[Résolu] Fichier SbCtri.exe introuvable

[K38]

Fichier system.exe reçu le 2009.01.25 00:50:30 (CET)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.25 Backdoor.Win32.Iroffer!IK

AhnLab-V3 5.0.0.2 2009.01.24 -

AntiVir 7.9.0.60 2009.01.24 APPL/NTsvc.A

Authentium 5.1.0.4 2009.01.24 -

Avast 4.8.1281.0 2009.01.24 -

AVG 8.0.0.229 2009.01.24 -

BitDefender 7.2 2009.01.25 -

CAT-QuickHeal 10.00 2009.01.24 -

ClamAV 0.94.1 2009.01.24 -

Comodo 944 2009.01.24 ApplicUnsaf.Win32.NTsvc

DrWeb 4.44.0.09170 2009.01.25 Tool.Starter

eSafe 7.0.17.0 2009.01.22 -

eTrust-Vet 31.6.6325 2009.01.24 -

F-Prot 4.4.4.56 2009.01.24 -

F-Secure 8.0.14470.0 2009.01.24 -

Fortinet 3.117.0.0 2009.01.24 -

GData 19 2009.01.24 -

Ikarus T3.1.1.45.0 2009.01.24 Backdoor.Win32.Iroffer

K7AntiVirus 7.10.604 2009.01.24 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.01.24 -

McAfee 5505 2009.01.24 -

McAfee+Artemis 5505 2009.01.24 -

Microsoft 1.4205 2009.01.24 -

NOD32 3797 2009.01.25 Win32/NTsvc

Norman 5.93.01 2009.01.23 -

nProtect 2009.1.8.0 2009.01.23 -

Panda 9.5.1.2 2009.01.24 -

PCTools 4.4.2.0 2009.01.24 Backdoor.IRC.Flood

Prevx1 V2 2009.01.25 Worm

Rising 21.13.42.00 2009.01.23 -

SecureWeb-Gateway 6.7.6 2009.01.24 Riskware.NTsvc.A

Sophos 4.37.0 2009.01.24 -

Sunbelt 3.2.1835.2 2009.01.16 -

Symantec 10 2009.01.25 -

TheHacker 6.3.1.5.228 2009.01.24 -

TrendMicro 8.700.0.1004 2009.01.24 -

VBA32 3.12.8.11 2009.01.24 -

ViRobot 2009.1.23.1576 2009.01.23 -

VirusBuster 4.5.11.0 2009.01.24 -

Information additionnelle

File size: 53760 bytes

MD5...: ea2e9e72f5bc8ac2549b325a757d321d

SHA1..: 82968811c3329c44edf796acaaf3f04618f99d97

SHA256: 0a01c68ae7b981ac52dd86b91daa1443f0fd95e3151b64223d7d4f5a5954ff48

SHA512: 6acae9b5da3757384c350b7800085948b7302ddb0386150304db3fbdeeedf9e0<br>66da29d8c4bd769c88446326ab5c32e81639021b14a83d5b77039b2855c6ef07<br>

ssdeep: 768:JicUaMcxl/On8MiHhbtlEXSgtr40CgE1so+ojHOg:tUaBxl/UMBbtlEXSgOf<br>l11Dyg<br>

PEiD..: InstallShield 2000

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (62.9%)<br>Win32 Executable Generic (14.2%)<br>Win32 Dynamic Link Library (generic) (12.6%)<br>Win16/32 Executable Delphi generic (3.4%)<br>Generic Win/DOS Executable (3.3%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4025e0<br>timedatestamp.....: 0x4040a9fd (Sat Feb 28 14:47:25 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7cf2 0x7e00 6.45 e9a2d64471b6f50675c4699123511bf3<br>.rdata 0x9000 0xafd 0xc00 4.65 ea3a22f708a9282520ed45bb02af5397<br>.data 0xa000 0x5744 0x3a00 1.81 2193cbdd1bd1e6949ee865a45dc43a65<br>.idata 0x10000 0x806 0xa00 4.55 7616fe7eb72e521eefe6e7f87a2e1a78<br><br>( 3 imports ) <br>> KERNEL32.dll: InitializeCriticalSection, GetModuleFileNameA, DeleteCriticalSection, GetExitCodeProcess, TerminateProcess, GetPrivateProfileStringA, CreateProcessA, Sleep, GetLastError, EnterCriticalSection, LeaveCriticalSection, ResumeThread, CreateThread, TlsSetValue, ExitThread, CloseHandle, GetCommandLineA, GetVersion, ExitProcess, HeapFree, GetCurrentThreadId, TlsAlloc, SetLastError, TlsGetValue, HeapAlloc, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedDecrement, InterlockedIncrement, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, SetStdHandle, FlushFileBuffers, CreateFileA, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, SetEndOfFile, ReadFile, GetLocaleInfoA, GetLocaleInfoW<br>> USER32.dll: PostThreadMessageA<br>> ADVAPI32.dll: CreateServiceA, DeleteService, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, StartServiceCtrlDispatcherA<br><br>( 0 exports ) <br>

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d''>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02''>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.25 Backdoor.Win32.Iroffer!IK

AhnLab-V3 5.0.0.2 2009.01.24 -

AntiVir 7.9.0.60 2009.01.24 APPL/NTsvc.A

Authentium 5.1.0.4 2009.01.24 -

Avast 4.8.1281.0 2009.01.24 -

AVG 8.0.0.229 2009.01.24 -

BitDefender 7.2 2009.01.25 -

CAT-QuickHeal 10.00 2009.01.24 -

ClamAV 0.94.1 2009.01.24 -

Comodo 944 2009.01.24 ApplicUnsaf.Win32.NTsvc

DrWeb 4.44.0.09170 2009.01.25 Tool.Starter

eSafe 7.0.17.0 2009.01.22 -

eTrust-Vet 31.6.6325 2009.01.24 -

F-Prot 4.4.4.56 2009.01.24 -

F-Secure 8.0.14470.0 2009.01.24 -

Fortinet 3.117.0.0 2009.01.24 -

GData 19 2009.01.24 -

Ikarus T3.1.1.45.0 2009.01.24 Backdoor.Win32.Iroffer

K7AntiVirus 7.10.604 2009.01.24 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.01.24 -

McAfee 5505 2009.01.24 -

McAfee+Artemis 5505 2009.01.24 -

Microsoft 1.4205 2009.01.24 -

NOD32 3797 2009.01.25 Win32/NTsvc

Norman 5.93.01 2009.01.23 -

nProtect 2009.1.8.0 2009.01.23 -

Panda 9.5.1.2 2009.01.24 -

PCTools 4.4.2.0 2009.01.24 Backdoor.IRC.Flood

Prevx1 V2 2009.01.25 Worm

Rising 21.13.42.00 2009.01.23 -

SecureWeb-Gateway 6.7.6 2009.01.24 Riskware.NTsvc.A

Sophos 4.37.0 2009.01.24 -

Sunbelt 3.2.1835.2 2009.01.16 -

Symantec 10 2009.01.25 -

TheHacker 6.3.1.5.228 2009.01.24 -

TrendMicro 8.700.0.1004 2009.01.24 -

VBA32 3.12.8.11 2009.01.24 -

ViRobot 2009.1.23.1576 2009.01.23 -

VirusBuster 4.5.11.0 2009.01.24 -

 

Information additionnelle

File size: 53760 bytes

MD5...: ea2e9e72f5bc8ac2549b325a757d321d

SHA1..: 82968811c3329c44edf796acaaf3f04618f99d97

SHA256: 0a01c68ae7b981ac52dd86b91daa1443f0fd95e3151b64223d7d4f5a5954ff48

SHA512: 6acae9b5da3757384c350b7800085948b7302ddb0386150304db3fbdeeedf9e0<br>66da29d8c4bd769c88446326ab5c32e81639021b14a83d5b77039b2855c6ef07<br>

ssdeep: 768:JicUaMcxl/On8MiHhbtlEXSgtr40CgE1so+ojHOg:tUaBxl/UMBbtlEXSgOf<br>l11Dyg<br>

PEiD..: InstallShield 2000

TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (62.9%)<br>Win32 Executable Generic (14.2%)<br>Win32 Dynamic Link Library (generic) (12.6%)<br>Win16/32 Executable Delphi generic (3.4%)<br>Generic Win/DOS Executable (3.3%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4025e0<br>timedatestamp.....: 0x4040a9fd (Sat Feb 28 14:47:25 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7cf2 0x7e00 6.45 e9a2d64471b6f50675c4699123511bf3<br>.rdata 0x9000 0xafd 0xc00 4.65 ea3a22f708a9282520ed45bb02af5397<br>.data 0xa000 0x5744 0x3a00 1.81 2193cbdd1bd1e6949ee865a45dc43a65<br>.idata 0x10000 0x806 0xa00 4.55 7616fe7eb72e521eefe6e7f87a2e1a78<br><br>( 3 imports ) <br>> KERNEL32.dll: InitializeCriticalSection, GetModuleFileNameA, DeleteCriticalSection, GetExitCodeProcess, TerminateProcess, GetPrivateProfileStringA, CreateProcessA, Sleep, GetLastError, EnterCriticalSection, LeaveCriticalSection, ResumeThread, CreateThread, TlsSetValue, ExitThread, CloseHandle, GetCommandLineA, GetVersion, ExitProcess, HeapFree, GetCurrentThreadId, TlsAlloc, SetLastError, TlsGetValue, HeapAlloc, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedDecrement, InterlockedIncrement, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, SetStdHandle, FlushFileBuffers, CreateFileA, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, SetEndOfFile, ReadFile, GetLocaleInfoA, GetLocaleInfoW<br>> USER32.dll: PostThreadMessageA<br>> ADVAPI32.dll: CreateServiceA, DeleteService, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, StartServiceCtrlDispatcherA<br><br>( 0 exports ) <br>

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a>

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>

[Falkra]

On va s'en débarrasser.

 

Vérifie de la même manière, avec virustotal, ces fichiers stp :

 

C:\WINNT\system32\mscdt.exe

 

c:\winnt\system32\microsoft\user\dll39.exe

[K38]

Fichier mscdt.exe reçu le 2008.12.01 10:02:54 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 - - Win-AppCare/ServU.603136

AntiVir - - SPR/Serv-U.Gen

Authentium - - W32/Backdoor.SUC

Avast - - Win32:ServU-BQ

AVG - - ServU.AIO

BitDefender - - Generic.ServU.072821F0

CAT-QuickHeal - - -

ClamAV - - Trojan.Servu.1

DrWeb - - BackDoor.Servu.4100

eSafe - - Win32.ServU-based

eTrust-Vet - - Win32/IRCFlood

Ewido - - -

F-Prot - - W32/Backdoor.SUC

F-Secure - - Backdoor.Win32.ServU-based

Fortinet - - HackerTool/ServU

GData - - Generic.ServU.072821F0

Ikarus - - not-a-virus:Server-FTP.Win32.Serv-U.4100

K7AntiVirus - - Backdoor.Win32.ServU-based

Kaspersky - - Backdoor.Win32.ServU-based

McAfee - - potentially unwanted program ServU-Daemon

McAfee+Artemis - - potentially unwanted program ServU-Daemon

Microsoft - - Backdoor:Win32/Agent

NOD32 - - Win32/ServU-Daemon

Norman - - W32/ServU.4_1D

Panda - - Bck/ServU.AC

PCTools - - Backdoor.ServU-based!sd5

Prevx1 - - System Back Door

Rising - - Backdoor.ServU-based.d

SecureWeb-Gateway - - Riskware.Serv-U.Gen

Sophos - - Troj/ServU-Gen

Sunbelt - - Backdoor.Win32.ServU-based

Symantec - - Backdoor.Trojan

TheHacker - - Backdoor/ServU-based

TrendMicro - - -

VBA32 - - suspected of Backdoor.XiaoBird.29 (paranoid heuristics)

ViRobot - - Backdoor.Win32.SdBot.603136

VirusBuster - - Backdoor.Agent.AJYZ

Information additionnelle

MD5: 74c94beeb95cbc854648dd0c12d0ba32

SHA1: 1e95b1080cf272557be95028c8214080a8a82fe1

SHA256: ac85298e73baefe9ccd742b917d11ffa6cca4750fab3b49556d991dfae871ef7

SHA512: 5b5241d96d2c098e8be20b18c82dc41af47831659ab66987e0ec105bc9ddec2d3a176e24d6076b65

392143543051f55e8516357c9b94fd36238acc02dddce527

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 - - Win-AppCare/ServU.603136

AntiVir - - SPR/Serv-U.Gen

Authentium - - W32/Backdoor.SUC

Avast - - Win32:ServU-BQ

AVG - - ServU.AIO

BitDefender - - Generic.ServU.072821F0

CAT-QuickHeal - - -

ClamAV - - Trojan.Servu.1

DrWeb - - BackDoor.Servu.4100

eSafe - - Win32.ServU-based

eTrust-Vet - - Win32/IRCFlood

Ewido - - -

F-Prot - - W32/Backdoor.SUC

F-Secure - - Backdoor.Win32.ServU-based

Fortinet - - HackerTool/ServU

GData - - Generic.ServU.072821F0

Ikarus - - not-a-virus:Server-FTP.Win32.Serv-U.4100

K7AntiVirus - - Backdoor.Win32.ServU-based

Kaspersky - - Backdoor.Win32.ServU-based

McAfee - - potentially unwanted program ServU-Daemon

McAfee+Artemis - - potentially unwanted program ServU-Daemon

Microsoft - - Backdoor:Win32/Agent

NOD32 - - Win32/ServU-Daemon

Norman - - W32/ServU.4_1D

Panda - - Bck/ServU.AC

PCTools - - Backdoor.ServU-based!sd5

Prevx1 - - System Back Door

Rising - - Backdoor.ServU-based.d

SecureWeb-Gateway - - Riskware.Serv-U.Gen

Sophos - - Troj/ServU-Gen

Sunbelt - - Backdoor.Win32.ServU-based

Symantec - - Backdoor.Trojan

TheHacker - - Backdoor/ServU-based

TrendMicro - - -

VBA32 - - suspected of Backdoor.XiaoBird.29 (paranoid heuristics)

ViRobot - - Backdoor.Win32.SdBot.603136

VirusBuster - - Backdoor.Agent.AJYZ

 

Information additionnelle

MD5: 74c94beeb95cbc854648dd0c12d0ba32

SHA1: 1e95b1080cf272557be95028c8214080a8a82fe1

SHA256: ac85298e73baefe9ccd742b917d11ffa6cca4750fab3b49556d991dfae871ef7

SHA512: 5b5241d96d2c098e8be20b18c82dc41af47831659ab66987e0ec105bc9ddec2d3a176e24d6076b65

392143543051f55e8516357c9b94fd36238acc02dddce527

[Falkra]

On va le shooter, poste le rapport du dernier stp.

 

c:\winnt\system32\microsoft\user\dll39.exe

[K38]

Fichier dll39.exe reçu le 2009.01.25 23:36:55 (CET)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.25 Riskware.Server-FTP.Win32.Serv-U.25.e!IK

AhnLab-V3 5.0.0.2 2009.01.25 -

AntiVir 7.9.0.60 2009.01.25 SPR/Serv-U.25.D

Authentium 5.1.0.4 2009.01.25 W32/HackTool.KQ

Avast 4.8.1281.0 2009.01.25 Win32:Trojan-gen {Other}

AVG 8.0.0.229 2009.01.25 ServU.JP

BitDefender 7.2 2009.01.25 -

CAT-QuickHeal 10.00 2009.01.24 -

ClamAV 0.94.1 2009.01.25 -

Comodo 946 2009.01.25 ApplicUnsaf.Win32.ServU-Daemon

DrWeb 4.44.0.09170 2009.01.25 -

eSafe 7.0.17.0 2009.01.25 -

eTrust-Vet 31.6.6325 2009.01.24 -

F-Prot 4.4.4.56 2009.01.25 W32/HackTool.KQ

F-Secure 8.0.14470.0 2009.01.25 Server-FTP.Win32.Serv-U.25.d

Fortinet 3.117.0.0 2009.01.25 ServU

GData 19 2009.01.25 Win32:Trojan-gen {Other}

Ikarus T3.1.1.45.0 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.e

K7AntiVirus 7.10.604 2009.01.24 Non-Virus:Server-FTP.Win32.Serv-U.25.d

Kaspersky 7.0.0.125 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.d

McAfee 5506 2009.01.25 potentially unwanted program ServU-Daemon

McAfee+Artemis 5506 2009.01.25 potentially unwanted program ServU-Daemon

Microsoft 1.4205 2009.01.25 -

NOD32 3798 2009.01.25 Win32/ServU-Daemon

Norman 5.93.01 2009.01.23 -

nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.ServU.1015296

Panda 9.5.1.2 2009.01.25 Application/ServUBased.A

PCTools 4.4.2.0 2009.01.25 Backdoor.ServU-based.CB

Prevx1 V2 2009.01.25 Malicious Software

Rising 21.13.42.00 2009.01.23 Backdoor.ServU-based.kz

SecureWeb-Gateway 6.7.6 2009.01.25 Riskware.Serv-U.25.D

Sophos 4.37.0 2009.01.25 -

Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Servu.AZ

Symantec 10 2009.01.25 -

TheHacker 6.3.1.5.229 2009.01.25 Aplicacion/Serv-U.25.d

TrendMicro 8.700.0.1004 2009.01.24 -

VBA32 3.12.8.11 2009.01.25 -

ViRobot 2009.1.23.1576 2009.01.23 -

VirusBuster 4.5.11.0 2009.01.25 Backdoor.ServU-based.CB

Information additionnelle

File size: 1015296 bytes

MD5...: 9a27dbdff798e5c71015eff3ff696821

SHA1..: 6c454c6abdbd9d352f004c95c9f4dda1aa8b1943

SHA256: 390d4ea3c7b63a9d8532ba0796a4cc9ac8e764f74f233da7e402194212bffec7

SHA512: 7a1041eae97b0229a88c1e25d01fc601e419ed780441d98088e93f0d9d30836b<br>5d5e4fe65a2f237135320c2d095cf09b35770cacf8a52641fabed9ed243dc866<br>

ssdeep: 12288:z4aaOI9dOVRbFH6pDmAzjQn9fkJYijrkQLS2S+bEYp3yYF7CXlq/KFhXXE<br>vqANm9:M9OI9dOVRBapZOtkJYOrjG4p3yY6/<br>

PEiD..: -

TrID..: File type identification<br>InstallShield setup (47.3%)<br>Win32 Executable Delphi generic (16.1%)<br>DOS Executable Borland C++ (14.3%)<br>Win32 Executable Generic (9.3%)<br>Win32 Dynamic Link Library (generic) (8.3%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401000<br>timedatestamp.....: 0x52aa284e (Thu Dec 12 21:19:10 2013)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xaa000 0xa9400 6.48 4dc058b620ee8feaf8e77595311849ed<br>.data 0xab000 0x2c000 0x25e00 4.48 8e5e3151059afbdbb25d942252260f0c<br>.tls 0xd7000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0xd8000 0x1000 0x200 0.21 6cab5b7066c2af54b972946eb7c273cc<br>.idata 0xd9000 0x3000 0x2a00 5.32 e49d35d22dc40801bc8a4e4c7693eef3<br>.edata 0xdc000 0x1000 0x200 4.19 bc434e612fbd73c656b49690f52c5b81<br>.rsrc 0xdd000 0x1c000 0x1be00 4.25 810803d117f9e17e52a76824d6d1c6d2<br>.reloc 0xf9000 0xa000 0x9800 6.61 197035d7b2e7a9d10c9cdba1662aae59<br><br>( 7 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA<br>> KERNEL32.dll: CloseHandle, CreateDirectoryA, CreateEventA, CreateFileA, CreateMutexA, CreateThread, DeleteCriticalSection, DeleteFileA, DosDateTimeToFileTime, DuplicateHandle, EnterCriticalSection, ExitProcess, ExitThread, ExpandEnvironmentStringsA, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextFileA, FindResourceA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeThread, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLogicalDrives, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetSystemInfo, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalUnlock, InitializeCriticalSection, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalUnlock, LockResource, MoveFileA, MulDiv, MultiByteToWideChar, OpenFile, PulseEvent, RaiseException, ReadFile, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetThreadPriority, Sleep, SuspendThread, SystemTimeToFileTime, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, lstrcmpA, lstrcmpiA, lstrlenA<br>> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSASetBlockingHook, WSAStartup, WSAUnhookBlockingHook, accept, closesocket, connect, gethostbyname, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket, bind<br>> COMDLG32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA<br>> GDI32.dll: BitBlt, CombineRgn, CopyEnhMetaFileA, CopyMetaFileA, CreateBitmap, CreateBitmapIndirect, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBPatternBrush, CreateDIBitmap, CreateDiscardableBitmap, CreateEllipticRgnIndirect, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreateICA, CreatePalette, CreatePatternBrush, CreatePen, CreatePenIndirect, CreatePolyPolygonRgn, CreatePolygonRgn, CreateRectRgn, CreateRectRgnIndirect, CreateRoundRectRgn, CreateSolidBrush, DPtoLP, DeleteDC, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, Ellipse, ExtCreatePen, ExtTextOutA, GetClipRgn, GetCurrentObject, GetDIBits, GetDeviceCaps, GetEnhMetaFileA, GetMetaFileA, GetMetaFileBitsEx, GetObjectA, GetPaletteEntries, GetStockObject, GetSystemPaletteEntries, GetTextExtentPointA, GetTextMetricsA, GetViewportOrgEx, IntersectClipRect, LineTo, MoveToEx, OffsetViewportOrgEx, OffsetWindowOrgEx, PatBlt, PlayEnhMetaFile, PlayMetaFile, RealizePalette, ResetDCA, RestoreDC, SaveDC, ScaleViewportExtEx, ScaleWindowExtEx, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetDIBitsToDevice, SetEnhMetaFileBits, SetMapMode, SetMetaFileBitsEx, SetPixel, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, StretchDIBits, TextOutA<br>> SHELL32.dll: ExtractIconA, ShellExecuteA, Shell_NotifyIconA<br>> USER32.dll: AdjustWindowRectEx, AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallWindowProcA, CheckMenuItem, CheckMenuRadioItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CopyIcon, CreateCursor, CreateDialogParamA, CreateIcon, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawMenuBar, DrawStateA, DrawTextA, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumClipboardFormats, EnumThreadWindows, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetKeyState, GetMenu, GetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetScrollInfo, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetUpdateRgn, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, GrayStringA, InsertMenuA, InsertMenuItemA, InvalidateRect, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, LoadMenuA, LoadMenuIndirectA, LoadStringA, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxExA, ModifyMenuA, MoveWindow, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PostThreadMessageA, RegisterClassA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindow, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuDefaultItem, SetMenuItemInfoA, SetMessageQueue, SetParent, SetScrollInfo, SetTimer, SetWindowContextHelpId, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, ShowScrollBar, ShowWindow, SystemParametersInfoA, TabbedTextOutA, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint<br><br>( 8 exports ) <br>@RTrayIcon@TimerProc$qqsp6HWND__uiuil, @RWinSocket@BlockingHookProc$qqsv, @RWinSocket@DispatchProc$qqsp6HWND__uiuil, @__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook<br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774''>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.73 2009.01.25 Riskware.Server-FTP.Win32.Serv-U.25.e!IK

AhnLab-V3 5.0.0.2 2009.01.25 -

AntiVir 7.9.0.60 2009.01.25 SPR/Serv-U.25.D

Authentium 5.1.0.4 2009.01.25 W32/HackTool.KQ

Avast 4.8.1281.0 2009.01.25 Win32:Trojan-gen {Other}

AVG 8.0.0.229 2009.01.25 ServU.JP

BitDefender 7.2 2009.01.25 -

CAT-QuickHeal 10.00 2009.01.24 -

ClamAV 0.94.1 2009.01.25 -

Comodo 946 2009.01.25 ApplicUnsaf.Win32.ServU-Daemon

DrWeb 4.44.0.09170 2009.01.25 -

eSafe 7.0.17.0 2009.01.25 -

eTrust-Vet 31.6.6325 2009.01.24 -

F-Prot 4.4.4.56 2009.01.25 W32/HackTool.KQ

F-Secure 8.0.14470.0 2009.01.25 Server-FTP.Win32.Serv-U.25.d

Fortinet 3.117.0.0 2009.01.25 ServU

GData 19 2009.01.25 Win32:Trojan-gen {Other}

Ikarus T3.1.1.45.0 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.e

K7AntiVirus 7.10.604 2009.01.24 Non-Virus:Server-FTP.Win32.Serv-U.25.d

Kaspersky 7.0.0.125 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.d

McAfee 5506 2009.01.25 potentially unwanted program ServU-Daemon

McAfee+Artemis 5506 2009.01.25 potentially unwanted program ServU-Daemon

Microsoft 1.4205 2009.01.25 -

NOD32 3798 2009.01.25 Win32/ServU-Daemon

Norman 5.93.01 2009.01.23 -

nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.ServU.1015296

Panda 9.5.1.2 2009.01.25 Application/ServUBased.A

PCTools 4.4.2.0 2009.01.25 Backdoor.ServU-based.CB

Prevx1 V2 2009.01.25 Malicious Software

Rising 21.13.42.00 2009.01.23 Backdoor.ServU-based.kz

SecureWeb-Gateway 6.7.6 2009.01.25 Riskware.Serv-U.25.D

Sophos 4.37.0 2009.01.25 -

Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Servu.AZ

Symantec 10 2009.01.25 -

TheHacker 6.3.1.5.229 2009.01.25 Aplicacion/Serv-U.25.d

TrendMicro 8.700.0.1004 2009.01.24 -

VBA32 3.12.8.11 2009.01.25 -

ViRobot 2009.1.23.1576 2009.01.23 -

VirusBuster 4.5.11.0 2009.01.25 Backdoor.ServU-based.CB

 

Information additionnelle

File size: 1015296 bytes

MD5...: 9a27dbdff798e5c71015eff3ff696821

SHA1..: 6c454c6abdbd9d352f004c95c9f4dda1aa8b1943

SHA256: 390d4ea3c7b63a9d8532ba0796a4cc9ac8e764f74f233da7e402194212bffec7

SHA512: 7a1041eae97b0229a88c1e25d01fc601e419ed780441d98088e93f0d9d30836b<br>5d5e4fe65a2f237135320c2d095cf09b35770cacf8a52641fabed9ed243dc866<br>

ssdeep: 12288:z4aaOI9dOVRbFH6pDmAzjQn9fkJYijrkQLS2S+bEYp3yYF7CXlq/KFhXXE<br>vqANm9:M9OI9dOVRBapZOtkJYOrjG4p3yY6/<br>

PEiD..: -

TrID..: File type identification<br>InstallShield setup (47.3%)<br>Win32 Executable Delphi generic (16.1%)<br>DOS Executable Borland C++ (14.3%)<br>Win32 Executable Generic (9.3%)<br>Win32 Dynamic Link Library (generic) (8.3%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401000<br>timedatestamp.....: 0x52aa284e (Thu Dec 12 21:19:10 2013)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xaa000 0xa9400 6.48 4dc058b620ee8feaf8e77595311849ed<br>.data 0xab000 0x2c000 0x25e00 4.48 8e5e3151059afbdbb25d942252260f0c<br>.tls 0xd7000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0xd8000 0x1000 0x200 0.21 6cab5b7066c2af54b972946eb7c273cc<br>.idata 0xd9000 0x3000 0x2a00 5.32 e49d35d22dc40801bc8a4e4c7693eef3<br>.edata 0xdc000 0x1000 0x200 4.19 bc434e612fbd73c656b49690f52c5b81<br>.rsrc 0xdd000 0x1c000 0x1be00 4.25 810803d117f9e17e52a76824d6d1c6d2<br>.reloc 0xf9000 0xa000 0x9800 6.61 197035d7b2e7a9d10c9cdba1662aae59<br><br>( 7 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA<br>> KERNEL32.dll: CloseHandle, CreateDirectoryA, CreateEventA, CreateFileA, CreateMutexA, CreateThread, DeleteCriticalSection, DeleteFileA, DosDateTimeToFileTime, DuplicateHandle, EnterCriticalSection, ExitProcess, ExitThread, ExpandEnvironmentStringsA, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextFileA, FindResourceA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeThread, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLogicalDrives, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetSystemInfo, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalUnlock, InitializeCriticalSection, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalUnlock, LockResource, MoveFileA, MulDiv, MultiByteToWideChar, OpenFile, PulseEvent, RaiseException, ReadFile, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetThreadPriority, Sleep, SuspendThread, SystemTimeToFileTime, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, lstrcmpA, lstrcmpiA, lstrlenA<br>> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSASetBlockingHook, WSAStartup, WSAUnhookBlockingHook, accept, closesocket, connect, gethostbyname, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket, bind<br>> COMDLG32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA<br>> GDI32.dll: BitBlt, CombineRgn, CopyEnhMetaFileA, CopyMetaFileA, CreateBitmap, CreateBitmapIndirect, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBPatternBrush, CreateDIBitmap, CreateDiscardableBitmap, CreateEllipticRgnIndirect, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreateICA, CreatePalette, CreatePatternBrush, CreatePen, CreatePenIndirect, CreatePolyPolygonRgn, CreatePolygonRgn, CreateRectRgn, CreateRectRgnIndirect, CreateRoundRectRgn, CreateSolidBrush, DPtoLP, DeleteDC, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, Ellipse, ExtCreatePen, ExtTextOutA, GetClipRgn, GetCurrentObject, GetDIBits, GetDeviceCaps, GetEnhMetaFileA, GetMetaFileA, GetMetaFileBitsEx, GetObjectA, GetPaletteEntries, GetStockObject, GetSystemPaletteEntries, GetTextExtentPointA, GetTextMetricsA, GetViewportOrgEx, IntersectClipRect, LineTo, MoveToEx, OffsetViewportOrgEx, OffsetWindowOrgEx, PatBlt, PlayEnhMetaFile, PlayMetaFile, RealizePalette, ResetDCA, RestoreDC, SaveDC, ScaleViewportExtEx, ScaleWindowExtEx, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetDIBitsToDevice, SetEnhMetaFileBits, SetMapMode, SetMetaFileBitsEx, SetPixel, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, StretchDIBits, TextOutA<br>> SHELL32.dll: ExtractIconA, ShellExecuteA, Shell_NotifyIconA<br>> USER32.dll: AdjustWindowRectEx, AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallWindowProcA, CheckMenuItem, CheckMenuRadioItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CopyIcon, CreateCursor, CreateDialogParamA, CreateIcon, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawMenuBar, DrawStateA, DrawTextA, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumClipboardFormats, EnumThreadWindows, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetKeyState, GetMenu, GetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetScrollInfo, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetUpdateRgn, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, GrayStringA, InsertMenuA, InsertMenuItemA, InvalidateRect, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, LoadMenuA, LoadMenuIndirectA, LoadStringA, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxExA, ModifyMenuA, MoveWindow, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PostThreadMessageA, RegisterClassA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindow, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuDefaultItem, SetMenuItemInfoA, SetMessageQueue, SetParent, SetScrollInfo, SetTimer, SetWindowContextHelpId, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, ShowScrollBar, ShowWindow, SystemParametersInfoA, TabbedTextOutA, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint<br><br>( 8 exports ) <br>@RTrayIcon@TimerProc$qqsp6HWND__uiuil, @RWinSocket@BlockingHookProc$qqsv, @RWinSocket@DispatchProc$qqsp6HWND__uiuil, @__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook<br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a>

[Falkra]

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINNT\system32\mscdt.exe

O23 - Service: Service Controler - Unknown owner - C:\WINNT\system32\drivers\SbCtri.exe (file missing)

O23 - Service: system - Unknown owner - C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe

 

Ensuite, Télécharge OTMoveIt3 par OldTimer.

• Enregistre ce fichier sur le Bureau.
  
• Fais un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :processes
  explorer.exe 
  :files
  c:\winnt\system32\microsoft\user\dll39.exe
  C:\WINNT\system32\mscdt.exe
  C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe
  
  :commands
  [start explorer]

  
  

• Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  
• Clique sur le bouton rouge Moveit!.
  
• Ferme OTMoveIt3
  
• Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

[K38]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File move failed. c:\winnt\system32\microsoft\user\dll39.exe scheduled to be moved on reboot.

File move failed. C:\WINNT\system32\mscdt.exe scheduled to be moved on reboot.

C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe moved successfully.

========== COMMANDS ==========

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_235545

 

Files moved on Reboot...

File move failed. c:\winnt\system32\microsoft\user\dll39.exe scheduled to be moved on reboot.

File move failed. C:\WINNT\system32\mscdt.exe scheduled to be moved on reboot.

[Falkra]

Ca résiste. On va devoir insister.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[K38]

ComboFix 09-01-21.04 - Karim 26/01/2009 21:58:14.3 - NTFSx86

Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.191.101 [GMT 1:00]

Lancé depuis: d:\documents and settings\Karim\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SYSTEM

-------\Legacy_WGAREG

-------\Legacy_WGAVM

-------\Service_system

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-26 22:18 . 09-01-26 22:18 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_218.dat

2009-01-26 21:53 . 09-01-26 21:54 <DIR> d-------- C:\32788R22FWJFW

2009-01-24 22:41 . 09-01-24 22:42 <DIR> d-------- C:\rsit

2009-01-24 10:07 . 09-01-24 10:05 410,984 --a------ c:\winnt\system32\deploytk.dll

2008-12-28 20:20 . 08-12-28 20:20 <DIR> d-------- c:\program files\VTech

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 22:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-24 09:04 --------- d-----w c:\program files\Java

2009-01-23 19:23 --------- d-----w c:\program files\Hackman

2009-01-21 19:36 97,072 ----a-w c:\winnt\system32\sfc.dll

2009-01-14 15:11 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys

2008-12-28 18:27 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-28 17:48 --------- d-----w c:\program files\7-Zip

2008-12-21 06:47 --------- d-----w c:\program files\eMule

2008-12-11 12:09 239,472 ----a-w c:\winnt\system32\drivers\SRV.SYS

2008-11-30 22:47 --------- d-----w d:\documents and settings\Karim\Application Data\dvdcss

2008-10-07 21:14 0 ---ha-w d:\documents and settings\Christine\hpothb07.dat

2006-08-18 16:22 302 ---ha-w c:\program files\hpothb07.dat

2006-08-18 16:20 513 ---ha-w c:\program files\hpothb07.tif

2006-06-10 09:09 164 -c-ha-w d:\documents and settings\All Users\hpothb07.dat

2006-06-10 09:09 0 -c-ha-w d:\documents and settings\Alain\hpothb07.dat

2006-03-31 22:14 0 -c-ha-w d:\documents and settings\Administrateur\hpothb07.dat

2005-11-16 21:50 271 ---h--w c:\program files\desktop.ini

2005-11-16 21:50 22,115 ---h--w c:\program files\folder.htt

2001-05-08 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys

2005-07-23 02:25 230 --sha-w c:\winnt\system32\drivers\etc\config\addme.reg

2006-03-21 22:31 34 --sha-w c:\winnt\system32\drivers\etc\config\store.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [08-07-07 08:42 2156368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [09-01-24 10:05 136600]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 10:42 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [06-06-14 19:53 282624]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [02-10-07 00:23 90112]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [04-12-16 16:49 49152]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-06-12 13:28 266497]

"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111888 c:\winnt\system32\mobsync.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [01-05-08 01:00 20752 c:\winnt\system32\internat.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 189712]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]

06-09-01 06:49 143632 c:\winnt\system32\NWPROVAU.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= mmdrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"antivirusoverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

 

R3 EL3C574;Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard;c:\winnt\system32\DRIVERS\el574nd4.sys [99-09-25 03:16 24848]

R4 Service Controler;Service Controler; [x]

S2 MSpool;MS System Spooler;c:\winnt\system32\mscdt.exe [05-08-04 23:00 603136]

S2 QOS;FireDaemon Service: QOS;c:\winnt\system32\microsoft\user\FireDaemon.EXE [04-05-16 13:06 81920]

S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\DRIVERS\fbxusb32.sys [07-08-27 14:12 31128]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - ANIWZCSdService

*Deregistered* - AntiVirScheduler

*Deregistered* - AntiVirService

*Deregistered* - Browser

*Deregistered* - Dhcp

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - EventSystem

*Deregistered* - JavaQuickStarterService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - MSpool

*Deregistered* - Netman

*Deregistered* - NtmsSvc

*Deregistered* - NWCWorkstation

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NWRDR

*Deregistered* - Parallel

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - QOS

*Deregistered* - RasAcd

*Deregistered* - RasAuto

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - Spooler

*Deregistered* - Srv

*Deregistered* - ssmdrv

*Deregistered* - StiSvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - tmcomm

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - Wanarp

*Deregistered* - WinMgmt

*Deregistered* - WMDM PMSP Service

*Deregistered* - Wmi

*Deregistered* - wuauserv

.

Contenu du dossier 'Tâches planifiées'

 

2006-03-19 c:\winnt\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1132827445.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [03-04-06 00:52 ]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://fr.yahoo.com/

IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html

LSP: %SystemRoot%\system32\msafd.dll

DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab

DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab

FF - ProfilePath - d:\documents and settings\Karim\Application Data\Mozilla\Firefox\Profiles\xt0ii9fn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

.

 

**************************************************************************

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés:

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(200)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

 

- - - - - - - > 'explorer.exe'(1012)

c:\winnt\AppPatch\AcLayers.DLL

c:\winnt\system32\SHDOCVW.DLL

.

Heure de fin: 2009-01-26 22:31:21 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-01-26 21:30:24

 

Avant-CF: 1ÿ078ÿ046ÿ720 octets libres

AprÞs-CF: 1,015,062,528 octets libres

 

176 --- E O F --- 2009-01-14 00:45:18

[Falkra]

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

File::

c:\winnt\system32\microsoft\user\dll39.exe

C:\WINNT\system32\mscdt.exe

C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=-

 

Dirlook::

C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là.