPathNameA, CreateMutexW, IsBadStringPtrA, SetConsoleActiveScreenBuffer, CreateDirectoryExA, GetShortPathNameW, SetLastError, SetEndOfFile, SetConsoleWindowInfo, ExitProcess, ReadConsoleInputW, GetSystemTimeAsFileTime, SetupComm, EnumSystemCodePagesW, SetThreadPriorityBoost, SetSystemTime, OpenMutexA, GetModuleHandleA, LoadResource, SetHandleCount, SetProcessWorkingSetSize, UnmapViewOfFile, LoadLibraryExA, CreatePipe, FormatMessageA, ExitThread, SetEvent, SystemTimeToFileTime, PeekConsoleInputW, SetCommTimeouts, GetTimeZoneInformation, SuspendThread, lstrcpynA, CreateDirectoryA, ReadDirectoryChangesW, SetStdHandle, LoadLibraryExW, DuplicateHandle, EraseTape, UnhandledExceptionFilter, Beep, GetPrivateProfileStringA, GetVersion, FindResourceExA, SetEnvironmentVariableW, SetConsoleCursorPosition, GetOverlappedResult, GetBinaryTypeA, lstrlenA, ReleaseMutex, GetStartupInfoA, VirtualAlloc
> WS2_32.dll: -, -, WSALookupServiceEnd, WSAGetServiceClassInfoW, WSAConnect, WSAInstallServiceClassW, WSARecv, -, WSAAccept, WSAEnumProtocolsW, -, WSAResetEvent, -, -, -
> ole32.dll: CoMarshalInterface, IIDFromString, CoLockObjectExternal, OleSaveToStream, CoGetInterfaceAndReleaseStream, CoRegisterClassObject, OleSetClipboard, OleCreate, CoTaskMemRealloc
> VERSION.dll: GetFileVersionInfoSizeA, VerFindFileA, GetFileVersionInfoA
> COMCTL32.dll: PropertySheetA, ImageList_GetIconSize
> SHELL32.dll: ExtractIconA, SHFileOperationW, DragFinish
> USER32.dll: CopyAcceleratorTableW, SetWindowTextW, CheckMenuItem, SetCapture, GetThreadDesktop, CharUpperA, ValidateRect, LoadKeyboardLayoutA, CheckMenuRadioItem, EnableMenuItem, GetClipCursor, DefFrameProcW, PostMessageA, EnumDisplayDevicesA, LoadMenuIndirectA, IsCharAlphaA, GetFocus, SetClassLongA, EnumDisplaySettingsW, ArrangeIconicWindows, DefDlgProcA, GetPropA, IsCharAlphaNumericA, DrawAnimatedRects, WindowFromPoint, RegisterClassW, RegisterClassExA, GetCursor, GetClassLongA, ActivateKeyboardLayout, GetDlgCtrlID, GetTabbedTextExtentW, GetWindowContextHelpId, CallWindowProcW, CreateDesktopA, GetTitleBarInfo, GetWindowRgn, BroadcastSystemMessageW, CharUpperBuffA, DialogBoxIndirectParamA, ShowScrollBar, DeferWindowPos, CopyImage, FindWindowExA, CopyRect, ChangeMenuA, CountClipboardFormats, SetUserObjectSecurity, EndDialog, SwapMouseButton, GetKeyNameTextA, GetQueueStatus, WaitForInputIdle, GetClipboardOwner, GetSubMenu, ScrollWindow, GetDlgItemTextW, SetProcessDefaultLayout, CharPrevW, GetKeyboardLayout, wvsprintfW, LoadBitmapW, GetMonitorInfoW, UnregisterClassW
> ADVAPI32.dll: QueryServiceObjectSecurity, GetUserNameA, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetServiceDisplayNameW, RegSetValueW, GetUserNameW, GetSecurityInfo, NotifyChangeEventLog, RegOpenKeyExW, CryptGetUserKey, RegisterEventSourceW, SetServiceObjectSecurity, LockServiceDatabase, DeleteAce, RegQueryInfoKeyA, UnlockServiceDatabase, CryptGetHashParam, SetNamedSecurityInfoA, StartServiceCtrlDispatcherW, RegQueryValueExW, InitializeAcl, GetSecurityDescriptorControl, CreateProcessAsUserW, CryptGenRandom, SetSecurityDescriptorSacl, CryptSetKeyParam, EnumDependentServicesW, LookupAccountNameA, CryptExportKey, RegConnectRegistryW, GetFileSecurityA, RegNotifyChangeKeyValue, RegDeleteValueW, RegEnumKeyW, AllocateLocallyUniqueId
> GDI32.dll: GetTextColor, ExtEscape, SetLayout, PlayEnhMetaFile, EqualRgn, SetTextAlign, SetDIBits, SetROP2, CreateDiscardableBitmap, EnumFontFamiliesW, GetCharacterPlacementA, GetPolyFillMode, GetEnhMetaFileBits, GetTextFaceA, GetROP2
> OLEAUT32.dll: -, -, -, -, -, -, -
> MSVCRT.dll: swscanf, iswcntrl, _wfsopen, _strnicoll, printf, asctime, clearerr, _snprintf, strerror, strncpy, towlower, strcspn, _wcslwr, wprintf, iswalnum, _fsopen, realloc, _pipe, freopen, strtok, _strncoll, isprint, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _mbsnbcpy

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=41833CB000AD032DD80804BFB9DCAF0023F9B9B0' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=41833CB000AD032DD80804BFB9DCAF0023F9B9B0</a>
0
Réponse 8 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 14:18
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::


C:\WINDOWS\system32\NtmsData
C:\WINDOWS\system32\303362.exe
C:\WINDOWS\system32\aagmo.exe
C:\WINDOWS\system32\cqkwa.exe
C:\WINDOWS\system32\awwcogw.exe
C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
c:\windows\system32\iccum.exe
C:\RECYCLER
c:\windows\system32\uuimo.exe
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­ndowsupdate.com
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaettimovr.sys
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
"iccum"=-
"uuimo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

______________________

mets a jour internet explorer

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________________

colle un scan avec un des deux suivant pour etre sûr que c'est bon!

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html


Panda en ligne :
http://pandasoftware.fr
0
Réponse 9 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 16:33
Pendant le scan de Combofix je n'ai pas eu cette étape " Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. "

Par contre j'ai eu une demande d'installation d'une console à propos de windows ( je ne me souviens plus très bien ) qu'il vallait mieux installer, ce que j'ai fais.
Il y a aussi eu une alerte me prévenant que Google à bloqué un programme qui tentait de changer les paramètres, il fallait cliqué pour modifier ces paramètres ce que je n'ai pas fait puisqu'il fallait toucher à rien.

Donc j'espère ne pas avoir fais de bétise.




raports

ComboFix 09-02-21.01 - CECILE 2009-02-22 14:37:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.254.73 [GMT 1:00]
Lancé depuis: c:\documents and settings\CECILE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CECILE\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CECILE\Application Data\inst.exe
c:\windows\b138.exe.bin
c:\windows\dialerexe.ini
c:\windows\msettings.ini
c:\windows\N039_jpg.zip
c:\windows\pack.epk
c:\windows\system32\303362.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bgcjnz_navfx.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\uuimo.dat
c:\windows\system32\uuimo.exe
c:\windows\system32\uuimo_navps.dat
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winlogon2.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.

2009-02-22 14:46 . 2009-02-22 14:49 294 --a------ c:\windows\system32\iccum_navps.dat
2009-02-22 10:48 . 2009-02-22 10:48 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Malwarebytes
2009-02-22 10:37 . 2009-02-22 10:38 <REP> d----c--- C:\rsit
2009-02-22 09:29 . 2009-02-22 14:47 <REP> d----c--- c:\documents and settings\CECILE\Tracing
2009-02-22 00:04 . 2009-02-22 00:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 00:04 . 2009-02-22 00:04 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 23:25 . 2009-02-21 23:25 <REP> d-------- c:\program files\Trend Micro
2009-02-21 20:17 . 2009-02-21 20:17 <REP> d-------- c:\windows\E5431FB5B3EB46C88275F6447131C98A.TMP
2009-02-21 12:51 . 2009-02-21 12:55 <REP> d-------- c:\windows\system32\NtmsData
2009-02-17 22:43 . 2009-02-22 14:50 2,937 --a------ c:\windows\system32\iccum.dat
2009-02-17 22:41 . 2009-02-17 22:41 266,240 --a------ c:\windows\system32\iccum.exe
2009-02-14 23:25 . 2009-02-14 23:25 225,280 --a------ c:\windows\system32\aagmo.exe
2009-02-09 16:10 . 2009-02-09 16:10 <REP> d----c--- c:\documents and settings\CECILE\Application Data\vlc
2009-02-09 16:06 . 2009-02-09 16:06 <REP> d-------- c:\program files\VideoLAN
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 10:07 . 2009-02-04 10:07 224,768 --a------ c:\windows\system32\cqkwa.exe
2009-01-29 23:09 . 2009-01-29 23:09 317,440 --a------ c:\windows\system32\awwcogw.exe
2009-01-28 22:12 . 2009-01-28 22:12 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Yahoo!
2009-01-28 22:09 . 2009-02-21 18:45 <REP> d-------- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 13:44 --------- dc----w c:\documents and settings\CECILE\Application Data\WTablet
2009-02-22 13:01 --------- d-----w c:\program files\Fichiers communs\EPSON
2009-02-22 13:01 --------- d-----w c:\program files\EPSON
2009-02-22 12:34 --------- d-----w c:\program files\Google
2009-02-21 22:04 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-02-21 18:44 --------- d-----w c:\program files\MSXML 4.0
2009-02-21 17:40 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-21 11:04 --------- dc----w c:\documents and settings\CECILE\Application Data\OpenOffice.org2
2009-02-19 10:41 --------- d-----w c:\program files\Windows Live
2009-02-17 22:47 --------- d-----w c:\program files\DivX
2009-01-25 17:11 --------- d-----w c:\program files\Shareaza
2009-01-04 16:18 --------- d-----w c:\program files\Audacity
2009-01-02 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 14:38 --------- d-----w c:\program files\NETGEAR
2009-01-02 14:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-27 14:53 --------- dc----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-26 14:40 606,848 ----a-w c:\windows\flashax.exe
2008-12-26 14:40 12,288 ----a-w c:\windows\impborl.dll
2008-12-25 18:31 --------- d-----w c:\program files\eMule
2008-12-25 09:59 --------- d-----w c:\program files\ASUS
2008-12-24 15:40 --------- dc----w c:\documents and settings\All Users\Application Data\espionServerData
2008-12-24 15:33 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-24 15:20 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-12-24 14:45 --------- dc----w c:\documents and settings\CECILE\Application Data\Ambient Design
2008-12-24 14:35 --------- dc----w c:\documents and settings\CECILE\Application Data\Bamboo Scribe
2008-12-24 14:03 --------- d-----w c:\program files\PenLauncher
2008-12-24 12:45 --------- d-----w c:\program files\Tablet
2008-12-24 12:36 --------- dc----w c:\documents and settings\Invité\Application Data\WTablet
2008-05-16 16:41 47,360 -c--a-w c:\documents and settings\CECILE\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"iccum"="c:\windows\system32\iccum.exe" [2009-02-17 266240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-22 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-27 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2009-01-02 483412]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-04 20560]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-24 3032360]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-06-15 17149]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2009-01-02 43392]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-24 15144]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-uuimo - c:\windows\system32\uuimo.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 14:48:17
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Heure de fin: 2009-02-22 14:56:55 - La machine a redémarré [CECILE]
ComboFix-quarantined-files.txt 2009-02-22 13:56:49

Avant-CF: 8 331 419 648 octets libres
Après-CF: 9,317,298,176 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

170 --- E O F --- 2009-02-13 15:05:18





________________________________________


Scan Bitdefender


Statistiques

Temps
00:54:22

Fichiers
49638

Directoires
4821

Secteurs de boot
0

Archives
848

Paquets programmes
1977




Résultats

Virus identifiés
2

Fichiers infectés
4

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
4




Info sur les moteurs

Définition virus
2680774

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
Détecté avec: Adware.NaviPromo.Gen.3

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
Echec de la désinfection

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP418\A0472257.exe
Supprimé

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
Détecté avec: Adware.NaviPromo.Gen.3

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
Echec de la désinfection

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP420\A0475308.exe
Supprimé

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
Infecté par: Trojan.Vundo.GJC

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
Echec de la désinfection

C:\System Volume Information\_restore{9D5D9756-09A3-4643-B04D-AB0822260945}\RP442\A0499876.exe
Supprimé

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
Infecté par: Trojan.Vundo.GJC

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
Echec de la désinfection

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
Supprimé
0
Réponse 10 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 16:40
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.



:processus
explorer.exe
:services
seneka
:files
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe
C:\WINDOWS\system32\NtmsData
C:\WINDOWS\system32\303362.exe
C:\WINDOWS\system32\aagmo.exe
C:\WINDOWS\system32\cqkwa.exe
C:\WINDOWS\system32\awwcogw.exe
C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP
c:\windows\system32\iccum.exe
C:\RECYCLER
c:\windows\system32\uuimo.exe
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­ndowsupdate.com
C:\WINDOWS\system32\drivers\senekaettimovr.sys
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­\Run]
"iccum"=-
"uuimo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}]
:commands
[purity]
[emptytemp]
[start explorer]





clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.



____________
0
Réponse 11 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 17:04
Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service seneka .
========== FILES ==========
File/Folder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C4NC8FA5\lsp[1].exe not found.
C:\WINDOWS\system32\NtmsData moved successfully.
File/Folder C:\WINDOWS\system32\303362.exe not found.
C:\WINDOWS\system32\aagmo.exe moved successfully.
C:\WINDOWS\system32\cqkwa.exe moved successfully.
C:\WINDOWS\system32\awwcogw.exe moved successfully.
C:\WINDOWS\E5431FB5B3EB46C88275F6447131C98A.TMP moved successfully.
c:\windows\system32\iccum.exe moved successfully.
File/Folder C:\RECYCLER not found.
File/Folder c:\windows\system32\uuimo.exe not found.
File/Folder E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wi­­ndowsupdate.com not found.
File/Folder C:\WINDOWS\system32\drivers\senekaettimovr.sys not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4118860c-1a8a-11dc-8bbf-00065b13017b}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CECILE\LOCALS~1\Temp\~DFC6F5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02222009_165406

Files moved on Reboot...
C:\DOCUME~1\CECILE\LOCALS~1\Temp\~DFC6F5.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat moved successfully.
0
Réponse 12 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 18:42
remets un rapport rsit et dis nous comment se comporte ton pc
0
Réponse 13 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 19:59
Logfile of random's system information tool 1.05 (written by random/random)
Run by CECILE at 2009-02-22 19:57:15
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (46%) free of 19 GB
Total RAM: 254 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:54, on 22/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\CECILE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\CECILE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
0
Réponse 14 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 20:03
Bon et bien mon ordinateur est débarrassé du virus enfin en tout cas mon fond d'écran est débloqué, plus d'alertes ect...
Maintenant il est toujours un peu lent mais ça je suppose qu'il faudra que je fasse un nettoyage de programmes qui ne servent à rien.
Voilà Merci beacoup pour m'avoir débarrasé de ce rogue.
Dernière question qu'est ce que je fait de tout ces logiciels que j'ai installé ?
0
Réponse 15 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 20:07
lance hijakchits, fais DO a system scan only et fixe ces lignes (fix cheked)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html



R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [iccum] "c:\windows\system32\iccum.exe" iccum



____________________



Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
c:\windows\system32\iccum.exe
C:\RECYCLER
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iccum"=-






Enregistre ce fichier sous le nom CFscript (attention aux majuscules)




Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

______________________

mets a jour internet explorer

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________________


a plus
0
Réponse 16 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 21:29
voilà

ComboFix 09-02-21.01 - CECILE 2009-02-22 20:36:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.254.81 [GMT 1:00]
Lancé depuis: c:\documents and settings\CECILE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CECILE\Bureau\CFscript
AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iccum.dat
c:\windows\system32\iccum_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.

2009-02-22 20:34 . 2009-02-22 20:34 <REP> d----c--- C:\32788R22FWJFW
2009-02-22 16:54 . 2009-02-22 16:54 <REP> d----c--- C:\_OTMoveIt
2009-02-22 15:20 . 2009-02-22 16:24 <REP> d-------- c:\windows\BDOSCAN8
2009-02-22 10:48 . 2009-02-22 10:48 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Malwarebytes
2009-02-22 10:37 . 2009-02-22 10:38 <REP> d----c--- C:\rsit
2009-02-22 09:29 . 2009-02-22 20:25 <REP> d----c--- c:\documents and settings\CECILE\Tracing
2009-02-22 00:04 . 2009-02-22 00:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 00:04 . 2009-02-22 00:04 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 23:25 . 2009-02-21 23:25 <REP> d-------- c:\program files\Trend Micro
2009-02-09 16:10 . 2009-02-09 16:10 <REP> d----c--- c:\documents and settings\CECILE\Application Data\vlc
2009-02-09 16:06 . 2009-02-09 16:06 <REP> d-------- c:\program files\VideoLAN
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-01-28 22:12 . 2009-01-28 22:12 <REP> d----c--- c:\documents and settings\CECILE\Application Data\Yahoo!
2009-01-28 22:09 . 2009-02-21 18:45 <REP> d-------- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 15:57 --------- dc----w c:\documents and settings\CECILE\Application Data\WTablet
2009-02-22 13:01 --------- d-----w c:\program files\Fichiers communs\EPSON
2009-02-22 13:01 --------- d-----w c:\program files\EPSON
2009-02-22 12:34 --------- d-----w c:\program files\Google
2009-02-21 22:04 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-02-21 18:44 --------- d-----w c:\program files\MSXML 4.0
2009-02-21 17:40 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-21 11:04 --------- dc----w c:\documents and settings\CECILE\Application Data\OpenOffice.org2
2009-02-19 10:41 --------- d-----w c:\program files\Windows Live
2009-02-17 22:47 --------- d-----w c:\program files\DivX
2009-01-25 17:11 --------- d-----w c:\program files\Shareaza
2009-01-04 16:18 --------- d-----w c:\program files\Audacity
2009-01-03 10:37 260,096 ----a-w c:\windows\system32\gsqsecw.exe
2009-01-02 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 14:38 --------- d-----w c:\program files\NETGEAR
2009-01-02 14:01 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-31 16:03 221,184 ----a-w c:\windows\system32\wssyc.exe
2008-12-29 11:08 212,992 ----a-w c:\windows\system32\wmymcgk.exe
2008-12-27 14:53 --------- dc----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-26 14:40 606,848 ----a-w c:\windows\flashax.exe
2008-12-26 14:40 12,288 ----a-w c:\windows\impborl.dll
2008-12-25 18:31 --------- d-----w c:\program files\eMule
2008-12-25 09:59 --------- d-----w c:\program files\ASUS
2008-12-24 15:40 --------- dc----w c:\documents and settings\All Users\Application Data\espionServerData
2008-12-24 15:33 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-24 15:20 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-12-24 14:45 --------- dc----w c:\documents and settings\CECILE\Application Data\Ambient Design
2008-12-24 14:35 --------- dc----w c:\documents and settings\CECILE\Application Data\Bamboo Scribe
2008-12-24 14:03 --------- d-----w c:\program files\PenLauncher
2008-12-24 12:45 --------- d-----w c:\program files\Tablet
2008-12-24 12:36 --------- dc----w c:\documents and settings\Invité\Application Data\WTablet
2008-12-21 14:28 282,624 ----a-w c:\windows\system32\iiikiys.exe
2008-12-21 10:06 220,672 ----a-w c:\windows\system32\ogkaa.exe
2008-11-27 17:12 361,984 ----a-w c:\windows\system32\sougskm.exe
2008-05-16 16:41 47,360 -c--a-w c:\documents and settings\CECILE\Application Data\pcouffin.sys
2003-06-20 02:05 49,776 ----a-w c:\windows\inf\usbhub20.sys
2003-06-20 02:05 24,752 ----a-w c:\windows\inf\hidclass.sys
2003-06-20 02:05 20,688 ----a-w c:\windows\inf\usbd.sys
2003-06-20 02:05 19,728 ----a-w c:\windows\inf\usbehci.sys
2003-06-20 02:05 138,288 ----a-w c:\windows\inf\usbport.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-02-22_14.55.06.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-22 14:21:02 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-02-22 14:21:02 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2009-02-22 14:21:03 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2009-02-22 14:21:06 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-02-22 14:21:08 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2009-02-22 14:21:03 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-02-22 15:57:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-22 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-27 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2009-01-02 483412]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-04 20560]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-24 3032360]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-06-15 17149]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2009-01-02 43392]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-24 15144]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 20:41:23
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-22 20:45:25
ComboFix-quarantined-files.txt 2009-02-22 19:45:11
ComboFix2.txt 2009-02-22 13:56:59

Avant-CF: 9 056 944 128 octets libres
Après-CF: 9,131,393,024 octets libres

151 --- E O F --- 2009-02-13 15:05:18
0
Réponse 17 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 21:31
mets a jour internet explorer

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________________

remets un rapoprt rsit pour verifier que tout es ok
0
Réponse 18 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 21:33
C'est fait
0
Réponse 19 / 23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 févr. 2009 à 21:42
remets un rapoprt rsit pour verifier que tout es ok
0
Réponse 20 / 23
Mimasu Messages postés 18 Date d'inscription dimanche 22 février 2009 Statut Membre Dernière intervention 25 avril 2009
22 févr. 2009 à 21:48
voilà

Logfile of random's system information tool 1.05 (written by random/random)
Run by CECILE at 2009-02-22 21:43:59
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (45%) free of 19 GB
Total RAM: 254 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:54, on 22/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\CECILE\Bureau\RSIT.exe
C:\Documents and Settings\CECILE\Bureau\CECILE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
0

Discussions similaires

télécharger et installer encarta junior
98653773 -
1 -

3 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
pro direct soccer fiable ?
Doudy28 -
Sm81 -

6 réponses
Avis sur Pro Foot X
rimka -
Loulou -

32 réponses