Invasion de spyware (suite)
Dome
-
totobetourne Messages postés 5677 Statut Membre -
totobetourne Messages postés 5677 Statut Membre -
Rebonsoir
bon voilà j'me suis rendu compte que mon premier sujet était passé "Résolu" alors que c'était pas le cas (mais bon ça remonte)
http://www.commentcamarche.net/forum/affich 7629365 invasion de spyware
j'ai donc refais une analyse avec MAM et en voici le rapport
22:17:24 26/08/2008
mbam-log-08-26-2008 (22-17-20).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 163965
Temps écoulé: 3 hour(s), 6 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 26
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df986c2c-446c-49b7-913d-dbb1bae4dc17} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgd9j0e3al (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\VP\Local Settings\Temporary Internet Files\Content.IE5\HKFNE1Z2\ex32de[1].exe (Trojan.Downloader) -> No action taken.
C:\Program Files\rhcld9j0e3al\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\rhcld9j0e3al.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\rhcld9j0e3al.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\blphcgd9j0e3al.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcgd9j0e3al.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcgd9j0e3al.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcgd9j0e3al.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\VP\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\VP\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\VP\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
bon voilà j'me suis rendu compte que mon premier sujet était passé "Résolu" alors que c'était pas le cas (mais bon ça remonte)
http://www.commentcamarche.net/forum/affich 7629365 invasion de spyware
j'ai donc refais une analyse avec MAM et en voici le rapport
22:17:24 26/08/2008
mbam-log-08-26-2008 (22-17-20).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 163965
Temps écoulé: 3 hour(s), 6 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 26
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df986c2c-446c-49b7-913d-dbb1bae4dc17} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcld9j0e3al (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgd9j0e3al (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\VP\Application Data\rhcld9j0e3al\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Lara\Application Data\rhcld9j0e3al\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\VP\Local Settings\Temporary Internet Files\Content.IE5\HKFNE1Z2\ex32de[1].exe (Trojan.Downloader) -> No action taken.
C:\Program Files\rhcld9j0e3al\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\rhcld9j0e3al.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\rhcld9j0e3al.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcld9j0e3al\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\blphcgd9j0e3al.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcgd9j0e3al.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcgd9j0e3al.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcgd9j0e3al.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\VP\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\VP\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\VP\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
A voir également:
- Invasion de spyware (suite)
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Anti spyware gratuit - Télécharger - Antivirus & Antimalwares
- Anti spyware - Télécharger - Antivirus & Antimalwares
8 réponses
supprime tout ce qu il a trouve. l analyse tu l as effectuee en mode sans echec, c est mieux.
apres fait un hijack.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
apres fait un hijack.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
j'avais pas trop le choix de faire en sans échec, mon pc bloquait lors d'un démarrage normal (à priori là c'est règlé)
rapport hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:10, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C90C50E-3BD4-4D3F-A91B-57AAB7B2DCF3} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
rapport hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:10, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C90C50E-3BD4-4D3F-A91B-57AAB7B2DCF3} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
as tu supprimer ce qu il t a trouve?pas de reponse.car ton rapport indique no action taken(aucune action de prise).
oui j'ai tout supprimé, j'avais enregistré le rapport avant de faire la suppression (je craignais de pas pouvoir le faire après)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
cela a l air quasiment bon
Ensuite,
*Rends toi sur ce site :
https://www.virustotal.com/gui/
*Clique sur "Parcourir" et cherche ce fichier : c:\WINDOWS\system32\mpt.exe
*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena
Ensuite,
*Rends toi sur ce site :
https://www.virustotal.com/gui/
*Clique sur "Parcourir" et cherche ce fichier : c:\WINDOWS\system32\mpt.exe
*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena
voila :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.27.1 2008.08.27 -
AntiVir 7.8.1.23 2008.08.27 TR/Zlob.CQP
Authentium 5.1.0.4 2008.08.27 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.27 MemScan:Trojan.Zlob.CQP
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.27 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.26 -
eTrust-Vet 31.6.6052 2008.08.27 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.27 -
F-Secure 7.60.13501.0 2008.08.27 -
Fortinet 3.14.0.0 2008.08.27 -
GData 19 2008.08.27 -
Ikarus T3.1.1.34.0 2008.08.27 Trojan.Zlob.CQP
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.27 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 TrojanDropper:Win32/Zlob
NOD32v2 3393 2008.08.27 -
Norman 5.80.02 2008.08.27 -
Panda 9.0.0.4 2008.08.27 Trj/Zlob.IS
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.27 Cloaked Malware
Rising 20.59.21.00 2008.08.27 -
Sophos 4.33.0 2008.08.27 -
Sunbelt 3.1.1582.1 2008.08.26 Trojan-Downloader.Zlob.Media-Codec
Symantec 10 2008.08.27 -
TheHacker 6.3.0.6.060 2008.08.23 Trojan/Downloader.Zlob.tym
TrendMicro 8.700.0.1004 2008.08.27 -
VBA32 3.12.8.4 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.27 Trojan.Zlob.CQP
Information additionnelle
File size: 58594 bytes
MD5...: f03a622d9d54ee703bed01d7a97d3241
SHA1..: d6e3f62cf7bf34e87be20f8c0d57e3c9452d9d41
SHA256: cdf1f40da2b0213ae225af39ffae254dd1a01e1c8027b2b52e43d8b2ff764e79
SHA512: 400e6a95f9f45187113c7af91fc6ad6588c1dbd8e539039acc759d123b6318e9
8a5252f60749e224776c41f97efa96dbee6534566f634aa81a32507527fa3994
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4030e3
timedatestamp.....: 0x4878f231 (Sat Jul 12 18:04:33 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b68 0x5c00 6.49 6bfa289fc453f683cf6ad42723acbb61
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25c58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6
.ndata 0x2f000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x37000 0x6c8 0x800 2.92 0668cc1f74eb6042f5ee65456f1f43da
( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=53CB81C1E2695ED4E4F40021E4A60000CB2AE0A4
ThreatExpert info: https://www.symantec.com?md5=f03a622d9d54ee703bed01d7a97d3241
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.27.1 2008.08.27 -
AntiVir 7.8.1.23 2008.08.27 TR/Zlob.CQP
Authentium 5.1.0.4 2008.08.27 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.27 MemScan:Trojan.Zlob.CQP
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.27 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.26 -
eTrust-Vet 31.6.6052 2008.08.27 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.27 -
F-Secure 7.60.13501.0 2008.08.27 -
Fortinet 3.14.0.0 2008.08.27 -
GData 19 2008.08.27 -
Ikarus T3.1.1.34.0 2008.08.27 Trojan.Zlob.CQP
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.27 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 TrojanDropper:Win32/Zlob
NOD32v2 3393 2008.08.27 -
Norman 5.80.02 2008.08.27 -
Panda 9.0.0.4 2008.08.27 Trj/Zlob.IS
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.27 Cloaked Malware
Rising 20.59.21.00 2008.08.27 -
Sophos 4.33.0 2008.08.27 -
Sunbelt 3.1.1582.1 2008.08.26 Trojan-Downloader.Zlob.Media-Codec
Symantec 10 2008.08.27 -
TheHacker 6.3.0.6.060 2008.08.23 Trojan/Downloader.Zlob.tym
TrendMicro 8.700.0.1004 2008.08.27 -
VBA32 3.12.8.4 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.27 Trojan.Zlob.CQP
Information additionnelle
File size: 58594 bytes
MD5...: f03a622d9d54ee703bed01d7a97d3241
SHA1..: d6e3f62cf7bf34e87be20f8c0d57e3c9452d9d41
SHA256: cdf1f40da2b0213ae225af39ffae254dd1a01e1c8027b2b52e43d8b2ff764e79
SHA512: 400e6a95f9f45187113c7af91fc6ad6588c1dbd8e539039acc759d123b6318e9
8a5252f60749e224776c41f97efa96dbee6534566f634aa81a32507527fa3994
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4030e3
timedatestamp.....: 0x4878f231 (Sat Jul 12 18:04:33 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b68 0x5c00 6.49 6bfa289fc453f683cf6ad42723acbb61
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25c58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6
.ndata 0x2f000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x37000 0x6c8 0x800 2.92 0668cc1f74eb6042f5ee65456f1f43da
( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=53CB81C1E2695ED4E4F40021E4A60000CB2AE0A4
ThreatExpert info: https://www.symantec.com?md5=f03a622d9d54ee703bed01d7a97d3241
ok pour l enlever faire un scan gratuit avec bit defender.
colle le rapport d'un scan en ligne.cela se fait avec internet explorer et il faut acepter un active x pour que le scan puisse s effectuer.
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
colle le rapport d'un scan en ligne.cela se fait avec internet explorer et il faut acepter un active x pour que le scan puisse s effectuer.
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
