Sujet Précédent Sujet Suivant

Probleme avec system security

Fermé
antoine327 - 19 juil. 2009 à 13:29
 antoine327 - 19 juil. 2009 à 15:49
Bonjour,

je viens tout juste de me faire avoir par system security

j'ai lancé combofix

voici le fichier log qui en résulte:

ComboFix 09-07-14.08 - HP_Propriétaire 19/07/2009 13:04.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.463 [GMT 2:00]
Running from: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\LOCALS~1\Temp\91933kou.dll
c:\documents and settings\All Users\Application Data\15740934
c:\documents and settings\All Users\Application Data\15740934\15740934 .exe
c:\documents and settings\All Users\Application Data\15740934\15740934 .exe
c:\documents and settings\All Users\Application Data\15740934\15740934
c:\documents and settings\All Users\Application Data\15740934\15740934.exe
c:\documents and settings\HP_Propriétaire\Local Settings\Temp\91933kou.dll
c:\windows\Installer\89dfa9a.msi
c:\windows\msa.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\58cc77df.sys
c:\windows\system32\drivers\UACqgrmdcjsnruekjeyl.sys
c:\windows\system32\ghaf8jkdfd.dll
c:\windows\system32\msbey.exe
c:\windows\system32\mshlief.exe
c:\windows\system32\msihfuyb.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\mszgkq.exe
c:\windows\system32\nY.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\UACadnivutvucctdmevp.dll
c:\windows\system32\UACahnitacrfcmchjehe.dll
c:\windows\system32\UACaotuhpfyntdxsxspe.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACktpovpkrjbpmvtmsr.dll
c:\windows\system32\UAClydwyooqypdvwybct.db
c:\windows\system32\UACmjkbwwoovkevcnwxm.dll
c:\windows\system32\UACnrfvwetdjksnnqyno.dll
c:\windows\system32\uactmp.db
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 01:20 . 2009-07-19 09:21 91 ----a-w- c:\windows\system32\geyekrxtpxrtiy.dat
2009-07-19 01:10 . 2009-07-19 01:10 135168 ----a-w- c:\windows\system32\mobsyn.exe
2009-07-19 01:10 . 2009-07-19 09:21 3982 ----a-w- c:\windows\system32\geyekrerfkorqy.dat
2009-07-19 01:10 . 2009-07-19 09:21 17920 ----a-w- c:\windows\system32\geyekrfwcyoarm.dll
2009-07-19 01:10 . 2009-07-19 01:10 41472 ----a-w- c:\windows\system32\geyekrqwthkvla.dll
2009-07-19 01:10 . 2009-07-19 01:10 67072 ----a-w- c:\windows\system32\drivers\geyekrndccwkrd.sys
2009-07-18 06:09 . 2009-06-30 08:06 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 06:08 . 2009-06-30 08:06 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-05 08:32 . 2009-07-05 08:32 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
2009-07-05 08:32 . 2009-07-05 08:32 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
2009-07-05 08:32 . 2009-07-05 08:32 331776 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
2009-07-05 08:32 . 2009-07-05 08:32 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\unicows.dll
2009-07-05 08:32 . 2009-07-05 08:32 532480 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
2009-07-05 08:32 . 2009-07-05 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2009-07-05 08:32 . 2009-07-05 08:32 155648 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGM.exe
2009-07-04 16:05 . 2009-07-04 16:05 -------- d-----w- C:\Nexon
2009-07-04 16:05 . 2009-07-04 16:05 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-04 07:38 . 2009-06-30 08:06 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-04 07:38 . 2009-07-04 07:36 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-04 07:37 . 2009-06-30 08:06 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-04 07:37 . 2009-07-04 07:36 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-04 07:37 . 2009-07-04 07:36 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-04 07:37 . 2009-06-30 08:06 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-04 07:37 . 2009-06-30 08:06 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-04 07:37 . 2009-06-30 08:06 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-04 07:37 . 2009-06-30 08:06 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-04 07:26 . 2009-06-30 07:38 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 07:26 . 2009-06-30 07:38 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 11:17 . 2006-07-03 23:12 -------- d-----w- c:\program files\Wanadoo
2009-07-19 11:16 . 2006-10-26 22:02 -------- d-----w- c:\program files\PestPatrol
2009-07-19 11:15 . 2006-08-08 13:34 -------- d-----w- c:\program files\Steam
2009-07-19 11:12 . 2007-01-16 17:23 12 -c--a-w- c:\windows\bthservsdp.dat
2009-07-19 10:45 . 2008-03-16 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 10:24 . 2008-07-20 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-19 01:26 . 2009-05-18 16:12 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-19 00:59 . 2009-07-19 00:59 1063650 ----a-w- c:\windows\system32\rn.tmp
2009-07-10 08:17 . 2005-01-01 20:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 13:53 . 2006-02-27 20:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-04 07:36 . 2008-07-20 17:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 08:06 . 2008-07-20 18:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 08:06 . 2008-07-20 17:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 13:57 . 2009-03-04 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-11 07:08 . 2008-07-20 17:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2008-11-17 17:37 . 2008-11-17 17:37 1352 -c--a-w- c:\program files\Cult3D Acrobat Plug-in.log
2008-01-28 18:17 . 2007-06-30 17:17 49152 -c--a-w- c:\program files\wssupdt.dll
2006-07-03 22:06 . 2006-07-03 22:06 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2009-06-24 21:18 . 2008-09-10 21:41 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2005-12-01 19:45 . 2005-12-01 19:45 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[7] 2005-01-28 00:12 662016 66A10B98F18FD804236AB2D90301DE04 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2004-08-05 18:00 660480 58FE94EF42E074F4CAD8BF02E70E6478 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-01-28 00:14 1220608 3B116AFB018B27D31F006B7DD92D5744 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\backup\sp2gdr\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\backup\sp2qfe\wininet.dll
[-] 2006-10-23 15:18 697344 28AE55224C5BF23C9E47258415B2CCBC c:\windows\system32\wininet.dll
[-] 2006-10-23 15:18 697344 28AE55224C5BF23C9E47258415B2CCBC c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-05 18:00 978432 9F3B76C8CF787449A47F05ABAB4E13E6 c:\windows\explorer.exe
[-] 2004-08-05 18:00 978432 9F3B76C8CF787449A47F05ABAB4E13E6 c:\windows\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-30 1217784]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestPatrol Control Center"="c:\progra~1\PestPatrol\PPControl.exe" [2009-07-19 25600]
"PPMemCheck"="c:\progra~1\PestPatrol\PPMemCheck.exe" [2009-07-19 25600]
"CookiePatrol"="c:\progra~1\PestPatrol\CookiePatrol.exe" [2009-07-19 25600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2009-07-19 25600]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-07-19 25600]
"KBD"="c:\hp\KBD\KBD.EXE" [2009-07-19 25600]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2009-07-19 25600]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2009-07-19 25600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-19 25600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-03-10 28160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-12-27 438272]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 08:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\jeux\\Program files\\Bin32\\Crysis.exe"=
"f:\\jeux\\Program files\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\jeux\\cod5fr\\cod5 installé\\CoDWaW.exe"=
"f:\\jeux\\cod5fr\\cod5 installé\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\jeux\\medal of honor airborn\\jeux installé\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"f:\jeux\combat arms\Combat Arms EU\CombatArms.exe"= f:\jeux\combat arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"f:\jeux\combat arms\Combat Arms EU\Engine.exe"= f:\jeux\combat arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"f:\\jeux\\combat arms\\Combat Arms EU\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16616:TCP"= 16616:TCP:BitComet 16616 TCP
"16616:UDP"= 16616:UDP:BitComet 16616 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2008 19:56 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2008 19:56 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2008 20:19 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2008 20:19 298776]
R2 CCNMMDRV;CCNMMDRV;c:\windows\system32\drivers\CCNMMDRV.SYS [02/02/2006 19:04 18944]
R3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [02/04/2007 17:12 15360]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [20/09/2007 20:04 176384]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [02/11/2005 12:53 215552]
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\documents and settings\HP_Propriétaire\Bureau\Crack\lmgrd.exe --> c:\documents and settings\HP_Propriétaire\Bureau\Crack\lmgrd.exe [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\HP_PRO~1\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\HP_PRO~1\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/02/2009 16:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/02/2009 16:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/02/2009 16:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/02/2009 16:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/02/2009 16:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/02/2009 16:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/02/2009 16:08 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [21/02/2009 16:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [21/02/2009 16:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [21/02/2009 16:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [21/02/2009 16:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [21/02/2009 16:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [21/02/2009 16:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [21/02/2009 16:08 117672]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [29/03/2007 18:48 176640]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [23/09/2007 18:43 179968]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A36D2A01-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\ghaf8jkdfd.dll
HKLM-Run-net - c:\windows\system32\net.net
HKLM-Run-15740934 - c:\documents and settings\All Users\Application Data\15740934\15740934.exe
HKLM-Run-15740934 - c:\documents and settings\All Users\Application Data\15740934\15740934 .exe
HKLM-Run-NaturalPoint - (no file)
SharedTaskScheduler-{A36D2A01-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\ghaf8jkdfd.dll


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
TCP: {4C07BA28-5714-4D0B-95F6-28694EBEBFD3} = 192.168.1.1
TCP: {C451899A-5315-418B-9E81-B6CD9DAF22FD} = 192.168.2.1,195.238.2.21
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\twfuwpn2.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx??mkt=fr-FR&FORM=MICWU0&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 13:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-671394573-3777958192-3594627352-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,92,cc,e1,53,81,43,36,bd,d6,ed,4e,a9,c5,49,39,5c,c1,52,4e,56,3c,22,
98,18,9d,ba,a5,b0,ef,ac,b8,40,f5,1f,1e,31,c3,60,59,e8,01,07,d4,33,d3,95,7b,\
"??"=hex:8a,0d,f1,ed,34,1c,db,26,e1,4b,ec,5b,46,4a,a1,67

[HKEY_USERS\S-1-5-21-671394573-3777958192-3594627352-1008\Software\SecuROM\License information*]
"datasecu"=hex:14,21,d8,9d,e5,d1,b5,03,a2,30,48,f7,e8,6c,40,9b,7b,5f,0d,fe,73,
2e,12,38,a6,d3,d3,63,c2,10,f5,51,76,d7,d3,55,1b,b0,79,c7,9f,31,16,e8,17,b6,\
"rkeysecu"=hex:43,94,27,4d,ee,bc,6f,76,b0,02,38,84,88,b9,9d,f9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3992)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\PestPatrol\ppmemcheck .exe
c:\progra~1\PestPatrol\ppcontrol .exe
c:\progra~1\PestPatrol\cookiepatrol .exe
c:\progra~1\AVG\AVG8\avgtray .exe
c:\program files\Saitek\Software\profileru .exe
c:\program files\Saitek\Software\saimfd .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\progra~1\Wanadoo\watch .exe
c:\windows\system32\AlertModule\AlertModule.exe
.
**************************************************************************
.
Completion time: 2009-07-19 13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 11:21

Pre-Run: 12 706 230 272 octets libres
Post-Run: 13 070 266 368 octets libres

339


si quelqu'un peut analyser ceci ce serait simpa car pour moi c'est du charabia

merci d'avance pour vos reponse

antoine

5 réponses

Réponse 1 / 5
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 juil. 2009 à 14:36
Bonjour,


Combofix est un logiciel qui peut être dangereux s'il est mal utilisé, tu n'aurais pas dû faire ça...


/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour antoine327, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier antoine327.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Combofix va demander à envoyer des fichiers à Bleeping Computer pour analyse : accepte
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt



Ensuite, utilise ce logiciel de diangostic stp :

Télécharge hijackthis sur ton Bureau
Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum

0
antoine327
19 juil. 2009 à 15:11
rapport de combofix apres tes instructions

ComboFix 09-07-14.08 - HP_Propriétaire 19/07/2009 14:54.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.499 [GMT 2:00]
Running from: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\drivers\geyekrndccwkrd.sys
file zipped: c:\windows\system32\geyekrerfkorqy.dat
file zipped: c:\windows\system32\geyekrfwcyoarm.dll
file zipped: c:\windows\system32\geyekrqwthkvla.dll
file zipped: c:\windows\system32\geyekrxtpxrtiy.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\HP_Propriétaire\Local Settings\Temp\catchme.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 01:10 . 2009-07-19 01:10 135168 ----a-w- c:\windows\system32\mobsyn.exe
2009-07-18 06:09 . 2009-06-30 08:06 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 06:08 . 2009-06-30 08:06 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-05 08:32 . 2009-07-05 08:32 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
2009-07-05 08:32 . 2009-07-05 08:32 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
2009-07-05 08:32 . 2009-07-05 08:32 331776 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
2009-07-05 08:32 . 2009-07-05 08:32 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\unicows.dll
2009-07-05 08:32 . 2009-07-05 08:32 532480 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
2009-07-05 08:32 . 2009-07-05 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2009-07-05 08:32 . 2009-07-05 08:32 155648 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGM.exe
2009-07-04 16:05 . 2009-07-04 16:05 -------- d-----w- C:\Nexon
2009-07-04 16:05 . 2009-07-04 16:05 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-04 07:38 . 2009-06-30 08:06 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-04 07:38 . 2009-07-04 07:36 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-04 07:37 . 2009-06-30 08:06 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-04 07:37 . 2009-07-04 07:36 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-04 07:37 . 2009-07-04 07:36 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-04 07:37 . 2009-06-30 08:06 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-04 07:37 . 2009-06-30 08:06 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-04 07:37 . 2009-06-30 08:06 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-04 07:37 . 2009-06-30 08:06 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-04 07:26 . 2009-06-30 07:38 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 07:26 . 2009-06-30 07:38 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:05 . 2006-07-03 23:12 -------- d-----w- c:\program files\Wanadoo
2009-07-19 13:04 . 2006-10-26 22:02 -------- d-----w- c:\program files\PestPatrol
2009-07-19 13:04 . 2008-03-16 11:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 13:03 . 2006-08-08 13:34 -------- d-----w- c:\program files\Steam
2009-07-19 12:59 . 2007-01-16 17:23 12 -c--a-w- c:\windows\bthservsdp.dat
2009-07-19 11:59 . 2008-03-16 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 10:24 . 2008-07-20 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-19 01:26 . 2009-05-18 16:12 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-10 08:17 . 2005-01-01 20:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 13:53 . 2006-02-27 20:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-04 07:36 . 2008-07-20 17:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 08:06 . 2008-07-20 18:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 08:06 . 2008-07-20 17:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 13:57 . 2009-03-04 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-11 07:08 . 2008-07-20 17:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2008-11-17 17:37 . 2008-11-17 17:37 1352 -c--a-w- c:\program files\Cult3D Acrobat Plug-in.log
2008-01-28 18:17 . 2007-06-30 17:17 49152 -c--a-w- c:\program files\wssupdt.dll
2006-07-03 22:06 . 2006-07-03 22:06 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2009-06-24 21:18 . 2008-09-10 21:41 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2005-12-01 19:45 . 2005-12-01 19:45 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[7] 2005-01-28 00:12 662016 66A10B98F18FD804236AB2D90301DE04 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2004-08-05 18:00 660480 58FE94EF42E074F4CAD8BF02E70E6478 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-01-28 00:14 1220608 3B116AFB018B27D31F006B7DD92D5744 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\backup\sp2gdr\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\backup\sp2qfe\wininet.dll
[-] 2006-10-23 15:18 697344 28AE55224C5BF23C9E47258415B2CCBC c:\windows\system32\wininet.dll
[-] 2006-10-23 15:18 697344 28AE55224C5BF23C9E47258415B2CCBC c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-05 18:00 978432 9F3B76C8CF787449A47F05ABAB4E13E6 c:\windows\explorer.exe
[-] 2004-08-05 18:00 978432 9F3B76C8CF787449A47F05ABAB4E13E6 c:\windows\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-30 1217784]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-07-19 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestPatrol Control Center"="c:\progra~1\PestPatrol\PPControl.exe" [2009-07-19 25600]
"PPMemCheck"="c:\progra~1\PestPatrol\PPMemCheck.exe" [2009-07-19 25600]
"CookiePatrol"="c:\progra~1\PestPatrol\CookiePatrol.exe" [2009-07-19 25600]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2009-07-19 25600]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-07-19 25600]
"KBD"="c:\hp\KBD\KBD.EXE" [2009-07-19 25600]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2009-07-19 25600]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2009-07-19 25600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-19 25600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-03-10 28160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-12-27 438272]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 08:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\jeux\\Program files\\Bin32\\Crysis.exe"=
"f:\\jeux\\Program files\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\jeux\\cod5fr\\cod5 installé\\CoDWaW.exe"=
"f:\\jeux\\cod5fr\\cod5 installé\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\jeux\\medal of honor airborn\\jeux installé\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"f:\jeux\combat arms\Combat Arms EU\CombatArms.exe"= f:\jeux\combat arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"f:\jeux\combat arms\Combat Arms EU\Engine.exe"= f:\jeux\combat arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"f:\\jeux\\combat arms\\Combat Arms EU\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16616:TCP"= 16616:TCP:BitComet 16616 TCP
"16616:UDP"= 16616:UDP:BitComet 16616 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2008 19:56 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2008 19:56 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2008 20:19 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2008 20:19 298776]
R2 CCNMMDRV;CCNMMDRV;c:\windows\system32\drivers\CCNMMDRV.SYS [02/02/2006 19:04 18944]
R3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [02/04/2007 17:12 15360]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [20/09/2007 20:04 176384]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [02/11/2005 12:53 215552]
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\documents and settings\HP_Propriétaire\Bureau\Crack\lmgrd.exe --> c:\documents and settings\HP_Propriétaire\Bureau\Crack\lmgrd.exe [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\HP_PRO~1\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\HP_PRO~1\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21/02/2009 16:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21/02/2009 16:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21/02/2009 16:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21/02/2009 16:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21/02/2009 16:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21/02/2009 16:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21/02/2009 16:08 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [21/02/2009 16:08 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [21/02/2009 16:08 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [21/02/2009 16:08 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [21/02/2009 16:08 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [21/02/2009 16:08 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [21/02/2009 16:08 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [21/02/2009 16:08 117672]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [29/03/2007 18:48 176640]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [23/09/2007 18:43 179968]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
TCP: {4C07BA28-5714-4D0B-95F6-28694EBEBFD3} = 192.168.1.1
TCP: {C451899A-5315-418B-9E81-B6CD9DAF22FD} = 192.168.2.1,195.238.2.21
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\twfuwpn2.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx??mkt=fr-FR&FORM=MICWU0&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 15:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-671394573-3777958192-3594627352-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,92,cc,e1,53,81,43,36,bd,d6,ed,4e,a9,c5,49,39,5c,c1,52,4e,56,3c,22,
98,18,9d,ba,a5,b0,ef,ac,b8,40,f5,1f,1e,31,c3,60,59,e8,01,07,d4,33,d3,95,7b,\
"??"=hex:8a,0d,f1,ed,34,1c,db,26,e1,4b,ec,5b,46,4a,a1,67

[HKEY_USERS\S-1-5-21-671394573-3777958192-3594627352-1008\Software\SecuROM\License information*]
"datasecu"=hex:14,21,d8,9d,e5,d1,b5,03,a2,30,48,f7,e8,6c,40,9b,7b,5f,0d,fe,73,
2e,12,38,a6,d3,d3,63,c2,10,f5,51,76,d7,d3,55,1b,b0,79,c7,9f,31,16,e8,17,b6,\
"rkeysecu"=hex:43,94,27,4d,ee,bc,6f,76,b0,02,38,84,88,b9,9d,f9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3948)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\progra~1\Wanadoo\Inactivity.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\PestPatrol\ppcontrol .exe
c:\progra~1\PestPatrol\ppmemcheck .exe
c:\progra~1\PestPatrol\cookiepatrol .exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\AlertModule\AlertModule.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-07-19 15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 13:09
ComboFix2.txt 2009-07-19 11:21

Pre-Run: 12 977 831 936 octets libres
Post-Run: 12 970 622 976 octets libres

298
0
antoine327 > antoine327
19 juil. 2009 à 15:14
rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:32, on 19/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\PestPatrol\PPControl.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\PestPatrol\PPControl .exe
C:\PROGRA~1\PestPatrol\PPMemCheck .exe
C:\PROGRA~1\PestPatrol\CookiePatrol .exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\AlertModule\AlertModule.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Enregistrement d'un produit Delta Force-Black Hawk Down Team Sabre.lnk = ?
O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C07BA28-5714-4D0B-95F6-28694EBEBFD3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C451899A-5315-418B-9E81-B6CD9DAF22FD}: NameServer = 192.168.2.1,195.238.2.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Unknown owner - C:\Documents and Settings\HP_Propriétaire\Bureau\Crack\lmgrd.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
0
Réponse 2 / 5
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
19 juil. 2009 à 14:38
Bonjour anthony5151 :)

Pour suivre ... car coriace cette nouvelle variante de TDSS .

A+
0
Réponse 3 / 5
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 juil. 2009 à 15:33
Le rapport de Combofix indique une possible infection de certains fichiers systèmes, on va vérifier :


• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : c:\windows\explorer.exe
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.

Si tu ne trouves pas le fichier, fais ceci :
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.

Fais la même analyse pour ce fichier : c:\windows\system32\wininet.dll

0
Réponse 4 / 5
antoine327
19 juil. 2009 à 15:43
rapport analyse du fichier explorer.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.19 -
AhnLab-V3 5.0.0.2 2009.07.19 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.19 -
Avast 4.8.1335.0 2009.07.19 -
AVG 8.5.0.387 2009.07.19 -
BitDefender 7.2 2009.07.19 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.19 -
Comodo 1702 2009.07.19 -
DrWeb 5.0.0.12182 2009.07.19 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.19 -
F-Secure 8.0.14470.0 2009.07.19 -
Fortinet 3.120.0.0 2009.07.19 -
GData 19 2009.07.19 -
Ikarus T3.1.1.64.0 2009.07.19 -
Jiangmin 11.0.800 2009.07.19 -
K7AntiVirus 7.10.796 2009.07.18 -
Kaspersky 7.0.0.125 2009.07.19 -
McAfee 5680 2009.07.18 -
McAfee+Artemis 5680 2009.07.18 -
McAfee-GW-Edition 6.8.5 2009.07.19 -
Microsoft 1.4803 2009.07.19 -
NOD32 4258 2009.07.19 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.19 -
Panda 10.0.0.14 2009.07.19 -
PCTools 4.4.2.0 2009.07.19 -
Prevx 3.0 2009.07.19 -
Rising 21.38.62.00 2009.07.19 -
Sophos 4.43.0 2009.07.19 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.19 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.18 -
VBA32 3.12.10.8 2009.07.19 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Information additionnelle
File size: 978432 bytes
MD5...: 9f3b76c8cf787449a47f05abab4e13e6
SHA1..: 03dade25ca5cf438f3e11d8b9db96d57e643896b
SHA256: 7ca5f696288f1c31b02ba763f350546aadef7e3df2000b78b9bbb993d53d8c7a
ssdeep: 12288:KzEut4RuAwGgc7fNuIEGpF7LhLs+c40kZb6pmStX6SReAJrQIVo7zWj8BN
nn:KzEuAwj2fNuI12+cV6smSvwA1omjgVn
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1e24e
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 e8525a1e82d869aed3a0bff0a4e35056
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xa51d0 0xa5200 6.57 5e2251a0d1f5b9f2f9e71d0444cf9f8e
.reloc 0xee000 0x36dc 0x3800 6.75 ee49ce3a409d6d28c1d63eabd34499b3

( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-



lien: http://www.virustotal.com/fr/analisis/7ca5f696288f1c31b02ba763f350546aadef7e3df2000b78b9bbb993d53d8c7a-1248011158
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
antoine327
19 juil. 2009 à 15:49
analyse de wininet.dll:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.19 -
AhnLab-V3 5.0.0.2 2009.07.19 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.19 -
Avast 4.8.1335.0 2009.07.19 -
AVG 8.5.0.387 2009.07.19 -
BitDefender 7.2 2009.07.19 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.19 -
Comodo 1702 2009.07.19 -
DrWeb 5.0.0.12182 2009.07.19 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.19 -
F-Secure 8.0.14470.0 2009.07.19 -
Fortinet 3.120.0.0 2009.07.19 -
GData 19 2009.07.19 -
Ikarus T3.1.1.64.0 2009.07.19 -
Jiangmin 11.0.800 2009.07.19 -
K7AntiVirus 7.10.796 2009.07.18 -
Kaspersky 7.0.0.125 2009.07.19 -
McAfee 5680 2009.07.18 -
McAfee+Artemis 5680 2009.07.18 -
McAfee-GW-Edition 6.8.5 2009.07.19 -
Microsoft 1.4803 2009.07.19 -
NOD32 4258 2009.07.19 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.19 -
Panda 10.0.0.14 2009.07.19 -
PCTools 4.4.2.0 2009.07.19 -
Prevx 3.0 2009.07.19 -
Rising 21.38.62.00 2009.07.19 -
Sophos 4.43.0 2009.07.19 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.19 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.18 -
VBA32 3.12.10.8 2009.07.19 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Information additionnelle
File size: 697344 bytes
MD5...: 28ae55224c5bf23c9e47258415b2ccbc
SHA1..: ab4834ee1dbbf854ae8d584ef662b52a06ff4103
SHA256: 8bef00e6f32e32b3240f3e6f78305aa55c2cbcc87483e6d784e6edf9ff78ed2c
ssdeep: 12288:dsVOmyHtH5j5jznCZA1AcWjxZ69upOx7zyVB5tgrMMjqMMuF0r:S/yHR5Z
jCC1AcWjxOx7OVB/mMM2MMuI
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1551
timedatestamp.....: 0x453cdd58 (Mon Oct 23 15:18:48 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x87c30 0x87e00 6.61 65a3d211c81f0ae6855d7b6472071fc9
.data 0x89000 0x5f78 0x2200 2.30 cb42fdff3746ac1abdbc41da04858ece
.rsrc 0x8f000 0x1af02 0x1b000 4.86 c3140c03968f22c5817fd4b72d98c26c
.reloc 0xaa000 0x4f80 0x5000 6.78 5c34740774e2be39f34c9fe4d3f59770

( 7 imports )
> ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyA, RegOpenKeyA, RegEnumKeyA, CryptGetProvParam, CryptSetProvParam, CryptAcquireContextA, CryptReleaseContext, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, GetUserNameA, OpenSCManagerA, EnumServicesStatusA, CloseServiceHandle, RegCreateKeyExW
> CRYPT32.dll: CertGetNameStringW, CryptDecodeObject, CertFindRDNAttr, CertRDNValueToStrA, CertControlStore, CertNameToStrA, CertCreateCertificateContext, CertGetCertificateContextProperty, CertFindCertificateInStore, CertSetCertificateContextProperty, CertOpenSystemStoreA, CertCloseStore, CertFindExtension, CertGetIntendedKeyUsage, CertDuplicateCertificateContext, CertFreeCertificateContext, CryptUnprotectData
> KERNEL32.dll: ExitThread, ExpandEnvironmentStringsA, SuspendThread, TerminateThread, GetACP, RtlMoveMemory, ResetEvent, CreateThread, Sleep, SetErrorMode, FormatMessageA, lstrcatA, SystemTimeToFileTime, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, TlsGetValue, TlsAlloc, GetCurrentThreadId, TlsFree, TlsSetValue, WaitForMultipleObjects, GetTimeFormatA, lstrcpyA, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsBadReadPtr, GlobalAlloc, GlobalFree, IsBadStringPtrW, DeleteFileA, IsBadCodePtr, IsBadWritePtr, SleepEx, GetModuleFileNameA, GetSystemTime, WritePrivateProfileStringA, WriteFile, SetFilePointer, ReadFile, FileTimeToSystemTime, LocalReAlloc, DeleteCriticalSection, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LocalAlloc, GetFileTime, ReleaseSemaphore, CreateSemaphoreA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, GetVersion, CompareStringA, GetFileAttributesA, GetEnvironmentVariableA, GetWindowsDirectoryA, RemoveDirectoryA, GetShortPathNameA, FileTimeToDosDateTime, SetFileAttributesA, GetPrivateProfileStringA, SetFileTime, CreateDirectoryA, CopyFileA, DeviceIoControl, GetDiskFreeSpaceA, FindClose, FindNextFileA, FindFirstFileA, DosDateTimeToFileTime, FlushViewOfFile, UnmapViewOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, SetEndOfFile, LoadLibraryExA, GetUserDefaultLCID, HeapFree, HeapAlloc, GetProcessHeap, GetComputerNameA, LoadLibraryW, GlobalUnlock, GlobalLock, GlobalSize, lstrcpynW, InitializeCriticalSectionAndSpinCount, GetDateFormatA, WaitForSingleObject, GetProcAddress, LoadLibraryA, lstrcmpiA, GetLastError, FreeLibrary, lstrcpynA, lstrlenA, WideCharToMultiByte, InterlockedExchange, CloseHandle, OpenEventA, LeaveCriticalSection, EnterCriticalSection, SetLastError, LocalFree, GetVersionExA, GetFileSize, CreateFileA, GetSystemDirectoryA, lstrlenW, MultiByteToWideChar, GetModuleHandleA, OpenMutexA, CreateMutexA, ReleaseMutex, RaiseException, lstrcmpA, SetEvent, CreateEventA, IsBadStringPtrA
> msvcrt.dll: isdigit, strpbrk, isspace, isalnum, time, strtoul, _vsnprintf, _ftol, ispunct, iscntrl, isalpha, _purecall, _CxxThrowException, wcsncpy, wcscat, wcsstr, srand, rand, wcslen, _wtoi, wcscpy, _wcsnicmp, wcstok, _wcsicmp, wcscmp, malloc, free, realloc, _initterm, _adjust_fdiv, __dllonexit, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, sprintf, memchr, isxdigit, _except_handler3
> OLEAUT32.dll: -, -, -, -, -
> SHLWAPI.dll: PathRemoveFileSpecW, PathRemoveBackslashA, PathRemoveFileSpecA, StrNCatA, -, PathRenameExtensionA, -, SHDeleteKeyA, StrCmpNIW, -, wvnsprintfA, -, -, -, -, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, UrlCombineA, UrlCanonicalizeA, -, PathCreateFromUrlA, UrlUnescapeA, StrNCatW, StrToIntW, StrCpyW, -, -, -, StrStrIA, StrCmpW, SHRegGetUSValueA, StrCmpNA, StrToIntA, StrCatBuffA, StrRChrA, StrCmpIW, -, -, SHSetValueW, -, -, -, StrStrIW, SHGetValueW, SHSetValueA, SHGetValueA, wnsprintfA, wnsprintfW, StrCpyNW, PathFindFileNameW, -, -, SHRegGetValueW, -, -, -, -, StrCatBuffW, -, -, -, -
> USER32.dll: IsWindow, IntersectRect, EqualRect, wsprintfW, LoadIconA, LoadImageA, DestroyIcon, SetForegroundWindow, EnumChildWindows, SetWindowTextA, GetParent, GetWindowRect, ScreenToClient, SendMessageA, PostMessageA, FindWindowA, LoadStringA, ShowWindow, GetDesktopWindow, wsprintfA, CharLowerA, DestroyWindow, IsDlgButtonChecked, EnableWindow, SetFocus, GetDlgItem, EndDialog, CheckDlgButton, CreateWindowExA, RegisterWindowMessageA, KillTimer, SetTimer, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassA, CharNextA, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, SetWindowPos, CharNextExA, WinHelpA, SendDlgItemMessageA

( 225 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl
PDFiD.: -
RDS...: NSRL Reference Data Set
-


lien: http://www.virustotal.com/fr/analisis/8bef00e6f32e32b3240f3e6f78305aa55c2cbcc87483e6d784e6edf9ff78ed2c-1248011512
0

Discussions similaires

Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse