Trojan win32 -small-JMH [trj] arrivé par MSN

Fermé

tom_777 - 21 avril 2008 à 19:41
dou-l Messages postés 2860 Date d'inscription vendredi 29 février 2008 Statut Membre Dernière intervention 29 décembre 2012 - 22 avril 2008 à 19:21

Bonjour,
Je me suis fait contaminé via MSN par le trojan : win32 -small-JMH [trj].
J'ai cherché de l'aide sur les forums, mais chaque topic à l'air d'etre personnalisé en fonction de l'internaute.
Je demande ainsi de l'aide pour m'aider à me débarrasser de ce virus.
Je post en meme temps le rapport de hiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:06 , on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\% ^%.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.124.125 eu.logon.worldofwarcraft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nstBC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MySidesearch Search Assistant - {C17E102B-BD29-4e92-B699-1A21D2CB8E6C} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\hide exit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\% ^%.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [StopRule] C:\DOCUME~1\COMPAQ~1\APPLIC~1\DARTNU~1\junk regs iso.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f2c04a6136624932bd5eaddbb5bf4d85
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f2c04a6136624932bd5eaddbb5bf4d85
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

A voir également:

Trojan win32 -small-JMH [trj] arrivé par MSN
Msn - Télécharger - Messagerie
Trojan remover - Télécharger - Antivirus & Antimalwares
Trojan wacatac ✓ - Forum Virus
Symbole msn ✓ - Forum MSN / WLM
Puabundler win32 - Forum Virus

24 réponses

Réponse 21 / 24

tom_777
22 avril 2008 à 17:38

dsl mais il est toujours pas rentré,il sera la vers 18-19h...

Réponse 22 / 24

dou-l Messages postés 2860 Date d'inscription vendredi 29 février 2008 Statut Membre Dernière intervention 29 décembre 2012 61
22 avril 2008 à 17:58

ok d'accord

Réponse 23 / 24

tom_777
22 avril 2008 à 19:00

Voila les différents rapports :
File size: 37376 bytes
MD5...: 3e9f2da6cd3519cb9320f9ba8ed92c72
SHA1..: 688b0c36390a80115f84866928ee2de4af7fc719
SHA256: 356bec767b9e7c1a7b26bba12c7d1561c4578d7057038f0fd5394a88f6d24043
SHA512: 76d0d762ee35fee40f9dd560e9aae30981193940a78a51fa79c6fba97f1165f2
287a2bba00f8620764537ed820ecd8be8131f1c3000a40d5d3b104cd7c231d46
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43e66d
timedatestamp.....: 0x480cfb81 (Mon Apr 21 20:39:29 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
diDf 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
diDf 0x16000 0x9000 0x8800 7.88 16f75fac12276239a36c390224a7ded1
.rsrc 0x1f000 0x1000 0x600 3.81 92e866bec47380d7577fb5e095010762

( 10 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> MFC42.DLL: -
> MSVCIRT.dll: _fail@ios@@QBEHXZ
> MSVCP60.dll: __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> MSVCRT.dll: atol
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: SHFileOperationA
> USER32.dll: CopyRect

( 0 exports )
packers: UPX
packers: UPX
packers: PE_Patch.Upolyx, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=0A083D7B00FD9FEC92CC00DBCE4FAF0062F19CF1

----------------------------------------------------------------------------------------------------------------------------------------------------------------

File size: 33792 bytes
MD5...: f5402cd47b7389ddc21f92119a906eee
SHA1..: 23755a333f5eb21a89a8ff12cd28201acf122b1f
SHA256: 8c81dd179c91f0548c734617b1d368f0905b532652577eb992c5dcb97868fbef
SHA512: 2408c98fdb123495d18dc2c6e7c42b0c654d84200abda0b8467353986b16fe43
5f7b7ef4fcaa6eafa86d4fc4569ad3eff83507855224db3cc9bbe55cc2f758f8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1001bdc
timedatestamp.....: 0x41107dbc (Wed Aug 04 06:10:04 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x126a 0x1400 5.98 76e24abc49aa0f23153dceefeae8b65e
.data 0x3000 0x38 0x200 0.25 a7f7e8f7f41d7ffb4b369fe282510650
.rsrc 0x4000 0x6814 0x6a00 5.65 69658e622475c8806d8529e23762291f

( 5 imports )
> msvcrt.dll: _except_handler3, _wtoi, _vsnwprintf
> KERNEL32.dll: FreeLibrary, LocalFree, lstrlenA, WideCharToMultiByte, LocalAlloc, lstrlenW, GetProcAddress, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter
> GDI32.dll: GetStockObject
> USER32.dll: RegisterClassW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, MessageBoxW, LoadCursorW, DestroyWindow
> IMAGEHLP.dll: ImageDirectoryEntryToData

( 0 exports )
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f5402cd47b7389ddc21f92119a906eee

---------------------------------------------------------------------------------------------------------------------------------------------------------------

File size: 2182144 bytes
MD5...: dff99b97197af4340c0cf991db8cfc09
SHA1..: d2acc36b5419e7a4e2ab63d401e1808a7f93c242
SHA256: c412b5e8fd26823572ee159041c43df0b50fcc439399d6a46800c4b7a534593d
SHA512: afe48bec2691c05bcb4d0384b4cb962cb0a8b68aa25c58f8b2b87856c725f53b
cc80d4f61c9d6a6f2dbd6c42cc72eaddcdadbb0a4646f2b8923739e589413357
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40c238
timedatestamp.....: 0x475ab840 (Sat Dec 08 15:29:04 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ed70 0x1ee00 6.27 0f05b88328e7c13b53ddec30eaaf290c
.data 0x20000 0x1f49f4 0x1f3e00 7.99 475c4931279be77b6187159c1cdcd35e
.rsrc 0x215000 0x1a8c 0x1c00 3.24 963f7d779dce98ff94c3c0408095dd53

( 6 imports )
> comdlg32.dll: ChooseColorA, PrintDlgW, ReplaceTextA, GetSaveFileNameA, ChooseColorW, ChooseFontW, PageSetupDlgW
> GDI32.dll: CreateDIBitmap, GetPixelFormat, EnumFontFamiliesExA, GetBrushOrgEx, GetTextMetricsW, GetGlyphOutline, CreateFontIndirectW, EnumFontFamiliesA, SetMagicColors, CloseFigure, StartDocA, SetStretchBltMode, GdiFlush, Polygon, GetKerningPairs, GetEnhMetaFileW, SetTextCharacterExtra, InvertRgn, GetPixel, GetTextCharsetInfo, GetTextExtentExPointA, GetTextAlign, EnumFontsA, GetOutlineTextMetricsA, GetPath
> USER32.dll: DlgDirListComboBoxA, AttachThreadInput, IsCharLowerA, MapDialogRect, ShowCursor, ValidateRect, LoadStringA, EnumDisplayMonitors, InternalGetWindowText, wvsprintfW, GetFocus, MsgWaitForMultipleObjects, GetListBoxInfo, GetWindowTextA, IsDialogMessageA, IsDialogMessage, EnableScrollBar, IsDlgButtonChecked, GetInputDesktop, SetClassWord, DdeQueryConvInfo, DdeGetLastError, ModifyMenuA, SetRectEmpty, LoadCursorA
> ADVAPI32.dll: RegDeleteKeyW, RegRestoreKeyA, CryptEncrypt, RegCreateKeyExW, RegEnumKeyA, CryptExportKey, InitializeSecurityDescriptor, LookupPrivilegeNameA, RegConnectRegistryW, LookupPrivilegeDisplayNameW
> KERNEL32.dll: GetACP, RtlUnwind, GetStringTypeA, GetFileType, HeapSize, GetCurrentProcessId, GetProcessHeap, GetCommandLineW, GetStdHandle, TlsSetValue, ReadConsoleInputW, IsValidCodePage, HeapCreate, DebugActiveProcess, WriteFile, GetStartupInfoA, GetLastError, GetDateFormatA, CompareStringA, VirtualQuery, GetCommandLineA, SetLastError, ExitProcess, HeapReAlloc, SetEnvironmentVariableA, GetLocaleInfoW, DeleteCriticalSection, EnumSystemLocalesA, GetProcAddress, InterlockedExchange, TlsGetValue, IsDebuggerPresent, GetCurrentProcess, GetCurrentThreadId, GetUserDefaultLCID, VirtualFree, SetHandleCount, GetModuleFileNameW, GetEnvironmentStrings, GetVersionExA, InterlockedDecrement, MultiByteToWideChar, GetEnvironmentStringsW, EnterCriticalSection, GetModuleFileNameA, TerminateProcess, CompareStringW, LCMapStringW, UnhandledExceptionFilter, QueryPerformanceCounter, GetCPInfo, VirtualAlloc, WideCharToMultiByte, Sleep, GetTickCount, InterlockedIncrement, GetSystemTimeAsFileTime, LoadLibraryA, GetConsoleTitleW, SetConsoleCtrlHandler, GetStringTypeW, LockFileEx, FreeLibrary, HeapAlloc, GetTimeZoneInformation, GetLocaleInfoA, GetModuleHandleA, FreeEnvironmentStringsA, GetConsoleTitleA, TlsAlloc, GlobalFix, HeapFree, SetUnhandledExceptionFilter, LeaveCriticalSection, HeapDestroy, GetTimeFormatA, InitializeCriticalSection, FreeEnvironmentStringsW, SystemTimeToFileTime, LCMapStringA, GetCurrentThread, IsValidLocale, TlsFree, GetStartupInfoW, GetOEMCP
> SHELL32.dll: SHFileOperationA, SHGetDataFromIDListW, ShellExecuteExW, SHGetFileInfo, SHGetDataFromIDListA

( 0 exports )

----------------------------------------------------------------------------------------------------------------------------------------------------------------

File size: 2387288 bytes
MD5...: 812ab9585a5829f601d4ffdc6af8b5c5
SHA1..: b03a2984b2257ff75630bed8887513c2bcbb11eb
SHA256: ad8daf014248c50eac8c896bb113bf378abfc5b20aa7a120f77cd2c50720f95b
SHA512: 7b6c0baa760c43189da476cdd4acbe3f4a5b2aca754d2180603246d990874367
edffbdc81cd19f0af8019eeba4f17b77fb8d300d5c0ac4c85f741f269dcc9dbd
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10127427
timedatestamp.....: 0x468917c6 (Mon Jul 02 15:20:38 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x137b67 0x137c00 6.26 9d5ca74caaa4878c8218b9176c5eeb8e
.rdata 0x139000 0x1d329 0x1d400 4.66 0eace4bc4fbc90b1220070c95d72a0b4
.data 0x157000 0x69f34 0x68200 5.51 a43fd5e3b309428a42f54e6a1ac31a64
.rsrc 0x1c1000 0x6ec98 0x6ee00 4.39 f64e28c1874febe0608710dffc945351
.reloc 0x230000 0x19222 0x19400 6.40 567252d7e534cfb5b09af8e269cd565c

( 14 imports )
> KERNEL32.dll: GetFileSize, MulDiv, GlobalReAlloc, EnumUILanguagesA, VirtualProtect, ReleaseMutex, ExpandEnvironmentStringsA, LocalAlloc, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetPriorityClass, GetModuleHandleW, GetCurrentThread, GetProcessHeap, HeapAlloc, HeapFree, OpenProcess, TerminateProcess, DeleteFileA, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, RemoveDirectoryA, MoveFileA, GetTempPathA, ReadFile, FindFirstFileA, FindNextFileA, FindClose, OutputDebugStringA, SetLastError, GetLocalTime, QueryPerformanceCounter, QueryPerformanceFrequency, VirtualAlloc, VirtualFree, GetSystemInfo, VirtualQuery, CreateFileA, WriteFile, CreateMutexA, LeaveCriticalSection, CreateDirectoryA, GetTempFileNameA, GetCurrentProcessId, WaitForSingleObject, CloseHandle, CreateThread, FormatMessageA, LocalFree, GetTickCount, lstrcatA, DeleteCriticalSection, HeapDestroy, InitializeCriticalSection, IsDBCSLeadByte, LoadLibraryExA, GetLastError, SizeofResource, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, GetShortPathNameA, CompareStringA, lstrcmpiA, lstrcpyA, LoadLibraryA, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, GetCurrentProcess, FlushInstructionCache, lstrcmpA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, MultiByteToWideChar, lstrlenA, lstrlenW, GlobalAlloc, FindResourceA, LoadResource, LockResource, GlobalHandle, GlobalFree, FreeResource, GetCurrentThreadId, EnterCriticalSection, OpenMutexA
> USER32.dll: RedrawWindow, PeekMessageA, SendMessageA, GetActiveWindow, LoadStringA, RegisterWindowMessageA, MapWindowPoints, EnableWindow, ScreenToClient, SetRectEmpty, CopyRect, IsRectEmpty, KillTimer, DestroyIcon, GetIconInfo, GetWindowDC, LoadImageA, DrawIconEx, ClientToScreen, GetCursorPos, GetWindowRect, IsWindowVisible, IsWindow, ShowWindow, SetWindowPos, GetSystemMetrics, GetClientRect, GetParent, MessageBoxA, DialogBoxParamA, CreateDialogIndirectParamA, RegisterClassExA, LoadCursorA, LoadBitmapA, SetTimer, MoveWindow, SetWindowRgn, PostMessageA, InflateRect, PtInRect, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, DrawFrameControl, DrawTextA, GetTopWindow, EndDialog, SetCursor, GetCapture, GetDlgCtrlID, CharNextA, IsWindowEnabled, DrawFocusRect, DrawTextExA, FrameRect, UpdateWindow, GetClassLongA, SetClassLongA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, TranslateMessage, DispatchMessageA, CreateWindowExA, wsprintfA, CallWindowProcA, DestroyWindow, GetDlgItem, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetDesktopWindow, GetClassNameA, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild, GetFocus, SetFocus, GetSysColor, MonitorFromPoint, GetMonitorInfoA, DestroyMenu, TrackPopupMenu, GetSubMenu, LoadMenuA, DialogBoxIndirectParamA, GetWindowTextLengthA, GetWindowTextA, SetForegroundWindow, EnumChildWindows, EnumWindows, SetRect, SetScrollPos, SetScrollRange, ShowScrollBar, SetWindowTextA, SetWindowLongA, GetWindow, GetWindowLongA, DefWindowProcA, GetClassInfoExA
> GDI32.dll: Rectangle, CreateBrushIndirect, GetTextMetricsA, CreateBitmap, OffsetRgn, EqualRgn, CombineRgn, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CreateFontIndirectA, GetDeviceCaps, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush, GetObjectA, GetStockObject, GetDCOrgEx, GetClipBox, SetStretchBltMode, SetWindowOrgEx, FrameRgn, StretchBlt, ExtTextOutA, SetBkColor, SetBkMode, FloodFill, DPtoLP, SaveDC, GetTextExtentPoint32A, RestoreDC, GetTextColor, GetPixel, MaskBlt, CreateDIBSection, ExtCreateRegion, GetDIBits, SetTextColor, GetViewportOrgEx, SetViewportOrgEx, ExcludeClipRect
> ADVAPI32.dll: RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CopySid, GetLengthSid, IsValidSid, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, OpenProcessToken, OpenThreadToken, GetUserNameA, RegRestoreKeyA, RegDeleteValueW, RegDeleteValueA, RegCreateKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegEnumValueA, RegQueryValueExA
> SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA
> ole32.dll: OleRun, CoInitialize, CoUninitialize, CoTaskMemRealloc, OleLockRunning, CoTaskMemAlloc, StringFromCLSID, StringFromGUID2, CoCreateGuid, CoTaskMemFree, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, OleInitialize, CreateStreamOnHGlobal, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathRemoveFileSpecA
> WININET.dll: InternetCanonicalizeUrlA, InternetGetConnectedState, InternetSetOptionA, InternetQueryOptionA, InternetCloseHandle, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetCrackUrlA
> OLEPRO32.DLL: -
> COMCTL32.dll: ImageList_Create, ImageList_AddMasked, ImageList_GetIcon, ImageList_Add, ImageList_GetImageCount, ImageList_SetBkColor, ImageList_GetIconSize, ImageList_Draw, _TrackMouseEvent, InitCommonControlsEx, ImageList_Destroy
> MSIMG32.dll: AlphaBlend
> MSVCP60.dll: __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _eof@ios_base@std@@QBE_NXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@XZ, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXPBDH@Z, __7ios_base@std@@QBE_NXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z, _close@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __Ostd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _length@_$char_traits@D@std@@SAIPBD@Z, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV01@@Z, __0logic_error@std@@QAE@ABV01@@Z, __1logic_error@std@@UAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD0@Z, __1bad_alloc@std@@UAE@XZ, _what@logic_error@std@@UBEPBDXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_NXZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Mstd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, _size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHABV12@@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _find_last_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHPBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _length@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __Xlen@std@@YAXXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIID@Z, ___7bad_alloc@std@@6B@, wctype, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADPAD0@Z, __0bad_alloc@std@@QAE@PBD@Z, __0bad_alloc@std@@QAE@ABV01@@Z, ___7logic_error@std@@6B@, __Xran@std@@YAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z
> MSVCRT.dll: __CxxFrameHandler, _purecall, __2@YAPAXI@Z, memset, strcmp, strlen, strcpy, strstr, memcpy, memcmp, wcscpy, abs, free, malloc, atoi, realloc, _mbsstr, _mbslwr, time, rand, srand, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABV0@@Z, _CxxThrowException, _except_handler3, mktime, strncpy, atof, _ftol, _strupr, _close, _write, _open, _strtime, _strdate, _vsnprintf, _mbschr, isalnum, tolower, isdigit, isxdigit, strchr, toupper, strncmp, _strlwr, wcslen, strtok, sscanf, atol, _itoa, _ismbcspace, _mbsnbicmp, isspace, __1exception@@UAE@XZ, memmove, __0exception@@QAE@ABQBD@Z, _isctype, _strnicmp, _terminate@@YAXXZ, __dllonexit, _onexit, __1type_info@@UAE@XZ, _initterm, _adjust_fdiv, _stricmp, _ltoa, _ultoa

( 6 exports )
DealioDllRegisterServer, DealioDllUnregisterServer, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

Note : je n'ai pas réussi à trouver tout les fichiers.

Je poste en meme temps la rapport OTMoveIt :

C:\WINDOWS\system32\nstBC.dll unregistered successfully.
C:\WINDOWS\system32\nstBC.dll moved successfully.
C:\WINDOWS\mrofinu1423.exe moved successfully.
C:\WINDOWS\system32\mysidesearch_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\mysidesearch_sidebar.dll moved successfully.

Created on 04/22/2008 18:57:18

Réponse 24 / 24

dou-l Messages postés 2860 Date d'inscription vendredi 29 février 2008 Statut Membre Dernière intervention 29 décembre 2012 61
22 avril 2008 à 19:21

ok pour otmoveit mais tes rapport virustotal ne sont pas bon

ca devrait ressembler a ca :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Downloader.Obfuskated
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Busky.EC
NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman - - -
Panda - - -
Prevx1 - - Downloader.Zlob
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - Downloader.MisleadApp
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen

plus le nom du fichier

recommence donc

a+

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"

Detection PUA: win32 Installcore

Problème avec "PUADIManager:Win32/OfferCore

Comment supprimer le virus Trojan

Menaces HackTool:Win32