Aller au contenu

Bigben

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    17

  • Inscription

  • Dernière visite

Bigben's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Bigben
    Bonjour Pear, Ca a l'air d'aller mais par contre Symantec ne démarre pas toujours automatiquement pourtant j'ai remis tous les services en démarrage automatique mais le service: Symantec SPBBCSvc (SPBBCSvc) est quelques fois arrêté et mis en manuel lors du démarrage.
  2. Bigben
    Bonsoir Pear, Voici le rapport Combofix : ComboFix 09-07-20.05 - Administrator 21/07/2009 22:39.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.241 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\32674-CF.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\34385f.msp c:\windows\Installer\74fdd4.msp c:\windows\Installer\7a75f.msi c:\windows\Installer\WMEncoder.msi . ((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 ))))))))))))))))))))))))))))))) . 2009-07-19 10:43 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-19 10:42 . 2009-07-19 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-19 10:42 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-18 22:12 . 2009-07-18 22:12 -------- d-----w- c:\windows\ie8updates 2009-07-18 19:44 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-18 19:44 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-18 14:06 . 2009-07-18 14:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2009-07-18 14:05 . 2009-07-18 14:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-12 18:07 . 2009-07-12 18:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-12 17:23 . 2009-07-12 17:23 -------- d-----w- c:\windows\system32\scripting 2009-07-12 17:22 . 2009-07-12 17:22 -------- d-----w- c:\windows\l2schemas 2009-07-12 17:22 . 2009-07-12 17:22 -------- d-----w- c:\windows\system32\en 2009-07-12 17:22 . 2009-07-12 17:22 -------- d-----w- c:\windows\system32\bits 2009-07-12 17:07 . 2009-07-12 17:27 -------- d-----w- c:\windows\ServicePackFiles 2009-07-12 15:57 . 2009-07-12 15:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-07-12 15:39 . 2009-07-12 15:41 -------- dc-h--w- c:\windows\ie8 2009-07-05 15:57 . 2009-07-05 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-07-05 15:56 . 2009-07-05 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-05 14:33 . 2009-07-05 14:33 -------- d-----w- c:\windows\McAfee.com 2009-07-05 13:43 . 2009-07-05 13:40 410984 ----a-w- c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-21 20:21 . 2007-06-01 12:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-07-18 14:03 . 2007-10-31 19:13 46608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-12 17:31 . 2007-06-01 12:19 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-05 13:39 . 2007-06-01 12:34 -------- d-----w- c:\program files\Java 2009-07-05 13:36 . 2009-03-29 09:02 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-16 14:36 . 2007-06-01 21:06 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2007-06-01 21:06 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 19:09 . 2007-06-01 21:06 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-25 16:27 . 2009-05-25 16:27 -------- d-----w- c:\program files\Data Design Interactive 2009-05-25 16:27 . 2009-05-25 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2009-05-13 05:15 . 2007-06-01 21:07 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-11 15:32 . 2008-01-16 11:52 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-05-07 15:32 . 2007-06-01 21:06 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 14:54 . 2008-12-17 16:00 1915520 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-14 124656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "AdjustCU"="wscript.exe" - c:\windows\system32\wscript.exe [2008-05-08 155648] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-2-9 385024] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:10.45.79.1/255.255.255.255:Enabled:RATServer R2 RatAgent;Rat Agent;c:\program files\INS\Rat Agent\RATAGENT.exe [1/06/2007 14:21 106496] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [15/06/2006 1:40 115952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [6/03/2009 21:49 101936] S3 cel90xbe;cel90xbe;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cel90xbe.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - SNDSRVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] . . ------- Supplementary Scan ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-21 22:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-484061587-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,1f,8c,04,0c,29,85,47,bd,4d,24,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,1f,8c,04,0c,29,85,47,bd,4d,24,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•A~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860) c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-07-21 22:52 ComboFix-quarantined-files.txt 2009-07-21 20:52 Pre-Run: 1.964.736.512 bytes free Post-Run: 2.354.098.176 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 152 --- E O F --- 2009-07-21 19:40
  3. Bigben
    Désolé pour le post précédent, il est venu s'intercaler avant que je n'ai vu votre réponse (dû à une connexion défaillante). J'ai juste un petit problème, avant de pouvoir lancer combo, je n'arrive pas à désactiver Symantec, l'option est grisée ainsi que toute la partie configuration du logicielle...
  4. Bigben
    Bonjour Pear, Voici le résultat du scan du fichier : Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.07.19 - AhnLab-V3 5.0.0.2 2009.07.19 - AntiVir 7.9.0.220 2009.07.17 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.19 - Avast 4.8.1335.0 2009.07.19 - AVG 8.5.0.387 2009.07.19 - BitDefender 7.2 2009.07.19 - CAT-QuickHeal 10.00 2009.07.17 - ClamAV 0.94.1 2009.07.19 - Comodo 1701 2009.07.19 - DrWeb 5.0.0.12182 2009.07.19 - eSafe 7.0.17.0 2009.07.16 - eTrust-Vet 31.6.6623 2009.07.18 - F-Prot 4.4.4.56 2009.07.19 - F-Secure 8.0.14470.0 2009.07.18 - Fortinet 3.120.0.0 2009.07.19 - GData 19 2009.07.19 - Ikarus T3.1.1.64.0 2009.07.19 - Jiangmin 11.0.800 2009.07.19 - K7AntiVirus 7.10.796 2009.07.18 - Kaspersky 7.0.0.125 2009.07.19 - McAfee 5680 2009.07.18 - McAfee+Artemis 5680 2009.07.18 - McAfee-GW-Edition 6.8.5 2009.07.19 - Microsoft 1.4803 2009.07.19 - NOD32 4257 2009.07.18 - Norman 6.01.09 2009.07.17 - nProtect 2009.1.8.0 2009.07.19 - Panda 10.0.0.14 2009.07.18 - PCTools 4.4.2.0 2009.07.18 - Prevx 3.0 2009.07.19 - Rising 21.38.62.00 2009.07.19 - Sophos 4.43.0 2009.07.19 - Sunbelt 3.2.1858.2 2009.07.18 - Symantec 1.4.4.12 2009.07.19 - TheHacker 6.3.4.3.370 2009.07.17 - TrendMicro 8.950.0.1094 2009.07.18 - VBA32 3.12.10.8 2009.07.19 - ViRobot 2009.7.17.1841 2009.07.17 - VirusBuster 4.6.5.0 2009.07.16 - Information additionnelle File size: 106496 bytes MD5...: 96afa71e6932db78ec93dbd732318f5a SHA1..: 791c27fd30cc86386919e1d0961fd2681f25e146 SHA256: 299905c1546ceb77b094153c944063bd5c9c781d69e3c1feb916eface5e2a478 ssdeep: 1536:7dU8gtA0Xq7VK6Ug5E0nYFo6CleEFLBp0DLp/3ebx9jZFfn0:7D73H6JEFr 0xud9LM PEiD..: Armadillo v1.71 TrID..: File type identification Windows Screen Saver (39.4%) Win32 Executable Generic (25.6%) Win32 Dynamic Link Library (generic) (22.8%) Generic Win/DOS Executable (6.0%) DOS Executable Generic (6.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x105ed timedatestamp.....: 0x435370fc (Mon Oct 17 09:38:04 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x10135 0x11000 6.14 6b3047569d7b3fe1b41176f810d37084 .rdata 0x12000 0x35c7 0x4000 4.84 891a67d097fa529ede1925f46d85b8ed .data 0x16000 0x319c 0x2000 4.88 e12f0abcc1960a41fb258f576f156f5b .rsrc 0x1a000 0x1218 0x2000 1.87 fd8e2eeb108a598e814b4b75eb0adeca ( 9 imports ) > KERNEL32.dll: ReadFile, CreateFileA, FindFirstFileA, GetLocalTime, FindClose, GetModuleFileNameA, GetModuleHandleA, GetLastError, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationA, Sleep, CreateMutexA, WaitForMultipleObjects, EnterCriticalSection, LeaveCriticalSection, CreateEventA, WaitForSingleObject, CloseHandle, ResetEvent, SetEvent, InitializeCriticalSection, DeleteCriticalSection, GetCommandLineA > USER32.dll: KillTimer, SendMessageA, SetWindowTextA, SetDlgItemTextA, SetWindowPos, DestroyWindow, MessageBoxA, SetTimer, CreateDialogParamA, DialogBoxParamA > ADVAPI32.dll: SetServiceStatus, RegisterServiceCtrlHandlerA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceCtrlDispatcherA > SHELL32.dll: Shell_NotifyIconA > WS2_32.dll: WSARecv, -, -, WSAEventSelect, WSAEnumNetworkEvents, -, -, WSAWaitForMultipleEvents, WSAResetEvent, -, WSACloseEvent, WSACreateEvent, - > RAT CORE.dll: _Open@Reg@@QAGJPADPAUHKEY__@@K@Z, _EnumKey@Reg@@QAGJHPAD@Z, _GetSubKeys@Reg@@QAGJPAK@Z, __1RSI_Message@@QAE@XZ, _DeleteValue@Reg@@QAGJPAD@Z, _ExistValue@Reg@@QAGJPAD@Z, _ExistRegistryKey@Reg@@QAGJPAD@Z, _GetValue@RSI_Message@@QAEJPAPADPAKDK@Z, _AnalyzeMessage@RSI_Message@@QAEJPAD0@Z, __0RSI_Message@@QAE@XZ, _QueryValue@Reg@@QAGJPADPAK1@Z, __1Logger@@QAE@XZ, _MakeQueryMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _SetValue@RSI_Message@@QAEXPADKK@Z, _ExistKey@Reg@@QAGJPAD@Z, _MakeStartupMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _QueryInfoKey@Reg@@QAGJPAK@Z, _CreateCmdProcess@Process@@QAEKPAD@Z, __0Process@@QAE@XZ, _NotifyChangeKeyValue@Reg@@QAGJPAX@Z, __0Reg@@QAE@PAPAX@Z, __1RSI_Result@@QAE@XZ, _MakeResultMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _MakeParameterField@RSI_Result@@QAEJPAPADPAK@Z, _AddToParameterField@RSI_Result@@QAEJPAD@Z, __0RSI_Result@@QAE@XZ, __1Encrypt@@QAE@XZ, _DecryptText@Encrypt@@QAEJPAD0@Z, __0Encrypt@@QAE@XZ, _Write@File@@QAGJPAD0@Z, _Delete@File@@QAGHPAD@Z, __1File@@QAE@XZ, _GetFileName@File@@QAGJPAD0@Z, __0File@@QAE@XZ, _GetComponent@RSI_Message@@QAEJPAD0K@Z, _MakeFileMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _StartProcess@Process@@QAEKPAD000@Z, _StartClientProcess@Process@@QAEKPAD000KKPAPAX0@Z, _DisplaySystemVersion@OS@@QAEHPADPAK1@Z, _WNetGetJoinInformation@WN@@QAEKPAD0PAK@Z, _StationStatus@Process@@QAEHXZ, _EncryptText@Encrypt@@QAEJPAD0@Z, _SetValue@Reg@@QAGJPADKK@Z, __0Queues@@QAE@XZ%
  5. Bigben
    Bonjour Pear, Voici le résultat du scan du fichier : Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.07.19 - AhnLab-V3 5.0.0.2 2009.07.19 - AntiVir 7.9.0.220 2009.07.17 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.19 - Avast 4.8.1335.0 2009.07.19 - AVG 8.5.0.387 2009.07.19 - BitDefender 7.2 2009.07.19 - CAT-QuickHeal 10.00 2009.07.17 - ClamAV 0.94.1 2009.07.19 - Comodo 1701 2009.07.19 - DrWeb 5.0.0.12182 2009.07.19 - eSafe 7.0.17.0 2009.07.16 - eTrust-Vet 31.6.6623 2009.07.18 - F-Prot 4.4.4.56 2009.07.19 - F-Secure 8.0.14470.0 2009.07.18 - Fortinet 3.120.0.0 2009.07.19 - GData 19 2009.07.19 - Ikarus T3.1.1.64.0 2009.07.19 - Jiangmin 11.0.800 2009.07.19 - K7AntiVirus 7.10.796 2009.07.18 - Kaspersky 7.0.0.125 2009.07.19 - McAfee 5680 2009.07.18 - McAfee+Artemis 5680 2009.07.18 - McAfee-GW-Edition 6.8.5 2009.07.19 - Microsoft 1.4803 2009.07.19 - NOD32 4257 2009.07.18 - Norman 6.01.09 2009.07.17 - nProtect 2009.1.8.0 2009.07.19 - Panda 10.0.0.14 2009.07.18 - PCTools 4.4.2.0 2009.07.18 - Prevx 3.0 2009.07.19 - Rising 21.38.62.00 2009.07.19 - Sophos 4.43.0 2009.07.19 - Sunbelt 3.2.1858.2 2009.07.18 - Symantec 1.4.4.12 2009.07.19 - TheHacker 6.3.4.3.370 2009.07.17 - TrendMicro 8.950.0.1094 2009.07.18 - VBA32 3.12.10.8 2009.07.19 - ViRobot 2009.7.17.1841 2009.07.17 - VirusBuster 4.6.5.0 2009.07.16 - Information additionnelle File size: 106496 bytes MD5...: 96afa71e6932db78ec93dbd732318f5a SHA1..: 791c27fd30cc86386919e1d0961fd2681f25e146 SHA256: 299905c1546ceb77b094153c944063bd5c9c781d69e3c1feb916eface5e2a478 ssdeep: 1536:7dU8gtA0Xq7VK6Ug5E0nYFo6CleEFLBp0DLp/3ebx9jZFfn0:7D73H6JEFr 0xud9LM PEiD..: Armadillo v1.71 TrID..: File type identification Windows Screen Saver (39.4%) Win32 Executable Generic (25.6%) Win32 Dynamic Link Library (generic) (22.8%) Generic Win/DOS Executable (6.0%) DOS Executable Generic (6.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x105ed timedatestamp.....: 0x435370fc (Mon Oct 17 09:38:04 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x10135 0x11000 6.14 6b3047569d7b3fe1b41176f810d37084 .rdata 0x12000 0x35c7 0x4000 4.84 891a67d097fa529ede1925f46d85b8ed .data 0x16000 0x319c 0x2000 4.88 e12f0abcc1960a41fb258f576f156f5b .rsrc 0x1a000 0x1218 0x2000 1.87 fd8e2eeb108a598e814b4b75eb0adeca ( 9 imports ) > KERNEL32.dll: ReadFile, CreateFileA, FindFirstFileA, GetLocalTime, FindClose, GetModuleFileNameA, GetModuleHandleA, GetLastError, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationA, Sleep, CreateMutexA, WaitForMultipleObjects, EnterCriticalSection, LeaveCriticalSection, CreateEventA, WaitForSingleObject, CloseHandle, ResetEvent, SetEvent, InitializeCriticalSection, DeleteCriticalSection, GetCommandLineA > USER32.dll: KillTimer, SendMessageA, SetWindowTextA, SetDlgItemTextA, SetWindowPos, DestroyWindow, MessageBoxA, SetTimer, CreateDialogParamA, DialogBoxParamA > ADVAPI32.dll: SetServiceStatus, RegisterServiceCtrlHandlerA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceCtrlDispatcherA > SHELL32.dll: Shell_NotifyIconA > WS2_32.dll: WSARecv, -, -, WSAEventSelect, WSAEnumNetworkEvents, -, -, WSAWaitForMultipleEvents, WSAResetEvent, -, WSACloseEvent, WSACreateEvent, - > RAT CORE.dll: _Open@Reg@@QAGJPADPAUHKEY__@@K@Z, _EnumKey@Reg@@QAGJHPAD@Z, _GetSubKeys@Reg@@QAGJPAK@Z, __1RSI_Message@@QAE@XZ, _DeleteValue@Reg@@QAGJPAD@Z, _ExistValue@Reg@@QAGJPAD@Z, _ExistRegistryKey@Reg@@QAGJPAD@Z, _GetValue@RSI_Message@@QAEJPAPADPAKDK@Z, _AnalyzeMessage@RSI_Message@@QAEJPAD0@Z, __0RSI_Message@@QAE@XZ, _QueryValue@Reg@@QAGJPADPAK1@Z, __1Logger@@QAE@XZ, _MakeQueryMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _SetValue@RSI_Message@@QAEXPADKK@Z, _ExistKey@Reg@@QAGJPAD@Z, _MakeStartupMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _QueryInfoKey@Reg@@QAGJPAK@Z, _CreateCmdProcess@Process@@QAEKPAD@Z, __0Process@@QAE@XZ, _NotifyChangeKeyValue@Reg@@QAGJPAX@Z, __0Reg@@QAE@PAPAX@Z, __1RSI_Result@@QAE@XZ, _MakeResultMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _MakeParameterField@RSI_Result@@QAEJPAPADPAK@Z, _AddToParameterField@RSI_Result@@QAEJPAD@Z, __0RSI_Result@@QAE@XZ, __1Encrypt@@QAE@XZ, _DecryptText@Encrypt@@QAEJPAD0@Z, __0Encrypt@@QAE@XZ, _Write@File@@QAGJPAD0@Z, _Delete@File@@QAGHPAD@Z, __1File@@QAE@XZ, _GetFileName@File@@QAGJPAD0@Z, __0File@@QAE@XZ, _GetComponent@RSI_Message@@QAEJPAD0K@Z, _MakeFileMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _StartProcess@Process@@QAEKPAD000@Z, _StartClientProcess@Process@@QAEKPAD000KKPAPAX0@Z, _DisplaySystemVersion@OS@@QAEHPADPAK1@Z, _WNetGetJoinInformation@WN@@QAEKPAD0PAK@Z, _StationStatus@Process@@QAEHXZ, _EncryptText@Encrypt@@QAEJPAD0@Z, _SetValue@Reg@@QAGJPADKK@Z, __0Queues@@QAE@XZ, __1XML@@QAE@XZ, _GetValue@XML@@QAG_NPAPAD0@Z, _GetElement@XML@@QAG_NPAPAD0@Z, _GetMessageA@XML@@QAGPADXZ, _UpdateMessageLength@XML@@QAGXH@Z, _AddToList@XML@@QAGXPAD@Z, _Read@File@@QAGJPADPAK@Z, _Open@File@@QAGJPAD@Z, __0XML@@QAE@XZ, _ProcessEvent@WsaServer@@UAEJXZ, _ProcessIncommingMessage@WsaServer@@UAEJPAD@Z, __1WsaServer@@QAE@XZ, __0WsaServer@@QAE@XZ, _UnregisterSocketAndEvent@WsaServer@@IAEXK@Z, _RegisterSocketAndEvent@WsaServer@@IAEJIPAXPAK@Z, _InitConnection@WsaServer@@QAEJK@Z, _GetSize@Logger@@QAEKXZ, _MakeDir@Logger@@QAEJPAD@Z, _GetBackupDir@Logger@@QAEXPAD@Z, __1Date@@QAE@XZ, _RemoveDir@Logger@@QAEJPAD@Z, _PutYYYYMMDD@Date@@QAEXPAD@Z, _AddDate@Date@@QAEXHW4PDATE@@@Z, __0Date@@QAE@XZ, _EnumValue@Reg@@QAGJHPAD@Z, _DeleteAllKeys@Reg@@QAGJPADPAUHKEY__@@@Z, __0Reg@@QAE@XZ, _Create@Reg@@QAGJPADPAUHKEY__@@K@Z, _QueryValue@Reg@@QAGJPAD0PAK@Z, _Close@Reg@@QAGJH@Z, __1Reg@@QAE@XZ, _Send@WsaClient@@QAEJPAD@Z, _SetValue@Reg@@QAGJPAD0K@Z, _CloseSocket@WsaCon@@IAEHXZ, _GetIPAddress@WsaCon@@QAEJPAD0@Z, _GetMACAddress@WsaCon@@QAEJPAD@Z, _InitConnection@WsaClient@@QAEJPBDK@Z, __0Logger@@QAE@PAD00K@Z, _Log@WsaCon@@IAEXPAD@Z, _Write@Logger@@QAEJPADW4TYPELOG@@0@Z, _GetEventHandle@Queues@@QAEPAPAXXZ, __1WsaClient@@QAE@XZ, __0WsaClient@@QAE@XZ, _MakeMessage@Terminator@@UAEJPAPADPAKK@Z, _MakeMessage@RSI_Record@@MAEJPAPADPAKK@Z, __1Process@@QAE@XZ > MSVCP60.dll: __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, _cerr@std@@3V_$basic_ostream@DU_$char_traits@D@std@@@1@A, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@K@Z, _cout@std@@3V_$basic_ostream@DU_$char_traits@D@std@@@1@A, __0Init@ios_base@std@@QAE@XZ > MSVCRT.dll: __p___initenv, exit, _XcptFilter, __getmainargs, _onexit, __dllonexit, free, _beginthreadex, _errno, _endthreadex, strtoul, _stricmp, _splitpath, atol, printf, strcspn, strncmp, strncpy, __CxxFrameHandler, sprintf, __2@YAPAXI@Z, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _exit, _ltoa > MFC42.DLL: -, -, - ( 97 exports ) __0Header@@QAE@ABV0@@Z, __0Queues@@QAE@ABV0@@Z, __0RSI_File@@QAE@ABV0@@Z, __0RSI_Query@@QAE@ABV0@@Z, __0RSI_Record@@QAE@ABV0@@Z, __0RSI_Result@@QAE@ABV0@@Z, __0RSI_Startup@@QAE@ABV0@@Z, __0RaFlow@@QAE@PAVRaParam@@PAD@Z, __0RaFlow@@QAE@XZ, __0Terminator@@QAE@ABV0@@Z, __0WsaServer@@QAE@ABV0@@Z, __0XML@@QAE@ABV0@@Z, __1RaFlow@@QAE@XZ, __4Date@@QAEAAV0@ABV0@@Z, __4Encrypt@@QAEAAV0@ABV0@@Z, __4EventLogger@@QAEAAV0@ABV0@@Z, __4File@@QAEAAV0@ABV0@@Z, __4Header@@QAEAAV0@ABV0@@Z, __4Logger@@QAEAAV0@ABV0@@Z, __4OS@@QAEAAV0@ABV0@@Z, __4Process@@QAEAAV0@ABV0@@Z, __4Queues@@QAEAAV0@ABV0@@Z, __4RSI_File@@QAEAAV0@ABV0@@Z, __4RSI_Message@@QAEAAV0@ABV0@@Z, __4RSI_Query@@QAEAAV0@ABV0@@Z, __4RSI_Record@@QAEAAV0@ABV0@@Z, __4RSI_Result@@QAEAAV0@ABV0@@Z, __4RSI_Startup@@QAEAAV0@ABV0@@Z, __4RaFlow@@QAEAAV0@ABV0@@Z, __4Reg@@QAEAAV0@ABV0@@Z, __4Terminator@@QAEAAV0@ABV0@@Z, __4Time@@QAEAAV0@ABV0@@Z, __4WN@@QAEAAV0@ABV0@@Z, __4WsaClient@@QAEAAV0@ABV0@@Z, __4WsaCon@@QAEAAV0@ABV0@@Z, __4WsaServer@@QAEAAV0@ABV0@@Z, __4XML@@QAEAAV0@ABV0@@Z, ___7Header@@6B@, ___7RSI_File@@6B@, ___7RSI_Query@@6B@, ___7RSI_Record@@6B@, ___7RSI_Result@@6B@, ___7RSI_Startup@@6B@, ___7Terminator@@6B@, ___7WsaServer@@6B@, _AgentIdle@RaFlow@@AAE_NXZ, _AnalyzeMessage@RaFlow@@QAEJPAD0PAVRSI_Message@@@Z, _AskForTask@RaFlow@@QAEXXZ, _CheckNewTaskCondition@RaFlow@@QAE_NXZ, _CheckNextAction@RaFlow@@QAEXXZ, _CloseConnection@RaFlow@@QAEXXZ, _CopyFileData@RaFlow@@QAEJPAVRaData@@PAD@Z, _DeleteAllWaitingMessages@RaFlow@@QAEJPAVRSI_Message@@@Z, _ExecuteAfterReboot@RaFlow@@QAEXXZ, _ExecuteTask@RaFlow@@QAEKPAVRSI_Message@@@Z, _FindFile@RaFlow@@AAEJPAD@Z, _GetAdministratorData@RaFlow@@AAEXPAD00@Z, _GetAllInstalledPackages@RaFlow@@QAEJXZ, _GetAllOutGoingParameters@RaFlow@@QAEJXZ, _GetAllTaskData@RaFlow@@QAEJPAVRSI_Message@@@Z, _GetID@RaFlow@@AAEJPAD@Z, _GetJoinInfo@RaFlow@@QAEKPAK@Z, _GetLogLevel@RaFlow@@QAEXXZ, _GetOSInfo@RaFlow@@AAEXXZ, _GetRatAgentStatus@RaFlow@@QAEXPAD@Z, _GetRetry@RaFlow@@AAEJPAK@Z, _GetStatus@RaFlow@@QAEKXZ, _GetTask@RaFlow@@QAEJPAPAD@Z, _InitRegistry@RaFlow@@QAEJXZ, _IsPostponable@RaFlow@@QAEHPAVRSI_Message@@KPAVRaPostponeData@@@Z, _MakeConnection@RaFlow@@QAEXXZ, _ProcessRegistry@RaFlow@@QAEJXZ, _ProcessRegistryNotification@RaFlow@@AAEJPAVRaData@@@Z, _ResetRestartTask@RaFlow@@QAEXXZ, _RestartTask@RaFlow@@QAEXXZ, _SaveIncommingData@RaFlow@@QAEXPAVRSI_Message@@PAVRaData@@@Z, _Send@RaFlow@@AAEXPADD00W4CONNECTIONSTATUS@@@Z, _SendAllWaitingMessages@RaFlow@@QAEJPAVRSI_Message@@@Z, _SendQueryPostponeToServer@RaFlow@@QAEJPAVRSI_Message@@PAVRaPostponeData@@@Z, _SetError@RaFlow@@QAEXPAD@Z, _SetNoTaskEvent@RaFlow@@QAEXXZ, _SetRatAgentStatus@RaFlow@@QAEXPAD_N@Z, _SetRatType@RaFlow@@QAEXK@Z, _SetRegistryParameter@RaFlow@@AAEJPAD0K@Z, _SetStationStatus@RaFlow@@QAEKXZ, _SetTaskData@RaFlow@@QAEJPAVRSI_Message@@@Z, _Startup@RaFlow@@QAEXXZ, _StatusIdle@RaFlow@@AAE_NXZ, _Unlock@RaFlow@@QAEJPAVRSI_Message@@PAD11@Z, _WaitForConnectionWithServer@RaFlow@@QAEXXZ, _WaitForRegistryNotification@RaFlow@@QAEKPAVRaData@@@Z, _WaitForTaskFinished@RaFlow@@QAEKXZ, _WaitForTaskFromServer@RaFlow@@QAEKXZ, _WaitForTaskNotificationFromServer@RaFlow@@QAEKXZ, _WaitForTimeout@RaFlow@@QAEXK@Z, _WaitFunction@RaFlow@@QAEXPAD@Z, _WriteLog@RaFlow@@QAEXPADD@Z PDFiD.: - RDS...: NSRL Reference Data Set Et le résultat de Mbam : Malwarebytes' Anti-Malware 1.39 Version de la base de données: 2462 Windows 5.1.2600 Service Pack 3 19/07/2009 15:19:14 mbam-log-2009-07-19 (15-19-14).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 144338 Temps écoulé: 2 hour(s), 32 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Désolé pour le double post...
  6. Bigben
    Bonjour Pear, Voici le résultat du scan du fichier : <table border="1"><tr><td colspan="4">Fichier RATAGENT.exe reçu le 2009.07.19 10:38:21 (UTC)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>a-squared</td><td>4.5.0.24</td><td>2009.07.19</td><td>-</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.07.19</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.0.220</td><td>2009.07.17</td><td>-</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.7</td><td>2009.07.17</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.07.19</td><td>-</td</tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>AVG</td><td>8.5.0.387</td><td>2009.07.19</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.07.19</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.07.17</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.07.19</td><td>-</td</tr><tr><td>Comodo</td><td>1701</td><td>2009.07.19</td><td>-</td</tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.07.19</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.07.16</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6623</td><td>2009.07.18</td><td>-</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.07.19</td><td>-</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.07.18</td><td>-</td</tr><tr><td>Fortinet</td><td>3.120.0.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.07.19</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.64.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>Jiangmin</td><td>11.0.800</td><td>2009.07.19</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.796</td><td>2009.07.18</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.07.19</td><td>-</td</tr><tr><td>McAfee</td><td>5680</td><td>2009.07.18</td><td>-</td</tr><tr><td>McAfee+Artemis</td><td>5680</td><td>2009.07.18</td><td>-</td</tr><tr><td>McAfee-GW-Edition</td><td>6.8.5</td><td>2009.07.19</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4803</td><td>2009.07.19</td><td>-</td</tr><tr><td>NOD32</td><td>4257</td><td>2009.07.18</td><td>-</td</tr><tr><td>Norman</td><td>6.01.09</td><td>2009.07.17</td><td>-</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>Panda</td><td>10.0.0.14</td><td>2009.07.18</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.07.18</td><td>-</td</tr><tr><td>Prevx</td><td>3.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>Rising</td><td>21.38.62.00</td><td>2009.07.19</td><td>-</td</tr><tr><td>Sophos</td><td>4.43.0</td><td>2009.07.19</td><td>-</td</tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.07.18</td><td>-</td</tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.07.19</td><td>-</td</tr><tr><td>TheHacker</td><td>6.3.4.3.370</td><td>2009.07.17</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.950.0.1094</td><td>2009.07.18</td><td>-</td</tr><tr><td>VBA32</td><td>3.12.10.8</td><td>2009.07.19</td><td>-</td</tr><tr><td>ViRobot</td><td>2009.7.17.1841</td><td>2009.07.17</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.07.16</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">File size: 106496 bytes</td></tr><tr><td colspan="4">MD5...: 96afa71e6932db78ec93dbd732318f5a</td></tr><tr><td colspan="4">SHA1..: 791c27fd30cc86386919e1d0961fd2681f25e146</td></tr><tr><td colspan="4">SHA256: 299905c1546ceb77b094153c944063bd5c9c781d69e3c1feb916eface5e2a478</td></tr><tr><td colspan="4">ssdeep: 1536:7dU8gtA0Xq7VK6Ug5E0nYFo6CleEFLBp0DLp/3ebx9jZFfn0:7D73H6JEFr<BR>0xud9LM<BR></td></tr><tr><td colspan="4">PEiD..: Armadillo v1.71</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Windows Screen Saver (39.4%)<BR>Win32 Executable Generic (25.6%)<BR>Win32 Dynamic Link Library (generic) (22.8%)<BR>Generic Win/DOS Executable (6.0%)<BR>DOS Executable Generic (6.0%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x105ed<BR>timedatestamp.....: 0x435370fc (Mon Oct 17 09:38:04 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10135 0x11000 6.14 6b3047569d7b3fe1b41176f810d37084<BR>.rdata 0x12000 0x35c7 0x4000 4.84 891a67d097fa529ede1925f46d85b8ed<BR>.data 0x16000 0x319c 0x2000 4.88 e12f0abcc1960a41fb258f576f156f5b<BR>.rsrc 0x1a000 0x1218 0x2000 1.87 fd8e2eeb108a598e814b4b75eb0adeca<BR><BR>( 9 imports ) <BR>> KERNEL32.dll: ReadFile, CreateFileA, FindFirstFileA, GetLocalTime, FindClose, GetModuleFileNameA, GetModuleHandleA, GetLastError, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationA, Sleep, CreateMutexA, WaitForMultipleObjects, EnterCriticalSection, LeaveCriticalSection, CreateEventA, WaitForSingleObject, CloseHandle, ResetEvent, SetEvent, InitializeCriticalSection, DeleteCriticalSection, GetCommandLineA<BR>> USER32.dll: KillTimer, SendMessageA, SetWindowTextA, SetDlgItemTextA, SetWindowPos, DestroyWindow, MessageBoxA, SetTimer, CreateDialogParamA, DialogBoxParamA<BR>> ADVAPI32.dll: SetServiceStatus, RegisterServiceCtrlHandlerA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceCtrlDispatcherA<BR>> SHELL32.dll: Shell_NotifyIconA<BR>> WS2_32.dll: WSARecv, -, -, WSAEventSelect, WSAEnumNetworkEvents, -, -, WSAWaitForMultipleEvents, WSAResetEvent, -, WSACloseEvent, WSACreateEvent, -<BR>> RAT CORE.dll: _Open@Reg@@QAGJPADPAUHKEY__@@K@Z, _EnumKey@Reg@@QAGJHPAD@Z, _GetSubKeys@Reg@@QAGJPAK@Z, __1RSI_Message@@QAE@XZ, _DeleteValue@Reg@@QAGJPAD@Z, _ExistValue@Reg@@QAGJPAD@Z, _ExistRegistryKey@Reg@@QAGJPAD@Z, _GetValue@RSI_Message@@QAEJPAPADPAKDK@Z, _AnalyzeMessage@RSI_Message@@QAEJPAD0@Z, __0RSI_Message@@QAE@XZ, _QueryValue@Reg@@QAGJPADPAK1@Z, __1Logger@@QAE@XZ, _MakeQueryMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _SetValue@RSI_Message@@QAEXPADKK@Z, _ExistKey@Reg@@QAGJPAD@Z, _MakeStartupMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _QueryInfoKey@Reg@@QAGJPAK@Z, _CreateCmdProcess@Process@@QAEKPAD@Z, __0Process@@QAE@XZ, _NotifyChangeKeyValue@Reg@@QAGJPAX@Z, __0Reg@@QAE@PAPAX@Z, __1RSI_Result@@QAE@XZ, _MakeResultMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _MakeParameterField@RSI_Result@@QAEJPAPADPAK@Z, _AddToParameterField@RSI_Result@@QAEJPAD@Z, __0RSI_Result@@QAE@XZ, __1Encrypt@@QAE@XZ, _DecryptText@Encrypt@@QAEJPAD0@Z, __0Encrypt@@QAE@XZ, _Write@File@@QAGJPAD0@Z, _Delete@File@@QAGHPAD@Z, __1File@@QAE@XZ, _GetFileName@File@@QAGJPAD0@Z, __0File@@QAE@XZ, _GetComponent@RSI_Message@@QAEJPAD0K@Z, _MakeFileMessage@RSI_Message@@QAEPADW4RATTYPE@@@Z, _StartProcess@Process@@QAEKPAD000@Z, _StartClientProcess@Process@@QAEKPAD000KKPAPAX0@Z, _DisplaySystemVersion@OS@@QAEHPADPAK1@Z, _WNetGetJoinInformation@WN@@QAEKPAD0PAK@Z, _StationStatus@Process@@QAEHXZ, _EncryptText@Encrypt@@QAEJPAD0@Z, _SetValue@Reg@@QAGJPADKK@Z, __0Queues@@QAE@XZ, __1XML@@QAE@XZ, _GetValue@XML@@QAG_NPAPAD0@Z, _GetElement@XML@@QAG_NPAPAD0@Z, _GetMessageA@XML@@QAGPADXZ, _UpdateMessageLength@XML@@QAGXH@Z, _AddToList@XML@@QAGXPAD@Z, _Read@File@@QAGJPADPAK@Z, _Open@File@@QAGJPAD@Z, __0XML@@QAE@XZ, _ProcessEvent@WsaServer@@UAEJXZ, _ProcessIncommingMessage@WsaServer@@UAEJPAD@Z, __1WsaServer@@QAE@XZ, __0WsaServer@@QAE@XZ, _UnregisterSocketAndEvent@WsaServer@@IAEXK@Z, _RegisterSocketAndEvent@WsaServer@@IAEJIPAXPAK@Z, _InitConnection@WsaServer@@QAEJK@Z, _GetSize@Logger@@QAEKXZ, _MakeDir@Logger@@QAEJPAD@Z, _GetBackupDir@Logger@@QAEXPAD@Z, __1Date@@QAE@XZ, _RemoveDir@Logger@@QAEJPAD@Z, _PutYYYYMMDD@Date@@QAEXPAD@Z, _AddDate@Date@@QAEXHW4PDATE@@@Z, __0Date@@QAE@XZ, _EnumValue@Reg@@QAGJHPAD@Z, _DeleteAllKeys@Reg@@QAGJPADPAUHKEY__@@@Z, __0Reg@@QAE@XZ, _Create@Reg@@QAGJPADPAUHKEY__@@K@Z, _QueryValue@Reg@@QAGJPAD0PAK@Z, _Close@Reg@@QAGJH@Z, __1Reg@@QAE@XZ, _Send@WsaClient@@QAEJPAD@Z, _SetValue@Reg@@QAGJPAD0K@Z, _CloseSocket@WsaCon@@IAEHXZ, _GetIPAddress@WsaCon@@QAEJPAD0@Z, _GetMACAddress@WsaCon@@QAEJPAD@Z, _InitConnection@WsaClient@@QAEJPBDK@Z, __0Logger@@QAE@PAD00K@Z, _Log@WsaCon@@IAEXPAD@Z, _Write@Logger@@QAEJPADW4TYPELOG@@0@Z, _GetEventHandle@Queues@@QAEPAPAXXZ, __1WsaClient@@QAE@XZ, __0WsaClient@@QAE@XZ, _MakeMessage@Terminator@@UAEJPAPADPAKK@Z, _MakeMessage@RSI_Record@@MAEJPAPADPAKK@Z, __1Process@@QAE@XZ<BR>> MSVCP60.dll: __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, _cerr@std@@3V_$basic_ostr
  7. Bigben
    Bonjour, J'ai récupéré le portable d'un ami sur lequel Symantec alerte par intermittance la présence de Trojan.Fakeavalert sans pouvoir le supprimer. McAfee on-line n'a rien détecté et je n'ai trouvé aucun des symptomes renseignés par Symantec pour ce trojan. Voici le rapport HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:47, on 18/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\INS\Rat Agent\RATAGENT.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AdjustCU] wscript.exe C:\WINDOWS\INS\AdjustCU\AdjustCU.vbs O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...679/mcfscan.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: Rat Agent (RatAgent) - INS - C:\Program Files\INS\Rat Agent\RATAGENT.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7685 bytes Merci d'avance de votre aide.
  8. Bigben
    Un grand merci ! Et bravo pour votre efficacité et tout le boulot que vous abattez ici !
  9. Bigben
    __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Ben\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Ben\Cookies\ben@adbrite[1].txt Risk: Medium Name: TrackingCookie.Euroclick Path: C:\Documents and Settings\Ben\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Planetactive Path: C:\Documents and Settings\Ben\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Ben\Cookies\ben@advertising[1].txt Risk: Medium Name: TrackingCookie.Adviva Path: C:\Documents and Settings\Ben\Cookies\ben@adviva[1].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Ben\Cookies\ben@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Clickbank Path: C:\Documents and Settings\Ben\Cookies\ben@clickbank[1].txt Risk: Medium Name: TrackingCookie.Connextra Path: C:\Documents and Settings\Ben\Cookies\ben@connextra[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Ben\Cookies\ben@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Ivwbox Path: C:\Documents and Settings\Ben\Cookies\ben@ivwbox[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Ben\Cookies\ben@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Ben\Cookies\ben@revsci[2].txt Risk: Medium Name: TrackingCookie.Information Path: C:\Documents and Settings\Ben\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Ben\Cookies\ben@smartadserver[2].txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: C:\Documents and Settings\Ben\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Ben\Cookies\ben@tacoda[2].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\Ben\Cookies\ben@tradedoubler[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Ben\Cookies\ben@weborama[2].txt Risk: Medium Name: TrackingCookie.Abcsearch Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Falkag Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Safer-networking Path: C:\Documents and Settings\Ben\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.6:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.8:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.15:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.16:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.17:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.19:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.20:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.21:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.58:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.70:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.76:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.77:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.78:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.79:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.80:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.81:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.82:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.83:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.84:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.85:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.86:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.87:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.88:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.92:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.93:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.95:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.97:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.98:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.99:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.109:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.111:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.112:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.113:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.114:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.115:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.116:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.117:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.119:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sexcounter Path: :mozilla.130:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sexcounter Path: :mozilla.131:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sexcounter Path: :mozilla.132:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sexcounter Path: :mozilla.133:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Esomniture Path: :mozilla.143:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.164:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.167:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.168:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.171:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.172:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.173:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.219:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.220:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.233:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.265:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Valueclick Path: :mozilla.274:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.283:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.313:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.320:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Casinotropez Path: :mozilla.332:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Qksrv Path: :mozilla.342:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Qksrv Path: :mozilla.343:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Realmedia Path: :mozilla.373:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Revenue Path: :mozilla.375:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.376:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.377:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Msn Path: :mozilla.404:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Msn Path: :mozilla.405:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Msn Path: :mozilla.406:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.423:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.424:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.425:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.426:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.427:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.428:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.429:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.430:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.431:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.432:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.433:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.434:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.435:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.436:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.437:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.438:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.439:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.440:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.441:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Targetnet Path: :mozilla.450:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Targetnet Path: :mozilla.451:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.463:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.464:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.465:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.467:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Valueclick Path: :mozilla.473:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adobe Path: :mozilla.495:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Falkag Path: :mozilla.543:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yadro Path: :mozilla.632:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yadro Path: :mozilla.633:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.643:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.644:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.645:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.646:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Sitestat Path: :mozilla.655:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.663:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.664:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.665:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.671:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adjuggler Path: :mozilla.675:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adjuggler Path: :mozilla.676:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: TrackingCookie.Adjuggler Path: :mozilla.677:C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\b9nx7wk6.default\cookies.txt Risk: Medium Name: Adware.Minibug Path: C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll Risk: Medium
  10. Bigben
    Je fais pas le point 2 (ewido) ? Parce que là, qd je t'ai répondu que le pc allait bcp mieux, j'avais encore rien fait de ton post précédent !
  11. Bigben
    Par contre quand je clique sur ToolsCleaner2.exe, il se passe pas grand chose (juste une ouverture-fermeture instantanée d'une fenêtre DOS, après ça plus rien...)
  12. Bigben
    Là, le PC se comporte déjà bcp mieux... J'aurais même dit qu'il semblait revenu à la normale !
  13. Bigben
    Excuse-moi, j'avais pas compris que c'était le rapport créé lors du nettoyage qu'il fallait posté... Voici : SmitFraudFix v2.300 Rapport fait à 20:21:24,26, lun. 03/03/2008 Executé à partir de C:\Documents and Settings\Ben\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  14. Bigben
    C'est ce que j'ai fait pourtant... Bon, je vais recommencer...
  15. Bigben
    Merci pour ta rapidité. Voici les rapports demandés : SmitFraudFix v2.300 Rapport fait à 19:40:31,68, lun. 03/03/2008 Executé à partir de C:\Documents and Settings\Ben\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Medion Info Display\MdionLCM.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\itunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Messenger\msmsgs.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\Nokia\Services\SERVIC~1.EXE C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BENOIT~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 172.19.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3B1EC24-1C14-4739-8FA8-06D7BC6881CB}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:42:41, on 3/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Medion Info Display\MdionLCM.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\itunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Messenger\msmsgs.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\Nokia\Services\SERVIC~1.EXE C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RDL Rolex - {1F7CAFA7-9AB3-4198-A8B4-671DD6A73153} - C:\WINDOWS\dkxrstqdgn.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: enlfxgw - {C2448512-8C95-4034-8D0E-F1F3C4EC369B} - C:\WINDOWS\enlfxgw.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\BENOIT~1\LOCALS~1\Temp\ARC216\FlyAway.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O21 - SSODL: btrklfr - {89FF42CC-596E-42A9-A72B-8C2EDCE5D876} - C:\WINDOWS\btrklfr.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11625 bytes
×
×
  • Créer...