Se connecter / S'enregistrer
Votre question

Publicité qui s'ouvrent toute seule !

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Janvier 2009 12:13:40

Bonjour tout le monde !

Eh bien me voilà sur ce forum pour exposer un problème assez commun ; j'ai des publicités qui ne cessent de s'ouvrir toute seule. Assez chiant quand une autre personne (en l'occurrence mon père gros novice en informatique) va sur le PC. Brefn cela m'étais déja arrivé, j'avais fait une restauration du système et tout.. Mais la ca fait trop longtemps que l'ordinateur est contaminé donc impossible pour moi d'effacer tout mes nouveaux fichiers dessus. Je vous poste le rapport Hijackthis. Merci d'avance.

PS :: Si mon sujet reste "mort" la semaine c'est parce que suis a l'école a 60 km de chez moi sans le PC. C'est pour sa j'essaye de regler ca au plus vite. Bises a tous et bonne journée.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:38, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\documents and settings\administrateur\local settings\application data\eiwuakg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\ADMINI~1\APPLIC~1\clipsrv.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /S /PSCONV={NO}
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ComRepl] C:\WINDOWS\System32\comrepl.exe /com /w
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eiwuakg] "c:\documents and settings\administrateur\local settings\application data\eiwuakg.exe" eiwuakg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ADMINI~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ADMINI~1\APPLIC~1\mstsc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{695D0CDA-BC00-47B8-8F63-97FCA8BA4D9C}: NameServer = 80.10.246.1 81.253.149.2
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 9467 bytes

Autres pages sur : publicite ouvrent seule

11 Janvier 2009 15:37:19

bonjour

1
désactive le module self defense d'avast avant de faire ce qui suit:

Clic-droit sur l'icône d'Avast! près de l'horloge >> "Réglages du programme..."

- Option "Dépannage" (au bas à gauche)

- Cocher "Désactiver le module self-defense d'avast!" >> "Ok"

2

Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


ajoute un nouveau rapport Hijackthis.
11 Janvier 2009 20:21:57

Rapport Combo Fix :

ComboFix 09-01-10.03 - Administrateur 2009-01-11 20:13:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015.426 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Local Settings\Application Data\eiwuakg.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\eiwuakg.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\eiwuakg_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\eiwuakg_navps.dat
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Spyware-Secure
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure trial.lnk
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
c:\windows\system32\comrepl.exe
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 20:15 . 2008-10-08 16:42 81,920 --a------ c:\windows\system\cisvc.exe
2008-12-21 12:48 . 2008-12-21 13:03 <REP> d-------- c:\documents and settings\Administrateur\Tracing
2008-12-21 12:44 . 2008-12-21 12:44 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-21 12:41 . 2008-12-21 12:41 <REP> d-------- c:\program files\Microsoft
2008-12-21 12:27 . 2008-12-21 12:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 20:21 --------- d-----w c:\program files\eMule
2008-12-21 12:23 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-21 12:13 --------- d-----w c:\program files\Windows Live
2008-12-12 13:56 --------- d-----w c:\program files\StuffPlug3
2008-12-10 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 22:11 --------- d-----w c:\program files\Spyware-Secure
2008-12-09 21:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-08 15:42 81,920 ----a-w c:\documents and settings\Administrateur\Application Data\mstsc.exe
2008-10-08 15:42 81,920 ----a-w c:\documents and settings\Administrateur\Application Data\clipsrv.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\READREG" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2007-11-29 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"AsioReg"="CTASIO.DLL" [2003-11-13 c:\windows\system32\CTASIO.DLL]
"CTHelper"="CTHELPER.EXE" [2003-11-13 c:\windows\system32\CTHELPER.EXE]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\docume~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe" [2008-10-08 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-10-08 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mstsc"="c:\docume~1\ADMINI~1\APPLIC~1\mstsc.exe" [2008-10-08 81920]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\System\cisvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-19 75856]
R4 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-10-30 446464]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-19 20560]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-08-31 13352]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
.
Contenu du dossier 'Tâches planifiées'

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-eiwuakg - c:\documents and settings\administrateur\local settings\application data\eiwuakg.exe
HKLM-Run-ComRepl - c:\windows\System32\comrepl.exe


.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.ustart.org
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {695D0CDA-BC00-47B8-8F63-97FCA8BA4D9C} = 80.10.246.1 81.253.149.2

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
c:\windows\Downloaded Program Files\GoPetsWeb.inf
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xaqwlzp2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xaqwlzp2.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 20:15:40
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-01-11 20:17:41
ComboFix-quarantined-files.txt 2009-01-11 19:17:38

Avant-CF: 101 929 566 208 octets libres
Après-CF: 102,136,807,424 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

158 --- E O F --- 2008-12-20 02:01:07

Rapport Hijack This ::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:16, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\clipsrv.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /S /PSCONV={NO}
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System32\drivers\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ADMINI~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ADMINI~1\APPLIC~1\mstsc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{695D0CDA-BC00-47B8-8F63-97FCA8BA4D9C}: NameServer = 80.10.246.1 81.253.149.2
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 9048 bytes


Voilà . Par contre je vais partir d'ici 15-20 minutes . Donc si vous répondez plus tard, je serais dans l'impossibilité de continuer la discussion . Mais merci d'avance =)
Contenus similaires
12 Janvier 2009 20:17:22

bonsoir

Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :
    C:\WINDOWS\System32\drivers\clipsrv.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    13 Janvier 2009 18:33:50

    Voilà le résultat ::


    Fichier clipsrv.exe reçu le 2009.01.13 18:30:31 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.13 -
    AhnLab-V3 2009.1.13.3 2009.01.13 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.13 -
    CAT-QuickHeal 10.00 2009.01.12 -
    ClamAV 0.94.1 2009.01.13 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6304 2009.01.12 -
    F-Prot 4.4.4.56 2009.01.12 -
    F-Secure 8.0.14470.0 2009.01.13 -
    Fortinet 3.117.0.0 2009.01.13 -
    GData 19 2009.01.13 -
    Ikarus T3.1.1.45.0 2009.01.13 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.13 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.13 TrojanDownloader:Win32/Horst.Q
    NOD32 3762 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.13 Cloaked Malware
    Rising 21.12.12.00 2009.01.13 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.13 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.13 -
    TheHacker 6.3.1.4.218 2009.01.13 -
    TrendMicro 8.700.0.1004 2009.01.13 -
    ViRobot 2009.1.13.1556 2009.01.13 -
    VirusBuster 4.5.11.0 2009.01.13 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.13 -
    AhnLab-V3 2009.1.13.3 2009.01.13 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.13 -
    CAT-QuickHeal 10.00 2009.01.12 -
    ClamAV 0.94.1 2009.01.13 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6304 2009.01.12 -
    F-Prot 4.4.4.56 2009.01.12 -
    F-Secure 8.0.14470.0 2009.01.13 -
    Fortinet 3.117.0.0 2009.01.13 -
    GData 19 2009.01.13 -
    Ikarus T3.1.1.45.0 2009.01.13 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.13 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.13 TrojanDownloader:Win32/Horst.Q
    NOD32 3762 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.13 Cloaked Malware
    Rising 21.12.12.00 2009.01.13 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.13 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.13 -
    TheHacker 6.3.1.4.218 2009.01.13 -
    TrendMicro 8.700.0.1004 2009.01.13 -
    ViRobot 2009.1.13.1556 2009.01.13 -
    VirusBuster 4.5.11.0 2009.01.13 -

    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>
    13 Janvier 2009 22:44:16

    re

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\documents and settings\Administrateur\Application Data\clipsrv.exe
    C:\WINDOWS\System32\drivers\clipsrv.exe



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    ++++++++++++

    Je voudrais vérifier des fichiers car j'ai un doute...
    analyse les fichiers en gras chez virus total

    c:\Documents and Settings\Administrateur\application data\MICROS~1\cmstp.exe
    c:\windows\System32\drivers\mqtgsvc.exe
    c:\dDocuments and Settings\Administrateur\application data\mstsc.exe
    14 Janvier 2009 07:52:39

    ComboFix 09-01-13.03 - Administrateur 2009-01-14 7:40:12.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015.614 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1169 [VPS 090113-1] *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\documents and settings\Administrateur\Application Data\clipsrv.exe
    c:\windows\System32\drivers\clipsrv.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\clipsrv.exe
    c:\windows\System32\drivers\clipsrv.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-14 au 2009-01-14 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-14 07:42 . 2008-10-08 16:42 81,920 --a------ c:\windows\system32\drivers\sessmgr.exe
    2009-01-14 07:42 . 2008-10-08 16:42 81,920 --a------ c:\windows\system\clipsrv.exe
    2009-01-14 07:41 . 2008-10-08 16:42 81,920 --a------ c:\windows\esentutl.exe
    2009-01-14 07:41 . 2008-10-08 16:42 81,920 --a------ c:\documents and settings\Administrateur\Application Data\ieudinit.exe
    2009-01-14 07:40 . 2008-10-08 16:42 81,920 --a------ c:\windows\system\rsvp.exe
    2009-01-11 20:15 . 2008-10-08 16:42 81,920 --a------ c:\windows\system\cisvc.exe
    2008-12-21 12:48 . 2008-12-21 13:03 <REP> d-------- c:\documents and settings\Administrateur\Tracing
    2008-12-21 12:44 . 2008-12-21 12:44 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-21 12:41 . 2008-12-21 12:41 <REP> d-------- c:\program files\Microsoft
    2008-12-21 12:27 . 2008-12-21 12:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-13 20:53 --------- d-----w c:\program files\eMule
    2008-12-21 12:23 --------- d-----w c:\program files\Messenger Plus! Live
    2008-12-21 12:13 --------- d-----w c:\program files\Windows Live
    2008-12-12 13:56 --------- d-----w c:\program files\StuffPlug3
    2008-12-10 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-09 22:11 --------- d-----w c:\program files\Spyware-Secure
    2008-12-09 21:25 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-08 15:42 81,920 ----a-w c:\documents and settings\Administrateur\Application Data\mstsc.exe
    .

    ------- Sigcheck -------

    2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
    2004-11-25 22:20 506368 048cb871e6f98e41f072b85c67c30925 c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2009-01-11_20.16.04,63 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    - 2009-01-11 11:09:16 59,974 ----a-w c:\windows\system32\perfc009.dat
    + 2009-01-14 06:20:10 59,974 ----a-w c:\windows\system32\perfc009.dat
    - 2009-01-11 11:09:16 72,830 ----a-w c:\windows\system32\perfc00C.dat
    + 2009-01-14 06:20:10 72,830 ----a-w c:\windows\system32\perfc00C.dat
    - 2009-01-11 11:09:16 398,136 ----a-w c:\windows\system32\perfh009.dat
    + 2009-01-14 06:20:10 398,136 ----a-w c:\windows\system32\perfh009.dat
    - 2009-01-11 11:09:16 465,344 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-14 06:20:10 465,344 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-14 06:16:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_56c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 c:\windows\MIDIDEF.EXE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DevconDefaultDB"="c:\windows\READREG" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2007-11-29 81920]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
    "AsioReg"="CTASIO.DLL" [2003-11-13 c:\windows\system32\CTASIO.DLL]
    "CTHelper"="CTHELPER.EXE" [2003-11-13 c:\windows\system32\CTHELPER.EXE]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "CmSTP"="c:\docume~1\ADMINI~1\APPLIC~1\MICROS~1\cmstp.exe" [2008-10-08 81920]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-10-08 81920]

    [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Mstsc"="c:\docume~1\ADMINI~1\APPLIC~1\mstsc.exe" [2008-10-08 81920]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=c:\docume~1\ADMINI~1\LOCALS~1\APPLIC~1\cmstp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-19 75856]
    R4 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-10-30 446464]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-19 20560]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-08-31 13352]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://www.ustart.org
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {695D0CDA-BC00-47B8-8F63-97FCA8BA4D9C} = 80.10.246.130 81.253.149.10

    c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
    hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    c:\windows\Downloaded Program Files\GoPetsWeb.inf
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xaqwlzp2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - prefs.js: keyword.URL - about:neterror?e=query&u=
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xaqwlzp2.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-14 07:42:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2009-01-14 7:44:17
    ComboFix-quarantined-files.txt 2009-01-14 06:44:14
    ComboFix2.txt 2009-01-11 19:17:43

    Avant-CF: 101,499,834,368 octets libres
    Après-CF: 101,487,472,640 octets libres

    168 --- E O F --- 2008-12-20 02:01:07

    Je poste les analyse de Total après ::

    Celle du deuxieme fichier :: mqtgsvc.exe


    Fichier mqtgsvc.exe reçu le 2009.01.14 07:55:44 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 -
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.20.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 -
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.20.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -

    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Analyse fichier :: mstsc.exe



    Fichier mstsc.exe reçu le 2009.01.14 08:04:31 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 TrojanDownloader:Win32/Horst.Q
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.20.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 TrojanDownloader:Win32/Horst.Q
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.20.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -

    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Et enfin analyse du dernier :: cmstp.exe


    Fichier cmstp.exe reçu le 2009.01.14 08:09:12 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 TrojanDownloader:Win32/Horst.Q
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.21.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.14 -
    AhnLab-V3 2009.1.13.3 2009.01.14 -
    AntiVir 7.9.0.54 2009.01.13 -
    Authentium 5.1.0.4 2009.01.13 -
    Avast 4.8.1281.0 2009.01.13 -
    AVG 8.0.0.229 2009.01.13 -
    BitDefender 7.2 2009.01.14 -
    CAT-QuickHeal 10.00 2009.01.14 -
    ClamAV 0.94.1 2009.01.14 -
    Comodo 927 2009.01.13 -
    DrWeb 4.44.0.09170 2009.01.13 -
    eSafe 7.0.17.0 2009.01.13 -
    eTrust-Vet 31.6.6306 2009.01.13 -
    F-Prot 4.4.4.56 2009.01.13 -
    F-Secure 8.0.14470.0 2009.01.14 -
    Fortinet 3.117.0.0 2009.01.14 -
    GData 19 2009.01.14 -
    Ikarus T3.1.1.45.0 2009.01.14 -
    K7AntiVirus 7.10.584 2009.01.09 -
    Kaspersky 7.0.0.125 2009.01.14 Heur.Trojan.Generic
    McAfee 5494 2009.01.13 -
    McAfee+Artemis 5494 2009.01.13 -
    Microsoft 1.4205 2009.01.14 TrojanDownloader:Win32/Horst.Q
    NOD32 3763 2009.01.13 -
    Norman 5.93.01 2009.01.13 -
    Panda 9.5.1.2 2009.01.13 Suspicious file
    PCTools 4.4.2.0 2009.01.13 -
    Prevx1 V2 2009.01.14 Cloaked Malware
    Rising 21.12.21.00 2009.01.14 -
    SecureWeb-Gateway 6.7.6 2009.01.13 -
    Sophos 4.37.0 2009.01.14 -
    Sunbelt 3.2.1831.2 2009.01.09 BehavesLike.Win32.Malware (v)
    Symantec 10 2009.01.14 -
    TheHacker 6.3.1.4.219 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.14 -
    VBA32 3.12.8.10 2009.01.13 -
    ViRobot 2009.1.14.1558 2009.01.14 -
    VirusBuster 4.5.11.0 2009.01.13 -

    Information additionnelle
    File size: 81920 bytes
    MD5...: 875d32fec30e740b21ea51bf8b0f75d5
    SHA1..: b50449cf9662dc5366a01be8d09d848e27cd891c
    SHA256: cf736269f1289af4781c05cd2d80447f9d69352fb95ee4cbd00f89558ab12a22
    SHA512: 070124118a6c5817ec2b2579f53a6ac90b3d843ed88e0e823739dbdb123ad6dd<br>24c34d1233984501f8ba5da32e766e55203d60d91be097287edbd8c398f38e1f<br>
    ssdeep: 1536:wg/dITJzHnWUSqXBgp/aIOhUaYn1XY6v4RqWGaTZB7zAp9c5oWt:wZ9znAg<br>BgJlOhW1H4U8wWoWt<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40ab46<br>timedatestamp.....: 0x48ecd429 (Wed Oct 08 15:39:21 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf3df 0x10000 6.20 dc64899530b74dfd2339ba880659674d<br>.rdata 0x11000 0x1fe2 0x2000 5.47 c9a6eabeac0e3b8b0411e61a1f96e66b<br>.data 0x13000 0x3798 0x1000 1.46 0b3d1dda62e79391950ea6fbe246263d<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, GetProcessPriorityBoost, CreateDirectoryA, GetStartupInfoA, GetFileType, OpenProcess, GetSystemDirectoryA, GetFileTime, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br>
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=041BEC8E...;/a>


    Voilà ! Merci !



    14 Janvier 2009 14:52:50

    re


    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.

    ++++++++++++++++
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS