Aide analyse HIJACKTHIS
Résolu
baba cool
Messages postés
358
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, depuis 2 ou 3 jours, lorsque je démarre ma machine mon pare-feu est désactivé (alors que lorsque je l'eteint il est activé) et Avira ne démarre plus automatiquement au démarrage (dans msconfig il est bien coché), donc j'ai fais une analyse hijackthis dont voici le log : (y une ligne O4 qui me parait louche...) Bien entendu ma base antivirus est à jour ainsi que la base malwarebyte. Merci pour votre aide
RAPPORT HIJACK
P:\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
P:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
P:\Avira\AntiVir Desktop\avgnt.exe
P:\HP\HP Software Update\HPWuSchd2.exe
P:\Winamp\winampa.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
P:\HP\Digital Imaging\bin\hpqtra08.exe
p:\avira\antivir desktop\avcenter.exe
P:\Avira\AntiVir Desktop\avguard.exe
P:\HP\Digital Imaging\bin\hpqSTE08.exe
P:\HP\Digital Imaging\bin\hpqbam08.exe
P:\Winamp\winamp.exe
P:\Mozilla\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m’|\ü
O4 - HKLM\..\Run: [avgnt] "P:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] P:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] P:\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] P:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = P:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://P:\office03\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - P:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - P:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - P:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
RAPPORT HIJACK
P:\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
P:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
P:\Avira\AntiVir Desktop\avgnt.exe
P:\HP\HP Software Update\HPWuSchd2.exe
P:\Winamp\winampa.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
P:\HP\Digital Imaging\bin\hpqtra08.exe
p:\avira\antivir desktop\avcenter.exe
P:\Avira\AntiVir Desktop\avguard.exe
P:\HP\Digital Imaging\bin\hpqSTE08.exe
P:\HP\Digital Imaging\bin\hpqbam08.exe
P:\Winamp\winamp.exe
P:\Mozilla\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m’|\ü
O4 - HKLM\..\Run: [avgnt] "P:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] P:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] P:\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] P:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = P:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://P:\office03\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - P:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - P:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - P:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - P:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
A voir également:
- Aide analyse HIJACKTHIS
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
32 réponses
Look at that, au lieu laisser voir ton ordi à tout le monde :
http://hijackthis.de/index.php?langselect=french
C'est un début.
http://hijackthis.de/index.php?langselect=french
C'est un début.
blonde.fr Attention avec ce robot il fait des erreurs il te donnes des lignes légitimes comme néfaste et il passes à côté de lignes d'infections il faut toujours contrôler sur google la légitimité des lignes trouvé, sinon tu as un autre outil de lecture zhp qui pour moi je pense plus fiable mais pareil vériffier les données et puis regarder dans les non traiter
slt
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\WINDOWS\system32\winsys2.exe
________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
________________
colle un rapport avec antivir que tu as ou
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\WINDOWS\system32\winsys2.exe
________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
________________
colle un rapport avec antivir que tu as ou
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut, voici le rapport par virustotal :
Fichier WinSys2.exe reçu le 2009.05.17 01:24:48 (CET)
Situation actuelle: terminé
Résultat: 0/39 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.16 -
AhnLab-V3 5.0.0.2 2009.05.16 -
AntiVir 7.9.0.168 2009.05.15 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.16 -
Avast 4.8.1335.0 2009.05.16 -
AVG 8.5.0.336 2009.05.16 -
BitDefender 7.2 2009.05.17 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.16 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.17 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.16 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.16 -
GData 19 2009.05.17 -
Ikarus T3.1.1.49.0 2009.05.16 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.17 -
McAfee 5617 2009.05.16 -
McAfee+Artemis 5617 2009.05.16 -
McAfee-GW-Edition 6.7.6 2009.05.15 -
Microsoft 1.4602 2009.05.16 -
NOD32 4080 2009.05.15 -
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.16 -
Panda 10.0.0.14 2009.05.16 -
Prevx 3.0 2009.05.17 -
Rising 21.29.52.00 2009.05.16 -
Sophos 4.41.0 2009.05.16 -
Sunbelt 3.2.1858.2 2009.05.16 -
Symantec 1.4.4.12 2009.05.17 -
TheHacker 6.3.4.1.326 2009.05.15 -
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.16 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.16 -
Information additionnelle
File size: 208896 bytes
MD5...: 27949ccd505a6be082d15547b1dff90d
SHA1..: 569f27f34d53ec7f3eb0151108f3d4f0b4e54140
SHA256: 7c47e876766ecd62aad68812a40f30bad56a32d994cc16a116b8d3c4ea30ee82
SHA512: 9b1675320d9d0d356e6e9a761c54abc56124136e6a970fe832bd7c0842eda69d
9f0e34bf6a9713e535e63bafd0dfa59f09486134a2fb23aed2faf7e891cd0c85
ssdeep: 3072:AQNGGM2V/Oa49QFb+s6+6WKYy2YJfGnFGY2IKmistUtcQrvkpTQ7:APGlk5
9QFbj6+6oyjJfrY2IKHbrMm
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10214
timedatestamp.....: 0x478ff7fe (Fri Jan 18 00:51:10 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20996 0x21000 6.65 2bd762b046ea4317483b547ed7ae2d7f
.rdata 0x22000 0x7cfe 0x8000 4.90 1f93dbb50db9c21acda7c7c1888d93e8
.data 0x2a000 0x8fd4 0x3000 3.31 2bc8669cfae0847f14f5e0b842c89897
CONST 0x33000 0x1f 0x1000 0.09 e1c91d3ead8e57dca21253f563c750c1
.rsrc 0x34000 0x48a8 0x5000 4.41 46abb0b06f7f2c3453dea7320e86064f
( 8 imports )
> MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA
> KERNEL32.dll: SetErrorMode, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, WritePrivateProfileStringA, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GlobalDeleteAtom, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetProcAddress, LoadLibraryA, lstrlenA, CompareStringA, GetVersionExA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, UnhandledExceptionFilter
> USER32.dll: UnregisterClassA, LoadCursorA, GetSysColorBrush, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, DrawIcon, SendMessageA, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, DestroyMenu, GetMessageTime, IsIconic, GetClientRect, SetTimer, KillTimer, LoadIconA, EnableWindow, GetSystemMetrics, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, PostQuitMessage, PostMessageA, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetParent, ModifyMenuA, EnableMenuItem, CheckMenuItem
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, PtVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, GetDeviceCaps, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, RectVisible
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
> OLEAUT32.dll: -, -, -
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
CWSandbox info: http://research.sunbelt-software.com/...
Fichier WinSys2.exe reçu le 2009.05.17 01:24:48 (CET)
Situation actuelle: terminé
Résultat: 0/39 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.16 -
AhnLab-V3 5.0.0.2 2009.05.16 -
AntiVir 7.9.0.168 2009.05.15 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.16 -
Avast 4.8.1335.0 2009.05.16 -
AVG 8.5.0.336 2009.05.16 -
BitDefender 7.2 2009.05.17 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.16 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.17 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.16 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.16 -
GData 19 2009.05.17 -
Ikarus T3.1.1.49.0 2009.05.16 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.17 -
McAfee 5617 2009.05.16 -
McAfee+Artemis 5617 2009.05.16 -
McAfee-GW-Edition 6.7.6 2009.05.15 -
Microsoft 1.4602 2009.05.16 -
NOD32 4080 2009.05.15 -
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.16 -
Panda 10.0.0.14 2009.05.16 -
Prevx 3.0 2009.05.17 -
Rising 21.29.52.00 2009.05.16 -
Sophos 4.41.0 2009.05.16 -
Sunbelt 3.2.1858.2 2009.05.16 -
Symantec 1.4.4.12 2009.05.17 -
TheHacker 6.3.4.1.326 2009.05.15 -
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.16 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.16 -
Information additionnelle
File size: 208896 bytes
MD5...: 27949ccd505a6be082d15547b1dff90d
SHA1..: 569f27f34d53ec7f3eb0151108f3d4f0b4e54140
SHA256: 7c47e876766ecd62aad68812a40f30bad56a32d994cc16a116b8d3c4ea30ee82
SHA512: 9b1675320d9d0d356e6e9a761c54abc56124136e6a970fe832bd7c0842eda69d
9f0e34bf6a9713e535e63bafd0dfa59f09486134a2fb23aed2faf7e891cd0c85
ssdeep: 3072:AQNGGM2V/Oa49QFb+s6+6WKYy2YJfGnFGY2IKmistUtcQrvkpTQ7:APGlk5
9QFbj6+6oyjJfrY2IKHbrMm
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10214
timedatestamp.....: 0x478ff7fe (Fri Jan 18 00:51:10 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20996 0x21000 6.65 2bd762b046ea4317483b547ed7ae2d7f
.rdata 0x22000 0x7cfe 0x8000 4.90 1f93dbb50db9c21acda7c7c1888d93e8
.data 0x2a000 0x8fd4 0x3000 3.31 2bc8669cfae0847f14f5e0b842c89897
CONST 0x33000 0x1f 0x1000 0.09 e1c91d3ead8e57dca21253f563c750c1
.rsrc 0x34000 0x48a8 0x5000 4.41 46abb0b06f7f2c3453dea7320e86064f
( 8 imports )
> MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA
> KERNEL32.dll: SetErrorMode, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, WritePrivateProfileStringA, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GlobalDeleteAtom, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetProcAddress, LoadLibraryA, lstrlenA, CompareStringA, GetVersionExA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, UnhandledExceptionFilter
> USER32.dll: UnregisterClassA, LoadCursorA, GetSysColorBrush, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, DrawIcon, SendMessageA, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, DestroyMenu, GetMessageTime, IsIconic, GetClientRect, SetTimer, KillTimer, LoadIconA, EnableWindow, GetSystemMetrics, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, PostQuitMessage, PostMessageA, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetParent, ModifyMenuA, EnableMenuItem, CheckMenuItem
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, PtVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, GetDeviceCaps, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, RectVisible
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
> OLEAUT32.dll: -, -, -
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
CWSandbox info: http://research.sunbelt-software.com/...
voici le rapport toolbar
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Award Modular BIOS v6.00PG
USER : che ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:79 Go (Free:69 Go)
D:\ (Local Disk) - NTFS - Total:400 Go (Free:180 Go)
F:\ (CD or DVD)
P:\ (Local Disk) - NTFS - Total:99 Go (Free:82 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/05/2009|12:33 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp\ws-14373.log
C:\DOCUME~1\che\APPLIC~1\Search Settings
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14379.log
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14380.log
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14381.log
-----------\\ Extensions
(che) - {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} => foxtab
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/05/2009|12:33 - Option : [1]
-----------\\ Fin du rapport a 12:33:25,01
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Award Modular BIOS v6.00PG
USER : che ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:79 Go (Free:69 Go)
D:\ (Local Disk) - NTFS - Total:400 Go (Free:180 Go)
F:\ (CD or DVD)
P:\ (Local Disk) - NTFS - Total:99 Go (Free:82 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/05/2009|12:33 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings\kb128\temp\ws-14373.log
C:\DOCUME~1\che\APPLIC~1\Search Settings
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14379.log
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14380.log
C:\DOCUME~1\che\APPLIC~1\Search Settings\kb128\temp\ws-14381.log
-----------\\ Extensions
(che) - {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} => foxtab
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/05/2009|12:33 - Option : [1]
-----------\\ Fin du rapport a 12:33:25,01
'lut,
C'est vrai que l'on peut voir des secrets dans un log hijackthis ou autres......
Aller blonde.fr tu porte bien ton pseudo.....
au lieu laisser voir ton ordi à tout le monde
C'est vrai que l'on peut voir des secrets dans un log hijackthis ou autres......
Aller blonde.fr tu porte bien ton pseudo.....
