Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Alerte récurrente de l'antivirus

jezabel

Par jezabel
dans Analyses et éradication malwares

 Partager

Messages recommandés

jezabel Member

jezabel

Posté(e)
  • Auteur
Posté(e)

et de deux : (le troisième arrive)

 

 

Fichier cmstp.exe reçu le 2008.12.07 18:32:46 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.12.6.0 2008.12.06 -

AntiVir 7.9.0.42 2008.12.07 -

Authentium 5.1.0.4 2008.12.06 -

Avast 4.8.1281.0 2008.12.06 -

AVG 8.0.0.199 2008.12.06 -

BitDefender 7.2 2008.12.07 -

CAT-QuickHeal 10.00 2008.12.06 -

ClamAV 0.94.1 2008.12.07 -

Comodo 698 2008.12.06 -

DrWeb 4.44.0.09170 2008.12.07 -

eSafe 7.0.17.0 2008.12.07 -

eTrust-Vet 31.6.6246 2008.12.05 -

Ewido 4.0 2008.12.07 -

F-Prot 4.4.4.56 2008.12.04 -

F-Secure 8.0.14332.0 2008.12.07 -

Fortinet 3.117.0.0 2008.12.07 -

GData 19 2008.12.07 -

Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A

K7AntiVirus 7.10.547 2008.12.06 -

Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic

McAfee 5456 2008.12.06 -

McAfee+Artemis 5456 2008.12.06 -

Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A

NOD32 3668 2008.12.06 -

Norman 5.80.02 2008.12.05 -

Panda 9.0.0.4 2008.12.07 Suspicious file

PCTools 4.4.2.0 2008.12.06 -

Prevx1 V2 2008.12.07 Cloaked Malware

Rising 21.06.62.00 2008.12.07 -

SecureWeb-Gateway 6.7.6 2008.12.07 -

Sophos 4.36.0 2008.12.07 -

Sunbelt 3.1.1832.2 2008.12.01 -

Symantec 10 2008.12.07 -

TheHacker 6.3.1.2.179 2008.12.06 -

TrendMicro 8.700.0.1004 2008.12.05 -

VBA32 3.12.8.10 2008.12.07 -

ViRobot 2008.12.6.1504 2008.12.06 -

VirusBuster 4.5.11.0 2008.12.05 -

Information additionnelle

File size: 86016 bytes

MD5...: c80525d8b5e0d1bee3956c49c6a77923

SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7

SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa

SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br>

ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br>

PEiD..: -

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E''>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.12.6.0 2008.12.06 -

AntiVir 7.9.0.42 2008.12.07 -

Authentium 5.1.0.4 2008.12.06 -

Avast 4.8.1281.0 2008.12.06 -

AVG 8.0.0.199 2008.12.06 -

BitDefender 7.2 2008.12.07 -

CAT-QuickHeal 10.00 2008.12.06 -

ClamAV 0.94.1 2008.12.07 -

Comodo 698 2008.12.06 -

DrWeb 4.44.0.09170 2008.12.07 -

eSafe 7.0.17.0 2008.12.07 -

eTrust-Vet 31.6.6246 2008.12.05 -

Ewido 4.0 2008.12.07 -

F-Prot 4.4.4.56 2008.12.04 -

F-Secure 8.0.14332.0 2008.12.07 -

Fortinet 3.117.0.0 2008.12.07 -

GData 19 2008.12.07 -

Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A

K7AntiVirus 7.10.547 2008.12.06 -

Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic

McAfee 5456 2008.12.06 -

McAfee+Artemis 5456 2008.12.06 -

Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A

NOD32 3668 2008.12.06 -

Norman 5.80.02 2008.12.05 -

Panda 9.0.0.4 2008.12.07 Suspicious file

PCTools 4.4.2.0 2008.12.06 -

Prevx1 V2 2008.12.07 Cloaked Malware

Rising 21.06.62.00 2008.12.07 -

SecureWeb-Gateway 6.7.6 2008.12.07 -

Sophos 4.36.0 2008.12.07 -

Sunbelt 3.1.1832.2 2008.12.01 -

Symantec 10 2008.12.07 -

TheHacker 6.3.1.2.179 2008.12.06 -

TrendMicro 8.700.0.1004 2008.12.05 -

VBA32 3.12.8.10 2008.12.07 -

ViRobot 2008.12.6.1504 2008.12.06 -

VirusBuster 4.5.11.0 2008.12.05 -

 

Information additionnelle

File size: 86016 bytes

MD5...: c80525d8b5e0d1bee3956c49c6a77923

SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7

SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa

SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br>

ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br>

PEiD..: -

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>

Lien vers le commentaire
Partager sur d’autres sites

jezabel Member

jezabel

Posté(e)
  • Auteur
Posté(e)

et de trois :

 

Fichier ieudinit.exe reçu le 2008.12.07 18:37:09 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.12.6.0 2008.12.06 -

AntiVir 7.9.0.42 2008.12.07 -

Authentium 5.1.0.4 2008.12.06 -

Avast 4.8.1281.0 2008.12.06 -

AVG 8.0.0.199 2008.12.06 -

BitDefender 7.2 2008.12.07 -

CAT-QuickHeal 10.00 2008.12.06 -

ClamAV 0.94.1 2008.12.07 -

Comodo 698 2008.12.06 -

DrWeb 4.44.0.09170 2008.12.07 -

eSafe 7.0.17.0 2008.12.07 -

eTrust-Vet 31.6.6246 2008.12.05 -

Ewido 4.0 2008.12.07 -

F-Prot 4.4.4.56 2008.12.04 -

F-Secure 8.0.14332.0 2008.12.07 -

Fortinet 3.117.0.0 2008.12.07 -

GData 19 2008.12.07 -

Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A

K7AntiVirus 7.10.547 2008.12.06 -

Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic

McAfee 5456 2008.12.06 -

McAfee+Artemis 5456 2008.12.06 -

Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A

NOD32 3668 2008.12.06 -

Norman 5.80.02 2008.12.05 -

Panda 9.0.0.4 2008.12.07 Suspicious file

PCTools 4.4.2.0 2008.12.07 -

Prevx1 V2 2008.12.07 Cloaked Malware

Rising 21.06.62.00 2008.12.07 -

SecureWeb-Gateway 6.7.6 2008.12.07 -

Sophos 4.36.0 2008.12.07 -

Sunbelt 3.1.1832.2 2008.12.01 -

Symantec 10 2008.12.07 -

TheHacker 6.3.1.2.179 2008.12.06 -

TrendMicro 8.700.0.1004 2008.12.05 -

VBA32 3.12.8.10 2008.12.07 -

ViRobot 2008.12.6.1504 2008.12.06 -

VirusBuster 4.5.11.0 2008.12.05 -

Information additionnelle

File size: 86016 bytes

MD5...: c80525d8b5e0d1bee3956c49c6a77923

SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7

SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa

SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br>

ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br>

PEiD..: -

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E''>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.12.6.0 2008.12.06 -

AntiVir 7.9.0.42 2008.12.07 -

Authentium 5.1.0.4 2008.12.06 -

Avast 4.8.1281.0 2008.12.06 -

AVG 8.0.0.199 2008.12.06 -

BitDefender 7.2 2008.12.07 -

CAT-QuickHeal 10.00 2008.12.06 -

ClamAV 0.94.1 2008.12.07 -

Comodo 698 2008.12.06 -

DrWeb 4.44.0.09170 2008.12.07 -

eSafe 7.0.17.0 2008.12.07 -

eTrust-Vet 31.6.6246 2008.12.05 -

Ewido 4.0 2008.12.07 -

F-Prot 4.4.4.56 2008.12.04 -

F-Secure 8.0.14332.0 2008.12.07 -

Fortinet 3.117.0.0 2008.12.07 -

GData 19 2008.12.07 -

Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A

K7AntiVirus 7.10.547 2008.12.06 -

Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic

McAfee 5456 2008.12.06 -

McAfee+Artemis 5456 2008.12.06 -

Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A

NOD32 3668 2008.12.06 -

Norman 5.80.02 2008.12.05 -

Panda 9.0.0.4 2008.12.07 Suspicious file

PCTools 4.4.2.0 2008.12.07 -

Prevx1 V2 2008.12.07 Cloaked Malware

Rising 21.06.62.00 2008.12.07 -

SecureWeb-Gateway 6.7.6 2008.12.07 -

Sophos 4.36.0 2008.12.07 -

Sunbelt 3.1.1832.2 2008.12.01 -

Symantec 10 2008.12.07 -

TheHacker 6.3.1.2.179 2008.12.06 -

TrendMicro 8.700.0.1004 2008.12.05 -

VBA32 3.12.8.10 2008.12.07 -

ViRobot 2008.12.6.1504 2008.12.06 -

VirusBuster 4.5.11.0 2008.12.05 -

 

Information additionnelle

File size: 86016 bytes

MD5...: c80525d8b5e0d1bee3956c49c6a77923

SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7

SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa

SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br>

ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br>

PEiD..: -

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je vais te demander de me poster ces 3 fichiers. Je t'envoie la procédure pour me les faire parvenir par MP (messagerie privée) :

 

C:\windows\system32\drivers\clipsrv.exe

C:\Windows\System\cmstp.exe

C:\Windows\System32\drivers\ieudinit.exe

 

On les shoote juste après. :P

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je les ai eus. Merci ! :P

 

J'ai envoyé ça déjà à un éditeur d'antivirus.

 

Relance HijackThis par clic doirt, exécuter en tant qu'administrateur, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

F3 - REG:win.ini: load=C:\Windows\System32\drivers\clipsrv.exe

O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\System\comrepl.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System\cmstp.exe /waitservice

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'Default user')

 

-+-------------

 

Télécharge OTMoveIt3 par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes
explorer.exe 
:files
C:\windows\system32\drivers\clipsrv.exe
C:\Windows\System\cmstp.exe
C:\Windows\System\comrepl.exe
C:\Windows\System32\drivers\ieudinit.exe

:commands
[emptytemp] 
[start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Lien vers le commentaire
Partager sur d’autres sites
jezabel Member

jezabel

Posté(e)
  • Auteur
Posté(e)

et hop encore :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\windows\system32\drivers\clipsrv.exe moved successfully.

C:\Windows\System\cmstp.exe moved successfully.

C:\Windows\System\comrepl.exe moved successfully.

C:\Windows\System32\drivers\ieudinit.exe moved successfully.

========== COMMANDS ==========

File delete failed. C:\Users\NGRE~1\AppData\Local\Temp\hsperfdata_nègre\2496 scheduled to be deleted on reboot.

File delete failed. C:\Users\NGRE~1\AppData\Local\Temp\etilqs_X4h5PJWsx5blKMiuqzIF scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\TMP0000005FF3058297ECFEF6AE scheduled to be deleted on reboot.

Windows Temp folder emptied.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_192109

 

Files moved on Reboot...

File C:\Users\NGRE~1\AppData\Local\Temp\hsperfdata_nègre\2496 not found!

File C:\Users\NGRE~1\AppData\Local\Temp\etilqs_X4h5PJWsx5blKMiuqzIF not found!

File C:\Windows\temp\TMP0000005FF3058297ECFEF6AE not found!

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_001_ moved successfully.

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_002_ moved successfully.

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_003_ moved successfully.

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_MAP_ moved successfully.

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\urlclassifier3.sqlite moved successfully.

C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\XUL.mfl moved successfully.

Lien vers le commentaire
Partager sur d’autres sites
jezabel Member

jezabel

Posté(e)
  • Auteur
Posté(e)

zou :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:17:35, on 07/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\drivers\mstinit.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\eMule\emule.exe

C:\Users\nègre\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Windows\System32\drivers\mstinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\cisvc.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'Default user')

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O13 - Gopher Prefix:

O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8635 bytes

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Relance HijackThis par clic droit, exécuter en tant qu'administrateur, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\cisvc.exe /waitservice

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'Default user')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

 

Redémarre et poste un nouveau rapport HijackThis (toujours clic droit exécuter en tant qu'admin).

 

Il y a un truc qui revient peut-être, que je dois vérifier.

Lien vers le commentaire
Partager sur d’autres sites
jezabel Member

jezabel

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:33, on 07/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\drivers\mstinit.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\eMule\emule.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\nègre\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Windows\System32\drivers\mstinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O13 - Gopher Prefix:

O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8006 bytes

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...