(RESOLU) msa.exe + pub IE+ pc lent

zebb_17 · le 17 février 2010

L'analyse est enfin finie

Il a trouvé des choses dans les logiciels que j'utilise pour chatter, etrange...

Voila le rapport:

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, February 17, 2010

Operating system: Microsoft Professional (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, February 17, 2010 13:04:39

Records in database: 3544318

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Objects scanned: 81982

Threats found: 3

Infected objects found: 6

Suspicious objects found: 0

Scan duration: 01:24:31

File name / Threat / Threats count

C:\TeamScripT4\mirc.exe/C:\TeamScripT4\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\TeamScripT4\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Users\Géraldine\Desktop\TeamScripT4.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Users\Géraldine\Desktop\TeamScripT4.exe Infected: Trojan-Dropper.Win32.Wlord.ev 1

C:\Users\Géraldine\Documents\Jeux pour chat\TriviaBot2004v2.3\TriviaBot2004v2.3\TriviaBot.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

C:\Users\Géraldine\Documents\Jeux pour chat\WQuizz161\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 1

Selected area has been scanned.

Apollo · le 17 février 2010

Oui mais Kaspersky n'a pas pour habitude de plaisanter, à ta place je virerai ce programme; il doit bien y en avoir pas mal d'autres pour "tchatter" (Kasp relève quand-même un dropper, ce qui est très sérieux.)

On va le faire analyser par une quarantaine d'antivirus.

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Parcours tes dossiers jusque à ce fichier, si tu le trouves :

C:\Users\Géraldine\Desktop\TeamScripT4.exe

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

@++

zebb_17 · le 17 février 2010

voici le résultat:

Fichier mirc.exe reçu le 2010.02.17 18:54:32 (UTC)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.02.17 -

AhnLab-V3 5.0.0.2 2010.02.17 -

AntiVir 8.2.1.170 2010.02.17 -

Antiy-AVL 2.0.3.7 2010.02.17 RiskWare/mIRC.6.gen

Authentium 5.2.0.5 2010.02.17 -

Avast 4.8.1351.0 2010.02.17 -

AVG 9.0.0.730 2010.02.17 -

BitDefender 7.2 2010.02.17 -

CAT-QuickHeal 10.00 2010.02.17 -

ClamAV 0.96.0.0-git 2010.02.17 -

Comodo 3970 2010.02.17 Application.Win32.ClientIRC.mIRC.~A

DrWeb 5.0.1.12222 2010.02.17 -

eSafe 7.0.17.0 2010.02.17 Win32.mIRC-based

eTrust-Vet 35.2.7308 2010.02.17 -

F-Prot 4.5.1.85 2010.02.16 -

F-Secure 9.0.15370.0 2010.02.17 -

Fortinet 4.0.14.0 2010.02.15 -

GData 19 2010.02.17 -

Ikarus T3.1.1.80.0 2010.02.17 not-a-virus:Client-IRC.Win32.mIRC

Jiangmin 13.0.900 2010.02.17 -

K7AntiVirus 7.10.974 2010.02.15 not-a-virus:Client-IRC.Win32.mIRC

Kaspersky 7.0.0.125 2010.02.17 not-a-virus:Client-IRC.Win32.mIRC.616

McAfee 5894 2010.02.16 -

McAfee+Artemis 5894 2010.02.16 -

McAfee-GW-Edition 6.8.5 2010.02.17 -

Microsoft 1.5406 2010.02.17 -

NOD32 4875 2010.02.17 -

Norman 6.04.08 2010.02.17 -

nProtect 2009.1.8.0 2010.02.17 -

Panda 10.0.2.2 2010.02.17 -

PCTools 7.0.3.5 2010.02.17 -

Prevx 3.0 2010.02.17 -

Rising 22.34.01.03 2010.02.11 Worm.Win32.IRCbot.bay

Sophos 4.50.0 2010.02.17 -

Sunbelt 5682 2010.02.17 -

Symantec 20091.2.0.41 2010.02.17 -

TheHacker 6.5.1.4.197 2010.02.17 Aplicacion/mIRC.16

TrendMicro 9.120.0.1004 2010.02.17 -

VBA32 3.12.12.2 2010.02.16 -

ViRobot 2010.2.17.2190 2010.02.17 Not_a_virus:ClientIRC.mIRC.1949696

VirusBuster 5.0.21.0 2010.02.17 -

Information additionnelle

File size: 1949696 bytes

MD5...: 0471108d25398e9f200fd7c580082a8e

SHA1..: 12c7e3b5f76035e57aa73226263ee19a92766476

SHA256: b4802528ce5398617f79a51036a9aa2fd9edcc49f942e5d73242c4505863b175

ssdeep: 24576:Ea2DsXeCbUZ7XRlql33ZMLhNLkqJhIG7go8W+D6GSEqMiPX6NSSJ/tcoVe 3ltAbM:1X6D2e3gzSlyUmLF8T

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x174729 timedatestamp.....: 0x40ec154b (Wed Jul 07 15:22:51 2004) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1811ab 0x182000 6.60 5dbf46bf0141d2596b4d547d6625d043 .rdata 0x183000 0x173a8 0x18000 5.98 94e874f8d7ca56804ce22ea9bf97b9c2 .data 0x19b000 0x2adc0 0x4000 4.18 6e2e45c5559f2f04325c177d9ccaeb2b .rsrc 0x1c6000 0x3c2d0 0x3d000 4.32 e7ebc51fd01ba3606e34c6fb80298d4b ( 13 imports ) > WINMM.dll: timeEndPeriod, timeSetEvent, timeKillEvent, mciGetErrorStringA, timeGetDevCaps, mixerClose, mixerSetControlDetails, mciGetDeviceIDA, mciSendStringA, timeBeginPeriod, sndPlaySoundA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerGetControlDetailsA > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA > MPR.dll: WNetCloseEnum, WNetOpenEnumA, WNetEnumResourceA > COMCTL32.dll: ImageList_AddMasked, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create > KERNEL32.dll: CreateEventA, GetSystemDefaultLangID, GetLocaleInfoA, GetSystemDefaultLCID, GetWindowsDirectoryA, GlobalFree, GlobalAlloc, GlobalUnlock, lstrcatA, lstrcpyA, lstrlenA, lstrcatW, lstrlenW, GlobalLock, lstrcpyW, GetVersionExA, QueryPerformanceCounter, QueryPerformanceFrequency, QueryDosDeviceA, GetFileType, CreateFileA, GetFileAttributesA, WinExec, WriteFile, MulDiv, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA, _lwrite, _lclose, _hwrite, GlobalSize, OpenFile, _hread, _llseek, _lopen, SetThreadPriority, GetCurrentProcess, GetCurrentThreadId, SetFilePointer, GetLastError, ReadFile, SetEndOfFile, FlushFileBuffers, WaitForSingleObject, GetVolumeInformationA, GetDriveTypeA, GetLogicalDriveStringsA, SetFileAttributesA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetLocalTime, lstrcmpA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, SetErrorMode, FindCloseChangeNotification, Sleep, FindNextChangeNotification, WaitForMultipleObjects, FindFirstChangeNotificationA, GetEnvironmentVariableA, GetShortPathNameA, CompareFileTime, GetFileTime, ReleaseMutex, CreateMutexA, GetTimeZoneInformation, LocalAlloc, LocalReAlloc, LocalFree, lstrcpynA, GetTempPathA, SizeofResource, GetSystemTimeAsFileTime, CreateThread, TlsGetValue, TlsSetValue, ExitThread, HeapFree, HeapAlloc, GetOEMCP, GetCPInfo, ExitProcess, GetModuleHandleA, TerminateProcess, RtlUnwind, LoadLibraryA, GetProcAddress, FreeLibrary, SetEvent, CloseHandle, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, FindResourceA, LoadResource, LockResource, HeapReAlloc, GetTimeFormatA, GetDateFormatA, GetStartupInfoA, GetCommandLineA, EnterCriticalSection, SetConsoleCtrlHandler, DeleteFileA, MoveFileA, LeaveCriticalSection, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TlsFree, SetLastError, TlsAlloc, UnhandledExceptionFilter, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, SetEnvironmentVariableA, SetEnvironmentVariableW, VirtualProtect, GetSystemInfo, VirtualQuery, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RaiseException, InitializeCriticalSection, SetStdHandle, GetCurrentProcessId, HeapSize, CompareStringA, CompareStringW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, RemoveDirectoryA, GetACP, GetCurrentDirectoryA, SetCurrentDirectoryA, GetFullPathNameA, GetDiskFreeSpaceA, CreateDirectoryA > USER32.dll: DdeAccessData, DdeQueryStringA, DdeCreateDataHandle, DdeClientTransaction, DdeConnect, DdeCreateStringHandleA, DdeInitializeA, CallWindowProcA, SetKeyboardState, GetKeyboardState, ToAscii, ScrollDC, DrawIconEx, GetMessageA, GetWindowThreadProcessId, ClipCursor, FlashWindow, ShowScrollBar, CharLowerBuffA, CharLowerA, GetWindowDC, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, VkKeyScanA, GetKeyboardLayout, CopyAcceleratorTableA, MapVirtualKeyA, CallNextHookEx, GetCapture, GetSystemMetrics, SystemParametersInfoA, RedrawWindow, PeekMessageA, DefMDIChildProcA, GetMenuState, IsMenu, RemoveMenu, SetMenuItemInfoA, GetMenuItemInfoA, GetMenuItemID, TrackPopupMenu, GetMenuCheckMarkDimensions, RegisterWindowMessageA, SetWindowsHookExA, LoadAcceleratorsA, DispatchMessageA, TranslateMessage, TranslateMDISysAccel, TranslateAcceleratorA, IsDialogMessageA, GetForegroundWindow, LoadMenuA, PostQuitMessage, DefFrameProcA, RegisterClassExA, UnhookWindowsHookEx, ChildWindowFromPoint, ValidateRect, InvertRect, DefWindowProcA, DrawFrameControl, RegisterClassA, CreateIconIndirect, FindWindowExA, FindWindowA, SetScrollInfo, EqualRect, DdeUnaccessData, WindowFromPoint, ScreenToClient, CreateMenu, SetActiveWindow, GetWindow, GetMenuStringA, GetCursorPos, GetFocus, GetAsyncKeyState, GetWindowLongA, OpenClipboard, IsClipboardFormatAvailable, GetClipboardData, EmptyClipboard, CloseClipboard, SetClipboardData, GetWindowTextLengthA, GetWindowTextA, WinHelpA, LoadStringA, MessageBeep, GetTopWindow, IsZoomed, GetActiveWindow, IsWindow, IsCharAlphaNumericA, GetDesktopWindow, IsIconic, GetDialogBaseUnits, SetDlgItemInt, GetDlgItemInt, GetSystemMenu, CheckMenuItem, LoadCursorA, SetCursor, CreatePopupMenu, DestroyMenu, GetMenu, GetSubMenu, GetMenuItemCount, DeleteMenu, AppendMenuA, DrawMenuBar, FrameRect, FillRect, DestroyIcon, LoadImageA, SetWindowTextA, GetClientRect, GetParent, DrawFocusRect, GetSysColor, CheckDlgButton, IsWindowEnabled, GetKeyState, IsDlgButtonChecked, BeginPaint, EndPaint, SendMessageA, LoadBitmapA, InvalidateRect, UpdateWindow, KillTimer, EndDialog, SetRect, SetFocus, PostMessageA, PtInRect, LoadIconA, DdeFreeDataHandle, DdeNameService, DdeUninitialize, DdeDisconnect, DdeFreeStringHandle, DialogBoxParamA, IsChild, InsertMenuA, ModifyMenuA, GetNextDlgTabItem, EnableMenuItem, ChildWindowFromPointEx, GetScrollPos, GetScrollRange, ClientToScreen, SetScrollPos, EnableWindow, ShowWindow, MoveWindow, SetWindowPos, SetTimer, wsprintfA, SetMenu, CreateWindowExA, SetScrollRange, GetIconInfo, DrawIcon, GetDlgCtrlID, DrawTextA, SetCapture, ReleaseCapture, GetWindowPlacement, SetWindowPlacement, BringWindowToTop, SetForegroundWindow, SendDlgItemMessageA, GetDC, GetDlgItem, GetWindowRect, MapWindowPoints, ReleaseDC, IsWindowVisible, CreateDialogParamA, DestroyWindow, GetClassNameA, CopyRect, SetWindowLongA > GDI32.dll: CreateCompatibleBitmap, LineTo, MoveToEx, CreatePen, SelectClipRgn, CombineRgn, CreateRectRgn, GetNearestColor, GetDeviceCaps, GetTextExtentPointA, CreateFontIndirectA, GetDIBits, CreateDIBitmap, ExtFloodFill, CreatePatternBrush, Rectangle, RoundRect, StretchBlt, GetStockObject, SetROP2, SetBkMode, EnumFontFamiliesExA, GetTextCharset, PtInRegion, CreatePolygonRgn, Polyline, SetPixel, ExcludeClipRect, CreateBitmap, PatBlt, StretchDIBits, SetWindowOrgEx, GetObjectType, TextOutA, DeleteDC, SetStretchBltMode, SetBrushOrgEx, CreateCompatibleDC, BitBlt, GetObjectA, CreateFontA, CreateSolidBrush, CreateHatchBrush, GetTextMetricsA, SetTextColor, SetBkColor, ExtTextOutA, DeleteObject, SelectObject, Ellipse, GetPixel, SetPixelV > comdlg32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, ChooseColorA > ADVAPI32.dll: RegEnumKeyA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyA, RegSetValueA, RegCloseKey, RegOpenKeyExA > SHELL32.dll: SHGetSpecialFolderLocation, Shell_NotifyIconA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetPathFromIDListA, SHGetMalloc, DragQueryPoint, DragQueryFileA, DragFinish, ExtractIconExA, ExtractIconA, FindExecutableA, ShellExecuteA, DragAcceptFiles > ole32.dll: ProgIDFromCLSID, CoCreateInstance, CLSIDFromProgID, OleInitialize, OleUninitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, - ( 0 exports )

RDS...: NSRL Reference Data Set -

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)

sigcheck: publisher....: mIRC Co. Ltd. copyright....: Copyright © 1995-2004 mIRC Co. Ltd. product......: mIRC description..: mIRC original name: mirc.exe internal name: mIRC file version.: 6.16 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.02.17 -

AhnLab-V3 5.0.0.2 2010.02.17 -

AntiVir 8.2.1.170 2010.02.17 -

Antiy-AVL 2.0.3.7 2010.02.17 RiskWare/mIRC.6.gen

Authentium 5.2.0.5 2010.02.17 -

Avast 4.8.1351.0 2010.02.17 -

AVG 9.0.0.730 2010.02.17 -

BitDefender 7.2 2010.02.17 -

CAT-QuickHeal 10.00 2010.02.17 -

ClamAV 0.96.0.0-git 2010.02.17 -

Comodo 3970 2010.02.17 Application.Win32.ClientIRC.mIRC.~A

DrWeb 5.0.1.12222 2010.02.17 -

eSafe 7.0.17.0 2010.02.17 Win32.mIRC-based

eTrust-Vet 35.2.7308 2010.02.17 -

F-Prot 4.5.1.85 2010.02.16 -

F-Secure 9.0.15370.0 2010.02.17 -

Fortinet 4.0.14.0 2010.02.15 -

GData 19 2010.02.17 -

Ikarus T3.1.1.80.0 2010.02.17 not-a-virus:Client-IRC.Win32.mIRC

Jiangmin 13.0.900 2010.02.17 -

K7AntiVirus 7.10.974 2010.02.15 not-a-virus:Client-IRC.Win32.mIRC

Kaspersky 7.0.0.125 2010.02.17 not-a-virus:Client-IRC.Win32.mIRC.616

McAfee 5894 2010.02.16 -

McAfee+Artemis 5894 2010.02.16 -

McAfee-GW-Edition 6.8.5 2010.02.17 -

Microsoft 1.5406 2010.02.17 -

NOD32 4875 2010.02.17 -

Norman 6.04.08 2010.02.17 -

nProtect 2009.1.8.0 2010.02.17 -

Panda 10.0.2.2 2010.02.17 -

PCTools 7.0.3.5 2010.02.17 -

Prevx 3.0 2010.02.17 -

Rising 22.34.01.03 2010.02.11 Worm.Win32.IRCbot.bay

Sophos 4.50.0 2010.02.17 -

Sunbelt 5682 2010.02.17 -

Symantec 20091.2.0.41 2010.02.17 -

TheHacker 6.5.1.4.197 2010.02.17 Aplicacion/mIRC.16

TrendMicro 9.120.0.1004 2010.02.17 -

VBA32 3.12.12.2 2010.02.16 -

ViRobot 2010.2.17.2190 2010.02.17 Not_a_virus:ClientIRC.mIRC.1949696

VirusBuster 5.0.21.0 2010.02.17 -

Information additionnelle

File size: 1949696 bytes

MD5...: 0471108d25398e9f200fd7c580082a8e

SHA1..: 12c7e3b5f76035e57aa73226263ee19a92766476

SHA256: b4802528ce5398617f79a51036a9aa2fd9edcc49f942e5d73242c4505863b175

ssdeep: 24576:Ea2DsXeCbUZ7XRlql33ZMLhNLkqJhIG7go8W+D6GSEqMiPX6NSSJ/tcoVe 3ltAbM:1X6D2e3gzSlyUmLF8T

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x174729 timedatestamp.....: 0x40ec154b (Wed Jul 07 15:22:51 2004) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1811ab 0x182000 6.60 5dbf46bf0141d2596b4d547d6625d043 .rdata 0x183000 0x173a8 0x18000 5.98 94e874f8d7ca56804ce22ea9bf97b9c2 .data 0x19b000 0x2adc0 0x4000 4.18 6e2e45c5559f2f04325c177d9ccaeb2b .rsrc 0x1c6000 0x3c2d0 0x3d000 4.32 e7ebc51fd01ba3606e34c6fb80298d4b ( 13 imports ) > WINMM.dll: timeEndPeriod, timeSetEvent, timeKillEvent, mciGetErrorStringA, timeGetDevCaps, mixerClose, mixerSetControlDetails, mciGetDeviceIDA, mciSendStringA, timeBeginPeriod, sndPlaySoundA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerGetControlDetailsA > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA > MPR.dll: WNetCloseEnum, WNetOpenEnumA, WNetEnumResourceA > COMCTL32.dll: ImageList_AddMasked, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create > KERNEL32.dll: CreateEventA, GetSystemDefaultLangID, GetLocaleInfoA, GetSystemDefaultLCID, GetWindowsDirectoryA, GlobalFree, GlobalAlloc, GlobalUnlock, lstrcatA, lstrcpyA, lstrlenA, lstrcatW, lstrlenW, GlobalLock, lstrcpyW, GetVersionExA, QueryPerformanceCounter, QueryPerformanceFrequency, QueryDosDeviceA, GetFileType, CreateFileA, GetFileAttributesA, WinExec, WriteFile, MulDiv, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA, _lwrite, _lclose, _hwrite, GlobalSize, OpenFile, _hread, _llseek, _lopen, SetThreadPriority, GetCurrentProcess, GetCurrentThreadId, SetFilePointer, GetLastError, ReadFile, SetEndOfFile, FlushFileBuffers, WaitForSingleObject, GetVolumeInformationA, GetDriveTypeA, GetLogicalDriveStringsA, SetFileAttributesA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetLocalTime, lstrcmpA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, SetErrorMode, FindCloseChangeNotification, Sleep, FindNextChangeNotification, WaitForMultipleObjects, FindFirstChangeNotificationA, GetEnvironmentVariableA, GetShortPathNameA, CompareFileTime, GetFileTime, ReleaseMutex, CreateMutexA, GetTimeZoneInformation, LocalAlloc, LocalReAlloc, LocalFree, lstrcpynA, GetTempPathA, SizeofResource, GetSystemTimeAsFileTime, CreateThread, TlsGetValue, TlsSetValue, ExitThread, HeapFree, HeapAlloc, GetOEMCP, GetCPInfo, ExitProcess, GetModuleHandleA, TerminateProcess, RtlUnwind, LoadLibraryA, GetProcAddress, FreeLibrary, SetEvent, CloseHandle, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, FindResourceA, LoadResource, LockResource, HeapReAlloc, GetTimeFormatA, GetDateFormatA, GetStartupInfoA, GetCommandLineA, EnterCriticalSection, SetConsoleCtrlHandler, DeleteFileA, MoveFileA, LeaveCriticalSection, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TlsFree, SetLastError, TlsAlloc, UnhandledExceptionFilter, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, SetEnvironmentVariableA, SetEnvironmentVariableW, VirtualProtect, GetSystemInfo, VirtualQuery, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RaiseException, InitializeCriticalSection, SetStdHandle, GetCurrentProcessId, HeapSize, CompareStringA, CompareStringW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, RemoveDirectoryA, GetACP, GetCurrentDirectoryA, SetCurrentDirectoryA, GetFullPathNameA, GetDiskFreeSpaceA, CreateDirectoryA > USER32.dll: DdeAccessData, DdeQueryStringA, DdeCreateDataHandle, DdeClientTransaction, DdeConnect, DdeCreateStringHandleA, DdeInitializeA, CallWindowProcA, SetKeyboardState, GetKeyboardState, ToAscii, ScrollDC, DrawIconEx, GetMessageA, GetWindowThreadProcessId, ClipCursor, FlashWindow, ShowScrollBar, CharLowerBuffA, CharLowerA, GetWindowDC, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, VkKeyScanA, GetKeyboardLayout, CopyAcceleratorTableA, MapVirtualKeyA, CallNextHookEx, GetCapture, GetSystemMetrics, SystemParametersInfoA, RedrawWindow, PeekMessageA, DefMDIChildProcA, GetMenuState, IsMenu, RemoveMenu, SetMenuItemInfoA, GetMenuItemInfoA, GetMenuItemID, TrackPopupMenu, GetMenuCheckMarkDimensions, RegisterWindowMessageA, SetWindowsHookExA, LoadAcceleratorsA, DispatchMessageA, TranslateMessage, TranslateMDISysAccel, TranslateAcceleratorA, IsDialogMessageA, GetForegroundWindow, LoadMenuA, PostQuitMessage, DefFrameProcA, RegisterClassExA, UnhookWindowsHookEx, ChildWindowFromPoint, ValidateRect, InvertRect, DefWindowProcA, DrawFrameControl, RegisterClassA, CreateIconIndirect, FindWindowExA, FindWindowA, SetScrollInfo, EqualRect, DdeUnaccessData, WindowFromPoint, ScreenToClient, CreateMenu, SetActiveWindow, GetWindow, GetMenuStringA, GetCursorPos, GetFocus, GetAsyncKeyState, GetWindowLongA, OpenClipboard, IsClipboardFormatAvailable, GetClipboardData, EmptyClipboard, CloseClipboard, SetClipboardData, GetWindowTextLengthA, GetWindowTextA, WinHelpA, LoadStringA, MessageBeep, GetTopWindow, IsZoomed, GetActiveWindow, IsWindow, IsCharAlphaNumericA, GetDesktopWindow, IsIconic, GetDialogBaseUnits, SetDlgItemInt, GetDlgItemInt, GetSystemMenu, CheckMenuItem, LoadCursorA, SetCursor, CreatePopupMenu, DestroyMenu, GetMenu, GetSubMenu, GetMenuItemCount, DeleteMenu, AppendMenuA, DrawMenuBar, FrameRect, FillRect, DestroyIcon, LoadImageA, SetWindowTextA, GetClientRect, GetParent, DrawFocusRect, GetSysColor, CheckDlgButton, IsWindowEnabled, GetKeyState, IsDlgButtonChecked, BeginPaint, EndPaint, SendMessageA, LoadBitmapA, InvalidateRect, UpdateWindow, KillTimer, EndDialog, SetRect, SetFocus, PostMessageA, PtInRect, LoadIconA, DdeFreeDataHandle, DdeNameService, DdeUninitialize, DdeDisconnect, DdeFreeStringHandle, DialogBoxParamA, IsChild, InsertMenuA, ModifyMenuA, GetNextDlgTabItem, EnableMenuItem, ChildWindowFromPointEx, GetScrollPos, GetScrollRange, ClientToScreen, SetScrollPos, EnableWindow, ShowWindow, MoveWindow, SetWindowPos, SetTimer, wsprintfA, SetMenu, CreateWindowExA, SetScrollRange, GetIconInfo, DrawIcon, GetDlgCtrlID, DrawTextA, SetCapture, ReleaseCapture, GetWindowPlacement, SetWindowPlacement, BringWindowToTop, SetForegroundWindow, SendDlgItemMessageA, GetDC, GetDlgItem, GetWindowRect, MapWindowPoints, ReleaseDC, IsWindowVisible, CreateDialogParamA, DestroyWindow, GetClassNameA, CopyRect, SetWindowLongA > GDI32.dll: CreateCompatibleBitmap, LineTo, MoveToEx, CreatePen, SelectClipRgn, CombineRgn, CreateRectRgn, GetNearestColor, GetDeviceCaps, GetTextExtentPointA, CreateFontIndirectA, GetDIBits, CreateDIBitmap, ExtFloodFill, CreatePatternBrush, Rectangle, RoundRect, StretchBlt, GetStockObject, SetROP2, SetBkMode, EnumFontFamiliesExA, GetTextCharset, PtInRegion, CreatePolygonRgn, Polyline, SetPixel, ExcludeClipRect, CreateBitmap, PatBlt, StretchDIBits, SetWindowOrgEx, GetObjectType, TextOutA, DeleteDC, SetStretchBltMode, SetBrushOrgEx, CreateCompatibleDC, BitBlt, GetObjectA, CreateFontA, CreateSolidBrush, CreateHatchBrush, GetTextMetricsA, SetTextColor, SetBkColor, ExtTextOutA, DeleteObject, SelectObject, Ellipse, GetPixel, SetPixelV > comdlg32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, ChooseColorA > ADVAPI32.dll: RegEnumKeyA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyA, RegSetValueA, RegCloseKey, RegOpenKeyExA > SHELL32.dll: SHGetSpecialFolderLocation, Shell_NotifyIconA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetPathFromIDListA, SHGetMalloc, DragQueryPoint, DragQueryFileA, DragFinish, ExtractIconExA, ExtractIconA, FindExecutableA, ShellExecuteA, DragAcceptFiles > ole32.dll: ProgIDFromCLSID, CoCreateInstance, CLSIDFromProgID, OleInitialize, OleUninitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, - ( 0 exports )

RDS...: NSRL Reference Data Set -

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)

sigcheck: publisher....: mIRC Co. Ltd. copyright....: Copyright © 1995-2004 mIRC Co. Ltd. product......: mIRC description..: mIRC original name: mirc.exe internal name: mIRC file version.: 6.16 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Apollo · le 17 février 2010

Re,

Bon, 9 détections de "riskwares" sur 42 antivirus, (ce qui n'est ni virus ni cheval de Troie.)

Je te laisse la décision quant à savoir si tu gardes ou désinstalles ce programme.

Est-ce que ton pc fonctionne correctement?

Poste un nouveau log Hijackthis stp.

@++

zebb_17 · le 17 février 2010

Mon pc tourne beaucoup mieux , rien à voir avec ce matin et ces derniers jours.

J'ai mis à jour Flash et Acrobat comme tu m'as conseillé.

Voici le rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:11:16, on 17/02/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min/nosplash

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: SetPointII.lnk = ?

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--

End of file - 5881 bytes

Apollo · le 17 février 2010

C'est bien alors.

On va juste fixer quelques entrées inutiles au boot du pc:

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA/7: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - Global Startup: SetPointII.lnk = ?

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

-------------------------------

Il vaut mieux supprimer tous les points de la restauration système puis créer un nouveau point de restauration afin d'éviter de remonter un point infecté par mégarde.

Ceci est la procédure pour Vista; si ça n'était pas identique sous Seven, n'hésite pas à me le dire et je me renseignerais auprès de Marie sur Vista-XP.fr qui est une grande connaisseuse de ces systèmes

Vista: désactiver la restauration du sytème

----------------------------------

Après avoir fait cela:

Réutilise ToolCleaner comme tu l'as déjà fait au début de ce topic; je te rappelle comment faire:

Pour désinstaller les outils utilisés:

Télécharger ToolsCleaner! pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

Options facultatives

A utiliser si vous le souhaitez :

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

Mettre ToolsCleaner2 à la corbeille.

Si tu estimes que tes soucis sont réglés,

Pense à éditer ton premier post pour rajouter "Résolu" dans le titre. Pour cela clique sur "Editer dans ton premier post. Tu pourras alors changer le titre.

Prudence sur le net

zebb_17 · le 17 février 2010

Voici ce qu'il m'affiche dans la fenetre blanche:

Merci pour ton aide précieuse en tout cas

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\_OTM: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !

C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !

C:\Users\Géraldine\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !

C:\Users\Géraldine\Desktop\HijackThis.lnk: trouvé !

C:\Users\Géraldine\Documents\Logiciels\HijackThis: trouvé !

C:\Users\Géraldine\Documents\Logiciels\HijackThis\HJTInstall.exe: trouvé !

---------------------------------

--> Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !

C:\Users\Géraldine\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !

C:\Users\Géraldine\Desktop\HijackThis.lnk: supprimé !

C:\Users\Géraldine\Documents\Logiciels\HijackThis\HJTInstall.exe: supprimé !

C:\_OTM: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: supprimé !

C:\Users\Géraldine\Documents\Logiciels\HijackThis: supprimé !

Corbeille vidée!

Fichiers temporaires nettoyés !

Apollo · le 17 février 2010

Perfect.

Goodbye

Connexion

Pas encore inscrit ?

(RESOLU) msa.exe + pub IE+ pc lent

Messages recommandés

zebb_17

Apollo

zebb_17

Apollo

zebb_17

Apollo

zebb_17

Apollo

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer