VIRUS SHEUR2.ATQX
Résolu
grom84
Messages postés
40
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je suis sous XP SP3, et j'ai un virus qui m'est repéré par AVG8.5 free sous deux formes:
la première apparues est SHEUR2.ATQX et l'autre est HTML/Framer.
Je ne sais pas trop quelle procédure il faut suivre, donc je vous joins le log de combofix et celui de hijackthis.
Combofix dit:
ComboFix 09-07-29.04 - Utilisateur 30/07/2009 23:42.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.466 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090730-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSIK
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 20:56 . 2009-07-30 20:56 -------- d-----w- c:\windows\Sun
2009-07-30 17:28 . 2009-07-30 21:48 61696 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-07-29 17:14 . 2009-07-29 17:15 -------- d-----w- c:\program files\Java
2009-07-29 17:13 . 2009-07-29 17:13 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-28 16:46 . 2009-07-28 16:46 -------- d-----w- c:\program files\CCleaner
2009-07-26 13:42 . 2009-07-26 17:04 342 --s-a-w- c:\windows\system32\1009464937.dat
2009-07-25 09:30 . 2009-07-29 13:14 -------- d-----w- c:\windows\ie8updates
2009-07-25 05:40 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 05:40 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-24 18:38 . 2009-07-24 18:38 -------- d-sh--w- c:\documents and settings\Utilisateur\IECompatCache
2009-07-24 18:37 . 2009-07-24 18:37 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-24 16:49 . 2009-07-24 16:49 -------- d-sh--w- c:\documents and settings\Utilisateur\IETldCache
2009-07-24 16:41 . 2009-07-24 16:42 -------- dc-h--w- c:\windows\ie8
2009-07-23 19:44 . 2009-07-23 19:45 -------- d-----w- C:\wamp
2009-07-23 08:39 . 2009-07-23 08:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:07 -------- d-----w- c:\program files\QuickTime
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\program files\Apple Software Update
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple Computer
2009-07-20 15:00 . 2009-07-26 12:51 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\gtk-2.0
2009-07-20 14:56 . 2009-07-20 14:56 -------- d-----w- c:\documents and settings\Utilisateur\.thumbnails
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 14:13 . 2009-07-28 16:46 -------- d-----w- c:\program files\trend micro
2009-07-20 14:13 . 2009-07-20 14:13 -------- d-----w- C:\rsit
2009-07-20 14:04 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-20 14:03 . 2009-07-20 14:03 -------- d-----w- c:\program files\Panda Security
2009-07-20 10:18 . 2009-07-28 18:34 -------- d-----w- c:\windows\BDOSCAN8
2009-07-20 09:06 . 2009-07-20 09:06 -------- d-----w- C:\bcf82c9e229cea2691fbab5839
2009-07-20 07:46 . 2009-07-30 20:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-20 07:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-20 07:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-20 07:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-20 07:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-20 07:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-20 07:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-20 07:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-20 07:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-20 07:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-20 07:40 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-20 07:40 . 2009-07-20 07:40 -------- d-----w- c:\program files\Alwil Software
2009-07-20 07:38 . 2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 07:38 . 2009-07-20 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 07:38 . 2009-07-20 07:38 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 07:38 . 2009-07-20 07:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 07:38 . 2009-07-30 21:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\program files\AVG
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 20:02 . 2009-07-18 20:02 -------- d--h--w- c:\windows\PIF
2009-07-17 19:58 . 2009-07-17 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-17 19:39 . 2009-07-26 12:55 -------- d-----w- c:\documents and settings\Utilisateur\.gimp-2.6
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\documents and settings\Utilisateur\.gegl-0.0
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\program files\GIMP-2.0
2009-07-17 19:10 . 2009-07-17 19:10 0 ----a-w- c:\windows\nsreg.dat
2009-07-17 16:04 . 2009-07-17 16:04 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Mozilla
2009-07-17 16:04 . 2009-07-30 21:18 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Notepad++
2009-07-17 16:04 . 2009-07-30 21:09 -------- d-----w- c:\program files\Notepad++
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\program files\ma-config.com
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-17 14:53 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-17 14:53 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-17 14:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-17 14:53 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-17 14:53 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-17 14:53 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-17 14:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-17 14:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-17 14:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-17 14:51 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-07-17 14:50 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:17 . 2008-10-06 15:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-07-26 13:59 . 2008-02-15 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-18 18:51 . 2008-01-10 16:58 64440 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:25 . 2008-01-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 15:39 . 2004-08-05 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 15:39 . 2004-08-05 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 14:49 . 2008-01-21 07:30 -------- d-----w- c:\program files\Google
2009-07-03 16:57 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2008-05-16 15:34 . 2008-05-16 15:34 15397 ----a-w- c:\program files\settings.dat
2009-07-15 22:31 . 2009-07-17 16:04 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-21 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-14 22528]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/07/2009 16:04 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/07/2009 09:40 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2009 09:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2009 09:38 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 09:40 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 09:38 298776]
S2 avg8wdAppMgmt;AVG Free8 WatchDog avg8wdAppMgmt;c:\windows\system32\1042j.exe srv --> c:\windows\system32\1042j.exe srv [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\zuyo9a0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soqwx32]
"ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\Temp\wpv941248906516.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-30 23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 21:50
Pre-Run: 211 753 279 488 octets libres
Post-Run: 211 703 480 320 octets libres
276 --- E O F --- 2009-07-29 13:14
et hijackthis dit:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:16, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG Free8 WatchDog avg8wdAppMgmt (avg8wdAppMgmt) - Unknown owner - C:\WINDOWS\system32\1042j.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
je suis sous XP SP3, et j'ai un virus qui m'est repéré par AVG8.5 free sous deux formes:
la première apparues est SHEUR2.ATQX et l'autre est HTML/Framer.
Je ne sais pas trop quelle procédure il faut suivre, donc je vous joins le log de combofix et celui de hijackthis.
Combofix dit:
ComboFix 09-07-29.04 - Utilisateur 30/07/2009 23:42.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.466 [GMT 2:00]
Running from: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090730-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSIK
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 20:56 . 2009-07-30 20:56 -------- d-----w- c:\windows\Sun
2009-07-30 17:28 . 2009-07-30 21:48 61696 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-07-29 17:14 . 2009-07-29 17:15 -------- d-----w- c:\program files\Java
2009-07-29 17:13 . 2009-07-29 17:13 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-28 16:46 . 2009-07-28 16:46 -------- d-----w- c:\program files\CCleaner
2009-07-26 13:42 . 2009-07-26 17:04 342 --s-a-w- c:\windows\system32\1009464937.dat
2009-07-25 09:30 . 2009-07-29 13:14 -------- d-----w- c:\windows\ie8updates
2009-07-25 05:40 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 05:40 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-24 18:38 . 2009-07-24 18:38 -------- d-sh--w- c:\documents and settings\Utilisateur\IECompatCache
2009-07-24 18:37 . 2009-07-24 18:37 -------- d-sh--w- c:\documents and settings\Utilisateur\PrivacIE
2009-07-24 16:49 . 2009-07-24 16:49 -------- d-sh--w- c:\documents and settings\Utilisateur\IETldCache
2009-07-24 16:41 . 2009-07-24 16:42 -------- dc-h--w- c:\windows\ie8
2009-07-23 19:44 . 2009-07-23 19:45 -------- d-----w- C:\wamp
2009-07-23 08:39 . 2009-07-23 08:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:07 -------- d-----w- c:\program files\QuickTime
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\program files\Apple Software Update
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 16:06 . 2009-07-20 16:06 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Apple Computer
2009-07-20 15:00 . 2009-07-26 12:51 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\gtk-2.0
2009-07-20 14:56 . 2009-07-20 14:56 -------- d-----w- c:\documents and settings\Utilisateur\.thumbnails
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-20 14:16 . 2009-07-20 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 14:16 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 14:13 . 2009-07-28 16:46 -------- d-----w- c:\program files\trend micro
2009-07-20 14:13 . 2009-07-20 14:13 -------- d-----w- C:\rsit
2009-07-20 14:04 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-20 14:03 . 2009-07-20 14:03 -------- d-----w- c:\program files\Panda Security
2009-07-20 10:18 . 2009-07-28 18:34 -------- d-----w- c:\windows\BDOSCAN8
2009-07-20 09:06 . 2009-07-20 09:06 -------- d-----w- C:\bcf82c9e229cea2691fbab5839
2009-07-20 07:46 . 2009-07-30 20:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-20 07:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-20 07:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-20 07:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-20 07:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-20 07:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-20 07:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-20 07:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-20 07:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-20 07:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-20 07:40 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-20 07:40 . 2009-07-20 07:40 -------- d-----w- c:\program files\Alwil Software
2009-07-20 07:38 . 2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 07:38 . 2009-07-20 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 07:38 . 2009-07-20 07:38 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 07:38 . 2009-07-20 07:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 07:38 . 2009-07-30 21:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\program files\AVG
2009-07-20 07:38 . 2009-07-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 20:02 . 2009-07-18 20:02 -------- d--h--w- c:\windows\PIF
2009-07-17 19:58 . 2009-07-17 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-17 19:39 . 2009-07-26 12:55 -------- d-----w- c:\documents and settings\Utilisateur\.gimp-2.6
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\documents and settings\Utilisateur\.gegl-0.0
2009-07-17 19:39 . 2009-07-17 19:39 -------- d-----w- c:\program files\GIMP-2.0
2009-07-17 19:10 . 2009-07-17 19:10 0 ----a-w- c:\windows\nsreg.dat
2009-07-17 16:04 . 2009-07-17 16:04 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Mozilla
2009-07-17 16:04 . 2009-07-30 21:18 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Notepad++
2009-07-17 16:04 . 2009-07-30 21:09 -------- d-----w- c:\program files\Notepad++
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\program files\ma-config.com
2009-07-17 15:39 . 2009-07-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-17 14:53 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-17 14:53 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-17 14:53 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-17 14:53 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-17 14:53 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-17 14:53 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-17 14:53 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-17 14:53 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-17 14:53 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-17 14:51 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-07-17 14:50 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:17 . 2008-10-06 15:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\FileZilla
2009-07-26 13:59 . 2008-02-15 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-18 18:51 . 2008-01-10 16:58 64440 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:25 . 2008-01-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 15:39 . 2004-08-05 12:00 85058 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 15:39 . 2004-08-05 12:00 511154 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-17 14:49 . 2008-01-21 07:30 -------- d-----w- c:\program files\Google
2009-07-03 16:57 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2008-05-16 15:34 . 2008-05-16 15:34 15397 ----a-w- c:\program files\settings.dat
2009-07-15 22:31 . 2009-07-17 16:04 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-21 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-14 22528]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 07:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/07/2009 16:04 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/07/2009 09:40 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2009 09:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2009 09:38 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2009 09:40 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 09:38 298776]
S2 avg8wdAppMgmt;AVG Free8 WatchDog avg8wdAppMgmt;c:\windows\system32\1042j.exe srv --> c:\windows\system32\1042j.exe srv [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\zuyo9a0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soqwx32]
"ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Java\jre1.5.0_03\bin\jucheck.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\Temp\wpv941248906516.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-30 23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 21:50
Pre-Run: 211 753 279 488 octets libres
Post-Run: 211 703 480 320 octets libres
276 --- E O F --- 2009-07-29 13:14
et hijackthis dit:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:16, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG Free8 WatchDog avg8wdAppMgmt (avg8wdAppMgmt) - Unknown owner - C:\WINDOWS\system32\1042j.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
A voir également:
- VIRUS SHEUR2.ATQX
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
76 réponses
bonjour Gen,
en fait j'ai été confronté à la base à Security System ou je ne sais plus trop son nom, un truc qui te disais que t'étais infecté et qui si tu ne payais pas leur logiciel ça ne marcherait plus.
J'ai pas payé mais ça n'a pas marché pour autant. Et ça m'a planté mon PC.
Pendant une trêve j'ai réussi à installer AVG qui l'a arrêté direct.
PAr contre quel fichier veux tu que je mette dans combofix?
Je vois ça en rentrant je suis au boulot je profite d'une absence de mon boss lol.
Remarque vacances dans 3 heures.
Merci par avance
G-rom
en fait j'ai été confronté à la base à Security System ou je ne sais plus trop son nom, un truc qui te disais que t'étais infecté et qui si tu ne payais pas leur logiciel ça ne marcherait plus.
J'ai pas payé mais ça n'a pas marché pour autant. Et ça m'a planté mon PC.
Pendant une trêve j'ai réussi à installer AVG qui l'a arrêté direct.
PAr contre quel fichier veux tu que je mette dans combofix?
Je vois ça en rentrant je suis au boulot je profite d'une absence de mon boss lol.
Remarque vacances dans 3 heures.
Merci par avance
G-rom
Gene,
j'ai fait combofix et comme la première fois, le fichier log s'est ouvert complètement vide.
Je suis allé voir le fichier text généré dans c:, il fait 21ko c'est tout ce que je peux te dire, il me refuse l'accès en lecture.
Concernant les fichiers en suppréssion manuelle, pas moyen de le trouver (même en changeant les paramètres d'affichage des dossiers) donc cela voudrait pouvoir dire que ces fichiers ont disparu.
Sinon, toujours aucun moyen d'accéder à certains programme et nonplus d'entrée dans certains fichiers de mon dd.
Que préconise tu?
Merci
G-rom
j'ai fait combofix et comme la première fois, le fichier log s'est ouvert complètement vide.
Je suis allé voir le fichier text généré dans c:, il fait 21ko c'est tout ce que je peux te dire, il me refuse l'accès en lecture.
Concernant les fichiers en suppréssion manuelle, pas moyen de le trouver (même en changeant les paramètres d'affichage des dossiers) donc cela voudrait pouvoir dire que ces fichiers ont disparu.
Sinon, toujours aucun moyen d'accéder à certains programme et nonplus d'entrée dans certains fichiers de mon dd.
Que préconise tu?
Merci
G-rom
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok envoie le txt ici : http://www.cijoint.fr/ et donne le lien qui apparait ensuite
pour ccleaner , fais le nettoyage
pour ccleaner , fais le nettoyage
Bonjour Gen,
je ne peux pas t'envoyer combofix.txt, le site me dit fichier invalide, et si j'essaie de déplacer le fichier sur mon bureau le pc me dit accès refusé.
Que dois je faire?
G-rom
je ne peux pas t'envoyer combofix.txt, le site me dit fichier invalide, et si j'essaie de déplacer le fichier sur mon bureau le pc me dit accès refusé.
Que dois je faire?
G-rom
ok une fois dans la fenetre tape :
cd\
puis touche entrée
copie-colle :
dir /A/B/S C:\Qoobox >> %Homedrive%\grom.txt
puis entrée
ensuite poste le contenu de grom.txt que tu auras dans C:\
cd\
puis touche entrée
copie-colle :
dir /A/B/S C:\Qoobox >> %Homedrive%\grom.txt
puis entrée
ensuite poste le contenu de grom.txt que tu auras dans C:\
Gen,
voila ce que cela donnne
C:\Qoobox\Add-Remove Programs.txt
C:\Qoobox\BackEnv
C:\Qoobox\CFScript_used_2009-07-31_02.36.05.txt
C:\Qoobox\CFScript_used_2009-07-31_18.48.45.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\LastRun
C:\Qoobox\Quarantine
C:\Qoobox\SnapShot@2009-07-30_21.48.21.dat
C:\Qoobox\Test
C:\Qoobox\TestC
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\Cookies.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\localappdata.folder.dat
C:\Qoobox\BackEnv\localsettings.folder.dat
C:\Qoobox\BackEnv\mypictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\Profiles.Folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\SetPath.bat
C:\Qoobox\BackEnv\startmenu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\SysPath.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\Quarantine\C
C:\Qoobox\Quarantine\catchme.log
C:\Qoobox\Quarantine\catchme.txt
C:\Qoobox\Quarantine\Registry_backups
C:\Qoobox\Quarantine\C\Documents and Settings
C:\Qoobox\Quarantine\C\Program Files
C:\Qoobox\Quarantine\C\WINDOWS
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur\Application Data\wiaserva.log.vir
C:\Qoobox\Quarantine\C\Program Files\Fichiers communs
C:\Qoobox\Quarantine\C\WINDOWS\system32
C:\Qoobox\Quarantine\C\WINDOWS\system32\1009464937.dat.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\15b9354b.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\30a8671e.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\soqwx32.sys.vir
C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ccleaner.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Adobe Reader Speed Launcher.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ATICCC.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-LanguageShortcut.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NeroFilterCheck.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-RemoteControl.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SoundMAXPnP.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Legacy_NETSIK.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_15b9354b.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_30a8671e.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_glaide32.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_soqwx32.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
Kézako
Grom
voila ce que cela donnne
C:\Qoobox\Add-Remove Programs.txt
C:\Qoobox\BackEnv
C:\Qoobox\CFScript_used_2009-07-31_02.36.05.txt
C:\Qoobox\CFScript_used_2009-07-31_18.48.45.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\LastRun
C:\Qoobox\Quarantine
C:\Qoobox\SnapShot@2009-07-30_21.48.21.dat
C:\Qoobox\Test
C:\Qoobox\TestC
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\Cookies.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\localappdata.folder.dat
C:\Qoobox\BackEnv\localsettings.folder.dat
C:\Qoobox\BackEnv\mypictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\Profiles.Folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\SetPath.bat
C:\Qoobox\BackEnv\startmenu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\SysPath.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\Quarantine\C
C:\Qoobox\Quarantine\catchme.log
C:\Qoobox\Quarantine\catchme.txt
C:\Qoobox\Quarantine\Registry_backups
C:\Qoobox\Quarantine\C\Documents and Settings
C:\Qoobox\Quarantine\C\Program Files
C:\Qoobox\Quarantine\C\WINDOWS
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\Utilisateur\Application Data\wiaserva.log.vir
C:\Qoobox\Quarantine\C\Program Files\Fichiers communs
C:\Qoobox\Quarantine\C\WINDOWS\system32
C:\Qoobox\Quarantine\C\WINDOWS\system32\1009464937.dat.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\15b9354b.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\30a8671e.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\soqwx32.sys.vir
C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ccleaner.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Adobe Reader Speed Launcher.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ATICCC.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-LanguageShortcut.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NeroFilterCheck.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-RemoteControl.reg.dat
C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SoundMAXPnP.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Legacy_NETSIK.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_15b9354b.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_30a8671e.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_glaide32.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_soqwx32.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
Kézako
Grom
bien cela a fonctionné
ceci est plus ou moins ce qui aurait du apparaitre sur le rapport de combofix quant-à la suppression
du moins quelques lignes puisque les autres sont apparues dans le premier rapport (je parle de ceci ):
C:\Qoobox\Quarantine\C
########## | XP _ Instal & recherche | ########
• Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
ceci est plus ou moins ce qui aurait du apparaitre sur le rapport de combofix quant-à la suppression
du moins quelques lignes puisque les autres sont apparues dans le premier rapport (je parle de ceci ):
C:\Qoobox\Quarantine\C
########## | XP _ Instal & recherche | ########
• Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Gen,
voici ce que usbfix dit:
############################## | UsbFix V6.012 |
User : Utilisateur (Administrateurs) # BIDAL-
Update on 01/08/09 by Chiquitine29 & C_XX
Start at: 18:13:07 | 01/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 233,75 Go (197,17 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 149,01 Go (79 Go free) [JEROME] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Other |
Suspect ! C:\wamp\wampmanager.exe
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.012 ! |
Grom
voici ce que usbfix dit:
############################## | UsbFix V6.012 |
User : Utilisateur (Administrateurs) # BIDAL-
Update on 01/08/09 by Chiquitine29 & C_XX
Start at: 18:13:07 | 01/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 233,75 Go (197,17 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 149,01 Go (79 Go free) [JEROME] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Other |
Suspect ! C:\wamp\wampmanager.exe
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.012 ! |
Grom
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\wamp\wampmanager.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\wamp\wampmanager.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Gen,
voila c'est fait:
Fichier wampmanager.exe reçu le 2009.08.01 16:33:49 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.01 -
AhnLab-V3 5.0.0.2 2009.08.01 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.08.01 -
Avast 4.8.1335.0 2009.08.01 -
AVG 8.5.0.406 2009.08.01 -
BitDefender 7.2 2009.08.01 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.08.01 -
Comodo 1836 2009.08.01 -
DrWeb 5.0.0.12182 2009.08.01 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6650 2009.08.01 -
F-Prot 4.4.4.56 2009.08.01 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.08.01 -
GData 19 2009.08.01 -
Ikarus T3.1.1.64.0 2009.08.01 -
Jiangmin 11.0.800 2009.08.01 -
K7AntiVirus 7.10.808 2009.08.01 -
Kaspersky 7.0.0.125 2009.08.01 -
McAfee 5695 2009.08.01 -
McAfee+Artemis 5695 2009.08.01 -
McAfee-GW-Edition 6.8.5 2009.08.01 -
Microsoft 1.4903 2009.08.01 -
NOD32 4296 2009.08.01 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.08.01 -
Panda 10.0.0.14 2009.08.01 -
PCTools 4.4.2.0 2009.08.01 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.08.01 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.08.01 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.08.01 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1152512 bytes
MD5...: cc418886ece11dbaee3cd1d32b7700bf
SHA1..: 941d61a1b751dd0ab83c3efeb29ee62932d82e57
SHA256: 9fb1d1b184744a02052134134381f3aca908058aa51c00b9ac7435790fe2273f
ssdeep: 24576:Mec//////vPItR0Ine4/aWZR88y2jBu+jAtGVVm:Mec//////X2nb/zZCA<BR>jpjA<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Borland Delphi 7 (95.8%)<BR>Win32 Executable Delphi generic (2.1%)<BR>Win32 Executable Generic (1.2%)<BR>Win16/32 Executable Delphi generic (0.2%)<BR>Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xf2118<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xf1228 0xf1400 6.57 bd48ddca4c715b8acf931815a70d5f2b<BR>DATA 0xf3000 0x4ff8 0x5000 5.75 7692176bb25e8bfec69ed70b22428ac6<BR>BSS 0xf8000 0x28b9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xfb000 0x327c 0x3400 4.98 312f82af891afb8f5eed49a7596798e4<BR>.edata 0xff000 0x51 0x200 0.89 0d34416ba90dbcbe55f94a2965af1774<BR>.tls 0x100000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x101000 0x73 0x200 1.67 07ca8cc89d453fc56dcc03918e4d11f7<BR>.reloc 0x102000 0xe348 0xe400 6.68 ccad8aac3091b0dfbf1872697e9504c0<BR>.rsrc 0x111000 0x11191 0x11200 4.98 64e3b1e41659ae53f1291a6b6a38091e<BR><BR>( 23 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey, InitializeSecurityDescriptor, GetUserNameA<BR>> kernel32.dll: lstrlenW, lstrlenA, lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SystemTimeToFileTime, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenProcess, OpenFileMappingA, MultiByteToWideChar, MulDiv, MapViewOfFile, LockResource, LocalSize, LocalFree, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContext, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>> gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateFontA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt<BR>> user32.dll: WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyAcceleratorTable, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableA, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout<BR>> ole32.dll: CreateStreamOnHGlobal, CreateILockBytesOnHGlobal, OleGetIconOfClass, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CreateBindCtx, StgCreateDocfileOnILockBytes, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID<BR>> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString<BR>> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls<BR>> shell32.dll: Shell_NotifyIconA, ShellExecuteA<BR>> comdlg32.dll: PrintDlgA, GetSaveFileNameA<BR>> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, socket, sendto, send, select, recvfrom, recv, inet_addr, htons, connect, closesocket, bind<BR>> kernel32.dll: RtlUnwind<BR>> kernel32.dll: Sleep<BR>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR>> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter<BR>> kernel32.dll: MulDiv<BR>> advapi32.dll: StartServiceA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle<BR>> oledlg.dll: OleUIObjectPropertiesA<BR><BR>( 1 exports ) <BR>madTraceProcess<BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=cc418886ece11dbaee3cd1d32b7700bf' target='_blank'>https://www.symantec.com?md5=cc418886ece11dbaee3cd1d32b7700bf</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.01 -
AhnLab-V3 5.0.0.2 2009.08.01 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.08.01 -
Avast 4.8.1335.0 2009.08.01 -
AVG 8.5.0.406 2009.08.01 -
BitDefender 7.2 2009.08.01 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.08.01 -
Comodo 1836 2009.08.01 -
DrWeb 5.0.0.12182 2009.08.01 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6650 2009.08.01 -
F-Prot 4.4.4.56 2009.08.01 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.08.01 -
GData 19 2009.08.01 -
Ikarus T3.1.1.64.0 2009.08.01 -
Jiangmin 11.0.800 2009.08.01 -
K7AntiVirus 7.10.808 2009.08.01 -
Kaspersky 7.0.0.125 2009.08.01 -
McAfee 5695 2009.08.01 -
McAfee+Artemis 5695 2009.08.01 -
McAfee-GW-Edition 6.8.5 2009.08.01 -
Microsoft 1.4903 2009.08.01 -
NOD32 4296 2009.08.01 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.08.01 -
Panda 10.0.0.14 2009.08.01 -
PCTools 4.4.2.0 2009.08.01 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.08.01 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.08.01 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.08.01 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1152512 bytes
MD5...: cc418886ece11dbaee3cd1d32b7700bf
SHA1..: 941d61a1b751dd0ab83c3efeb29ee62932d82e57
SHA256: 9fb1d1b184744a02052134134381f3aca908058aa51c00b9ac7435790fe2273f
ssdeep: 24576:Mec//////vPItR0Ine4/aWZR88y2jBu+jAtGVVm:Mec//////X2nb/zZCA<BR>jpjA<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Borland Delphi 7 (95.8%)<BR>Win32 Executable Delphi generic (2.1%)<BR>Win32 Executable Generic (1.2%)<BR>Win16/32 Executable Delphi generic (0.2%)<BR>Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xf2118<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xf1228 0xf1400 6.57 bd48ddca4c715b8acf931815a70d5f2b<BR>DATA 0xf3000 0x4ff8 0x5000 5.75 7692176bb25e8bfec69ed70b22428ac6<BR>BSS 0xf8000 0x28b9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xfb000 0x327c 0x3400 4.98 312f82af891afb8f5eed49a7596798e4<BR>.edata 0xff000 0x51 0x200 0.89 0d34416ba90dbcbe55f94a2965af1774<BR>.tls 0x100000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x101000 0x73 0x200 1.67 07ca8cc89d453fc56dcc03918e4d11f7<BR>.reloc 0x102000 0xe348 0xe400 6.68 ccad8aac3091b0dfbf1872697e9504c0<BR>.rsrc 0x111000 0x11191 0x11200 4.98 64e3b1e41659ae53f1291a6b6a38091e<BR><BR>( 23 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey, InitializeSecurityDescriptor, GetUserNameA<BR>> kernel32.dll: lstrlenW, lstrlenA, lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SystemTimeToFileTime, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenProcess, OpenFileMappingA, MultiByteToWideChar, MulDiv, MapViewOfFile, LockResource, LocalSize, LocalFree, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContext, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>> gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateFontA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt<BR>> user32.dll: WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyAcceleratorTable, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableA, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout<BR>> ole32.dll: CreateStreamOnHGlobal, CreateILockBytesOnHGlobal, OleGetIconOfClass, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CreateBindCtx, StgCreateDocfileOnILockBytes, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID<BR>> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString<BR>> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls<BR>> shell32.dll: Shell_NotifyIconA, ShellExecuteA<BR>> comdlg32.dll: PrintDlgA, GetSaveFileNameA<BR>> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, socket, sendto, send, select, recvfrom, recv, inet_addr, htons, connect, closesocket, bind<BR>> kernel32.dll: RtlUnwind<BR>> kernel32.dll: Sleep<BR>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR>> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter<BR>> kernel32.dll: MulDiv<BR>> advapi32.dll: StartServiceA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle<BR>> oledlg.dll: OleUIObjectPropertiesA<BR><BR>( 1 exports ) <BR>madTraceProcess<BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=cc418886ece11dbaee3cd1d32b7700bf' target='_blank'>https://www.symantec.com?md5=cc418886ece11dbaee3cd1d32b7700bf</a>
G-rom
voila c'est fait:
Fichier wampmanager.exe reçu le 2009.08.01 16:33:49 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.01 -
AhnLab-V3 5.0.0.2 2009.08.01 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.08.01 -
Avast 4.8.1335.0 2009.08.01 -
AVG 8.5.0.406 2009.08.01 -
BitDefender 7.2 2009.08.01 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.08.01 -
Comodo 1836 2009.08.01 -
DrWeb 5.0.0.12182 2009.08.01 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6650 2009.08.01 -
F-Prot 4.4.4.56 2009.08.01 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.08.01 -
GData 19 2009.08.01 -
Ikarus T3.1.1.64.0 2009.08.01 -
Jiangmin 11.0.800 2009.08.01 -
K7AntiVirus 7.10.808 2009.08.01 -
Kaspersky 7.0.0.125 2009.08.01 -
McAfee 5695 2009.08.01 -
McAfee+Artemis 5695 2009.08.01 -
McAfee-GW-Edition 6.8.5 2009.08.01 -
Microsoft 1.4903 2009.08.01 -
NOD32 4296 2009.08.01 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.08.01 -
Panda 10.0.0.14 2009.08.01 -
PCTools 4.4.2.0 2009.08.01 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.08.01 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.08.01 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.08.01 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1152512 bytes
MD5...: cc418886ece11dbaee3cd1d32b7700bf
SHA1..: 941d61a1b751dd0ab83c3efeb29ee62932d82e57
SHA256: 9fb1d1b184744a02052134134381f3aca908058aa51c00b9ac7435790fe2273f
ssdeep: 24576:Mec//////vPItR0Ine4/aWZR88y2jBu+jAtGVVm:Mec//////X2nb/zZCA<BR>jpjA<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Borland Delphi 7 (95.8%)<BR>Win32 Executable Delphi generic (2.1%)<BR>Win32 Executable Generic (1.2%)<BR>Win16/32 Executable Delphi generic (0.2%)<BR>Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xf2118<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xf1228 0xf1400 6.57 bd48ddca4c715b8acf931815a70d5f2b<BR>DATA 0xf3000 0x4ff8 0x5000 5.75 7692176bb25e8bfec69ed70b22428ac6<BR>BSS 0xf8000 0x28b9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xfb000 0x327c 0x3400 4.98 312f82af891afb8f5eed49a7596798e4<BR>.edata 0xff000 0x51 0x200 0.89 0d34416ba90dbcbe55f94a2965af1774<BR>.tls 0x100000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x101000 0x73 0x200 1.67 07ca8cc89d453fc56dcc03918e4d11f7<BR>.reloc 0x102000 0xe348 0xe400 6.68 ccad8aac3091b0dfbf1872697e9504c0<BR>.rsrc 0x111000 0x11191 0x11200 4.98 64e3b1e41659ae53f1291a6b6a38091e<BR><BR>( 23 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey, InitializeSecurityDescriptor, GetUserNameA<BR>> kernel32.dll: lstrlenW, lstrlenA, lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SystemTimeToFileTime, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenProcess, OpenFileMappingA, MultiByteToWideChar, MulDiv, MapViewOfFile, LockResource, LocalSize, LocalFree, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContext, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>> gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateFontA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt<BR>> user32.dll: WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyAcceleratorTable, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableA, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout<BR>> ole32.dll: CreateStreamOnHGlobal, CreateILockBytesOnHGlobal, OleGetIconOfClass, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CreateBindCtx, StgCreateDocfileOnILockBytes, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID<BR>> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString<BR>> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls<BR>> shell32.dll: Shell_NotifyIconA, ShellExecuteA<BR>> comdlg32.dll: PrintDlgA, GetSaveFileNameA<BR>> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, socket, sendto, send, select, recvfrom, recv, inet_addr, htons, connect, closesocket, bind<BR>> kernel32.dll: RtlUnwind<BR>> kernel32.dll: Sleep<BR>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR>> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter<BR>> kernel32.dll: MulDiv<BR>> advapi32.dll: StartServiceA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle<BR>> oledlg.dll: OleUIObjectPropertiesA<BR><BR>( 1 exports ) <BR>madTraceProcess<BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=cc418886ece11dbaee3cd1d32b7700bf' target='_blank'>https://www.symantec.com?md5=cc418886ece11dbaee3cd1d32b7700bf</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.01 -
AhnLab-V3 5.0.0.2 2009.08.01 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.08.01 -
Avast 4.8.1335.0 2009.08.01 -
AVG 8.5.0.406 2009.08.01 -
BitDefender 7.2 2009.08.01 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.08.01 -
Comodo 1836 2009.08.01 -
DrWeb 5.0.0.12182 2009.08.01 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6650 2009.08.01 -
F-Prot 4.4.4.56 2009.08.01 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.08.01 -
GData 19 2009.08.01 -
Ikarus T3.1.1.64.0 2009.08.01 -
Jiangmin 11.0.800 2009.08.01 -
K7AntiVirus 7.10.808 2009.08.01 -
Kaspersky 7.0.0.125 2009.08.01 -
McAfee 5695 2009.08.01 -
McAfee+Artemis 5695 2009.08.01 -
McAfee-GW-Edition 6.8.5 2009.08.01 -
Microsoft 1.4903 2009.08.01 -
NOD32 4296 2009.08.01 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.08.01 -
Panda 10.0.0.14 2009.08.01 -
PCTools 4.4.2.0 2009.08.01 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.08.01 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.08.01 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.08.01 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1152512 bytes
MD5...: cc418886ece11dbaee3cd1d32b7700bf
SHA1..: 941d61a1b751dd0ab83c3efeb29ee62932d82e57
SHA256: 9fb1d1b184744a02052134134381f3aca908058aa51c00b9ac7435790fe2273f
ssdeep: 24576:Mec//////vPItR0Ine4/aWZR88y2jBu+jAtGVVm:Mec//////X2nb/zZCA<BR>jpjA<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Borland Delphi 7 (95.8%)<BR>Win32 Executable Delphi generic (2.1%)<BR>Win32 Executable Generic (1.2%)<BR>Win16/32 Executable Delphi generic (0.2%)<BR>Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xf2118<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xf1228 0xf1400 6.57 bd48ddca4c715b8acf931815a70d5f2b<BR>DATA 0xf3000 0x4ff8 0x5000 5.75 7692176bb25e8bfec69ed70b22428ac6<BR>BSS 0xf8000 0x28b9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xfb000 0x327c 0x3400 4.98 312f82af891afb8f5eed49a7596798e4<BR>.edata 0xff000 0x51 0x200 0.89 0d34416ba90dbcbe55f94a2965af1774<BR>.tls 0x100000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x101000 0x73 0x200 1.67 07ca8cc89d453fc56dcc03918e4d11f7<BR>.reloc 0x102000 0xe348 0xe400 6.68 ccad8aac3091b0dfbf1872697e9504c0<BR>.rsrc 0x111000 0x11191 0x11200 4.98 64e3b1e41659ae53f1291a6b6a38091e<BR><BR>( 23 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey, InitializeSecurityDescriptor, GetUserNameA<BR>> kernel32.dll: lstrlenW, lstrlenA, lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SystemTimeToFileTime, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenProcess, OpenFileMappingA, MultiByteToWideChar, MulDiv, MapViewOfFile, LockResource, LocalSize, LocalFree, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExW, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadPriority, GetThreadLocale, GetThreadContext, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>> gdi32.dll: UnrealizeObject, TextOutA, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, EndPage, EndDoc, Ellipse, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateFontA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt<BR>> user32.dll: WindowFromPoint, WindowFromDC, WinHelpA, WaitMessage, WaitForInputIdle, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageTimeoutA, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadImageA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyAcceleratorTable, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableA, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout<BR>> ole32.dll: CreateStreamOnHGlobal, CreateILockBytesOnHGlobal, OleGetIconOfClass, IsAccelerator, OleDraw, OleSetMenuDescriptor, OleUninitialize, OleInitialize, CreateBindCtx, StgCreateDocfileOnILockBytes, CoTaskMemFree, CoTaskMemAlloc, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID<BR>> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString<BR>> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls<BR>> shell32.dll: Shell_NotifyIconA, ShellExecuteA<BR>> comdlg32.dll: PrintDlgA, GetSaveFileNameA<BR>> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, socket, sendto, send, select, recvfrom, recv, inet_addr, htons, connect, closesocket, bind<BR>> kernel32.dll: RtlUnwind<BR>> kernel32.dll: Sleep<BR>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR>> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter<BR>> kernel32.dll: MulDiv<BR>> advapi32.dll: StartServiceA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, ControlService, CloseServiceHandle<BR>> oledlg.dll: OleUIObjectPropertiesA<BR><BR>( 1 exports ) <BR>madTraceProcess<BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=cc418886ece11dbaee3cd1d32b7700bf' target='_blank'>https://www.symantec.com?md5=cc418886ece11dbaee3cd1d32b7700bf</a>
G-rom
ok donc faut positif
relance usbfix , option vaccination , puis option desinstallation
ensuite:
Télécharge OTL de OLDTimer
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant scan all users
règle-le sur "60 Days"
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
relance usbfix , option vaccination , puis option desinstallation
ensuite:
Télécharge OTL de OLDTimer
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant scan all users
règle-le sur "60 Days"
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
Gen,
Voila le lien pour olt.txt
http://www.cijoint.fr/cjlink.php?file=cj200908/cijC1pwM8E.txt
Par contre pas de demande pour extras
G-rom
Voila le lien pour olt.txt
http://www.cijoint.fr/cjlink.php?file=cj200908/cijC1pwM8E.txt
Par contre pas de demande pour extras
G-rom
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:services
avg8wdAppMgmt
MDM
NMIndexingService
RichVideo
soqwx32
:OTL
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
:files
C:\Documents and Settings\Utilisateur\Bureau\drweb-cureit.exe
C:\WINDOWS\System32\drivers\soqwx32.sys
C:\Documents and Settings\Utilisateur\Bureau\daft.zip
C:\Documents and Settings\Utilisateur\Bureau\aswclear.exe
C:\bcf82c9e229cea2691fbab5839
C:\Program Files\Alwil Software
:commands
[emptytemp]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
==========
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:services
avg8wdAppMgmt
MDM
NMIndexingService
RichVideo
soqwx32
:OTL
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
:files
C:\Documents and Settings\Utilisateur\Bureau\drweb-cureit.exe
C:\WINDOWS\System32\drivers\soqwx32.sys
C:\Documents and Settings\Utilisateur\Bureau\daft.zip
C:\Documents and Settings\Utilisateur\Bureau\aswclear.exe
C:\bcf82c9e229cea2691fbab5839
C:\Program Files\Alwil Software
:commands
[emptytemp]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
==========
Gene,
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver avg8wdAppMgmt deleted successfully.
Service\Driver MDM deleted successfully.
Service\Driver NMIndexingService deleted successfully.
Service\Driver RichVideo deleted successfully.
Service\Driver soqwx32 not found.
Service\Driver soqwx32 not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
========== FILES ==========
C:\Documents and Settings\Utilisateur\Bureau\drweb-cureit.exe moved successfully.
C:\WINDOWS\System32\drivers\soqwx32.sys moved successfully.
C:\Documents and Settings\Utilisateur\Bureau\daft.zip moved successfully.
C:\Documents and Settings\Utilisateur\Bureau\aswclear.exe moved successfully.
C:\bcf82c9e229cea2691fbab5839 moved successfully.
C:\Program Files\Alwil Software moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: Utilisateur
->Temp folder emptied: 36224535 bytes
->Temporary Internet Files folder emptied: 3136540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37326148 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75,27 mb
OTL by OldTimer - Version 3.0.10.3 log created on 08012009_190956
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Je dois partir je lirai ta réponse en fin de soirée
Merci
g-rom
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver avg8wdAppMgmt deleted successfully.
Service\Driver MDM deleted successfully.
Service\Driver NMIndexingService deleted successfully.
Service\Driver RichVideo deleted successfully.
Service\Driver soqwx32 not found.
Service\Driver soqwx32 not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
========== FILES ==========
C:\Documents and Settings\Utilisateur\Bureau\drweb-cureit.exe moved successfully.
C:\WINDOWS\System32\drivers\soqwx32.sys moved successfully.
C:\Documents and Settings\Utilisateur\Bureau\daft.zip moved successfully.
C:\Documents and Settings\Utilisateur\Bureau\aswclear.exe moved successfully.
C:\bcf82c9e229cea2691fbab5839 moved successfully.
C:\Program Files\Alwil Software moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: Utilisateur
->Temp folder emptied: 36224535 bytes
->Temporary Internet Files folder emptied: 3136540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37326148 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 75,27 mb
OTL by OldTimer - Version 3.0.10.3 log created on 08012009_190956
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Je dois partir je lirai ta réponse en fin de soirée
Merci
g-rom
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
Télécharges :
Malwarebytes
ou :
Malwarebytes
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
* Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Télécharges :
Malwarebytes
ou :
Malwarebytes
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
* Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
gen,
chose faite voici le rapport:
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2542
Windows 5.1.2600 Service Pack 3
02/08/2009 00:30:39
mbam-log-2009-08-02 (00-30-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145051
Temps écoulé: 34 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
G-rom
chose faite voici le rapport:
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2542
Windows 5.1.2600 Service Pack 3
02/08/2009 00:30:39
mbam-log-2009-08-02 (00-30-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145051
Temps écoulé: 34 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
G-rom
