Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Ce qui relève de la sécurité mais n'est pas une désinfection : discussions sur les antivirus, firewalls, hips, méthodes de protection, prévention des infections, mises à jour. Conseils et coups de main pour sécuriser une machine, choisir un logiciel de sécurité, et au sens large parler de ce domaine.
-- Pas de demandes d'analyse. --

Modérateur: Modérateurs

Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 12 Nov 2008 07:07

Bonjour.

Depuis sa dernière mise à jour, Antivir me détecte cela:

Virus or unwanted program 'BDS/Small.gov [backdoor]'
detected in file 'C:\Lop SD\osVer.exe.

The file 'C:\WINDOWS\system32\Tools\Regexe.exe'
contained a virus or unwanted program 'TR/Dldr.Dadobra.bpa' [trojan]

Faux positif ou pas?

Merci
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar Falkra » 12 Nov 2008 10:24

Bonjour,

pour le premier, oui. As-tu mis antivir à jour depuis la détection ?
Pour le second, je me renseigne, je vais demander directement au développeur si cela fait partie de l'outil.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 12 Nov 2008 22:12

Bonsoir Falkra.

Je réponds oui à ta première question. (mises à jour au minimum 1 fois par jour).
Pour la deux, si tu as des infos, ça m'arrangera bien.

A noter que Antivir ne donne aucune info sur les malwares trouvés.

Salutations.
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar Falkra » 12 Nov 2008 23:03

Sur virustotal, à jour, Antivir ne détecte rien sur le premire fichier (qui appartient bien à Lop S&D).

Le deuxième n'en fait pas partie.

Rends toi sur ce lien : Virus Total
  • Clique sur le bouton Parcourir...
  • Parcours tes dossiers jusque à ce fichier, si tu le trouves :
    C:\WINDOWS\system32\Tools\Regexe.exe
  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : Image
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Tu auras sans doute besoin d'afficher les fichiers cachés et ceux du système :
http://www.libellules.ch/afficher_fichiers.php

Fais de même pour le premier stp.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 13 Nov 2008 06:56

Bonjour Falfra

Voici pour regexe
"Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes." En effet.

Fichier Regexe.exe reçu le 2008.11.13 06:50:35 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 TR/Dldr.Dadobra.bpa
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 Downloader.Generic8.COX
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Dldr.Dadobra.bpa
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Information additionnelle
File size: 370688 bytes
MD5...: 1d7ab8e965e5a919af2a3aa4a68205ef
SHA1..: fd2c13d8229c164ce2f53fbfdb14f0d603bcb04f
SHA256: 3f701b5984d796bd072af5c71e142765e79000fae52746ce8cffe9aa71c8b991
SHA512: 309ff3faca12ba5fb639585564121c04bdcf9a07709586eddd615f54930e9505<br>148ac49c407a2ba61069b942530fc45810db22ffbac7cec299b9d1a7e095ce21
PEiD..: BobSoft Mini Delphi -&gt; BoB / BobSoft
TrID..: File type identification<br>Win32 Executable Borland Delphi 7 (69.1%)<br>Win32 Executable Borland Delphi 6 (27.0%)<br>Win32 Executable Delphi generic (1.5%)<br>Win32 Executable Generic (0.8%)<br>Win32 Dynamic Link Library (generic) (0.7%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44d110<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x4c14c 0x4c200 6.53 12dfcdfd343e994ba649afe20ff0d974<br>DATA 0x4e000 0x1124 0x1200 4.04 4ae26de32dab5d714fc5869d3343788b<br>BSS 0x50000 0xbd9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x51000 0x1fc0 0x2000 5.01 4b3417ffab3cd74a6db6e96985766ea3<br>.tls 0x53000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x54000 0x18 0x200 0.21 de85a91d4020adeb5b34c6aceb8dee5e<br>.reloc 0x55000 0x5590 0x5600 6.67 1acc3aca2bccd929c019ff64c6fcf8f0<br>.rsrc 0x5b000 0x5800 0x5800 4.13 37521d47030d240c3d544822e845e6f7<br><br>( 13 imports ) <br>&gt; kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>&gt; user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>&gt; oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>&gt; kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey<br>&gt; kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>&gt; version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>&gt; gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt<br>&gt; user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout<br>&gt; kernel32.dll: Sleep<br>&gt; oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br>&gt; comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 TR/Dldr.Dadobra.bpa
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 Downloader.Generic8.COX
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Dldr.Dadobra.bpa
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -

Information additionnelle
File size: 370688 bytes
MD5...: 1d7ab8e965e5a919af2a3aa4a68205ef
SHA1..: fd2c13d8229c164ce2f53fbfdb14f0d603bcb04f
SHA256: 3f701b5984d796bd072af5c71e142765e79000fae52746ce8cffe9aa71c8b991
SHA512: 309ff3faca12ba5fb639585564121c04bdcf9a07709586eddd615f54930e9505<br>148ac49c407a2ba61069b942530fc45810db22ffbac7cec299b9d1a7e095ce21
PEiD..: BobSoft Mini Delphi -&gt; BoB / BobSoft
TrID..: File type identification<br>Win32 Executable Borland Delphi 7 (69.1%)<br>Win32 Executable Borland Delphi 6 (27.0%)<br>Win32 Executable Delphi generic (1.5%)<br>Win32 Executable Generic (0.8%)<br>Win32 Dynamic Link Library (generic) (0.7%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44d110<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x4c14c 0x4c200 6.53 12dfcdfd343e994ba649afe20ff0d974<br>DATA 0x4e000 0x1124 0x1200 4.04 4ae26de32dab5d714fc5869d3343788b<br>BSS 0x50000 0xbd9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x51000 0x1fc0 0x2000 5.01 4b3417ffab3cd74a6db6e96985766ea3<br>.tls 0x53000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x54000 0x18 0x200 0.21 de85a91d4020adeb5b34c6aceb8dee5e<br>.reloc 0x55000 0x5590 0x5600 6.67 1acc3aca2bccd929c019ff64c6fcf8f0<br>.rsrc 0x5b000 0x5800 0x5800 4.13 37521d47030d240c3d544822e845e6f7<br><br>( 13 imports ) <br>&gt; kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>&gt; user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>&gt; oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>&gt; kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey<br>&gt; kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>&gt; version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>&gt; gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt<br>&gt; user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout<br>&gt; kernel32.dll: Sleep<br>&gt; oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br>&gt; comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create<br><br>( 0 exports ) <br>
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 13 Nov 2008 07:06

Voici pour le premier:


Fichier osVer.exe reçu le 2008.11.13 07:01:54 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 BDS/Small.gov
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 BackDoor.Generic10.XDX
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 Backdoor.Win32.Small.gov
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 Backdoor.Win32.Small.gov
Kaspersky 7.0.0.125 2008.11.13 Backdoor.Win32.Small.gov
McAfee 5432 2008.11.13 Generic BackDoor
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 probably a variant of Win32/Small
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Backdoor.Small.gov
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Information additionnelle
File size: 40960 bytes
MD5...: 95c7f0f2e83bd6c144b3f1d15a545e6f
SHA1..: 227bd894904e1f4b0e8c20c95a9b41afc5b9135e
SHA256: d0ce009af9c28b0a4b555a89a7a0fb9cff170f9165c0be8a40c7fc744238abc1
SHA512: 8b61ba9336d4ea9fd362a85a0e30197138fb24d32c8a5dd10c71fc39a69c652e<br>b4671c75e627e3c6c8bf1739c70fab6bfb87d93ff2b3d6b59cfe196fe4cad427
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4014d5<br>timedatestamp.....: 0x427a3c57 (Thu May 05 15:31:35 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5638 0x6000 6.23 493c377c3d64d8d96c17ecd877ce2737<br>.rdata 0x7000 0x1422 0x2000 3.38 d1a8ba392cc0b3a43d45f2a1052a7aa2<br>.data 0x9000 0x1c68 0x1000 1.00 b966ecd0c820ba0aa5dbaf76efedc916<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetVersionExW, GetModuleHandleA, GetCommandLineA, GetVersionExA, ExitProcess, GetProcAddress, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, HeapAlloc, SetFilePointer, MultiByteToWideChar, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, HeapReAlloc, RtlUnwind, InterlockedExchange, VirtualQuery, FlushFileBuffers, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, HeapSize, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, GetLocaleInfoA, VirtualProtect, GetSystemInfo<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 BDS/Small.gov
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 BackDoor.Generic10.XDX
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 Backdoor.Win32.Small.gov
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 Backdoor.Win32.Small.gov
Kaspersky 7.0.0.125 2008.11.13 Backdoor.Win32.Small.gov
McAfee 5432 2008.11.13 Generic BackDoor
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 probably a variant of Win32/Small
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Backdoor.Small.gov
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -

Information additionnelle
File size: 40960 bytes
MD5...: 95c7f0f2e83bd6c144b3f1d15a545e6f
SHA1..: 227bd894904e1f4b0e8c20c95a9b41afc5b9135e
SHA256: d0ce009af9c28b0a4b555a89a7a0fb9cff170f9165c0be8a40c7fc744238abc1
SHA512: 8b61ba9336d4ea9fd362a85a0e30197138fb24d32c8a5dd10c71fc39a69c652e<br>b4671c75e627e3c6c8bf1739c70fab6bfb87d93ff2b3d6b59cfe196fe4cad427
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4014d5<br>timedatestamp.....: 0x427a3c57 (Thu May 05 15:31:35 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5638 0x6000 6.23 493c377c3d64d8d96c17ecd877ce2737<br>.rdata 0x7000 0x1422 0x2000 3.38 d1a8ba392cc0b3a43d45f2a1052a7aa2<br>.data 0x9000 0x1c68 0x1000 1.00 b966ecd0c820ba0aa5dbaf76efedc916<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetVersionExW, GetModuleHandleA, GetCommandLineA, GetVersionExA, ExitProcess, GetProcAddress, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, HeapAlloc, SetFilePointer, MultiByteToWideChar, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, HeapReAlloc, RtlUnwind, InterlockedExchange, VirtualQuery, FlushFileBuffers, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, HeapSize, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, GetLocaleInfoA, VirtualProtect, GetSystemInfo<br><br>( 0 exports ) <br>
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar Falkra » 14 Nov 2008 16:59

Tu as une très vieille version de Lop S&D, supprime-la directement (via ajout/suppression de programmes, ou sinon en effaçant le dossier). De manière générale, les outils de type fix, comme celui là, ne sont pas à gardet, et vieillissent mal, il ne faut utiliser que la dernière version, en cas de besoin avéré.

Mets le 2eme en quarantaine.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 14 Nov 2008 18:35

Bonsoir Falkra.

Préconisations effectuées.

Pour celui mis en quarantaine, si tu as du nouveau...

Merci
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar Falkra » 14 Nov 2008 18:39

On va jeter un coup d'oeil. :wink:

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 17 Nov 2008 07:22

Bonjour Falkra.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-17 07:07:34
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 65 GB (65%) free of 100 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:04, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
E:\Program Files\Nero 7\InCD\InCD.exe
C:\Program Files\SkypeMate\SkypeMate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
E:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [InCD] E:\Program Files\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB46AC1A-DA75-4BDC-A5C7-C4E9504DD88F}: NameServer = 193.95.66.11,213.150.176.196
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

--
End of file - 5969 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-06 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-04-09 1423360]
"BOC-425"=C:\PROGRA~1\Comodo\CBOClean\BOC425.exe [2007-11-26 342272]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-18 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-18 81920]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"COMODO Firewall Pro"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-11-02 1797880]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-02-25 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-07-18 266497]
"InCD"=E:\Program Files\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"COMODO Internet Security"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-11-02 1797880]

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
SkypeMate.lnk - C:\Program Files\SkypeMate\SkypeMate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Sierra\FEAR\FEAR.exe"="E:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2008-11-17 07:07:34 ----D---- C:\rsit
2008-11-09 01:11:29 ----A---- C:\Documents and Settings\All Users\Application Data\vlc-0.9.4-win32.exe
2008-11-08 07:46:57 ----D---- C:\Program Files\Adobe
2008-11-08 07:46:21 ----SHD---- C:\Config.Msi
2008-10-31 05:27:29 ----D---- C:\Program Files\TouchStoneSoftware
2008-10-29 20:49:22 ----D---- C:\Program Files\hpHosts
2008-10-29 08:18:49 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-29 08:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-10-29 08:18:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-28 05:37:08 ----A---- C:\PureRa.txt
2008-10-20 16:27:26 ----A---- C:\WINDOWS\setuplog.txt
2008-10-15 05:27:52 ----D---- C:\WINDOWS\system32\Futuremark
2008-10-15 05:27:32 ----D---- C:\Program Files\Fichiers communs\Futuremark Shared
2008-10-14 04:41:50 ----D---- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org
2008-10-14 04:29:52 ----D---- C:\Program Files\JRE
2008-10-14 04:29:47 ----D---- C:\Program Files\OpenOffice.org 3
2008-10-03 05:29:04 ----HD---- C:\WINDOWS\PIF
2008-09-28 06:57:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc

======List of files/folders modified in the last 2 months======

2008-11-17 07:07:15 ----D---- C:\WINDOWS\Prefetch
2008-11-17 07:04:00 ----D---- C:\Program Files\Mozilla Firefox
2008-11-17 07:01:31 ----D---- C:\WINDOWS\Temp
2008-11-17 07:01:30 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-16 17:03:56 ----D---- C:\WINDOWS\system32
2008-11-16 16:50:33 ----A---- C:\WINDOWS\BOC425.INI
2008-11-16 16:44:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 16:44:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 16:04:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-11-16 15:54:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-11-14 16:36:59 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-11-13 06:37:13 ----D---- C:\WINDOWS\system32\Tools
2008-11-11 17:34:07 ----A---- C:\lopR.txt
2008-11-08 11:33:36 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-11-08 11:30:13 ----HD---- C:\WINDOWS\inf
2008-11-08 07:47:28 ----SHD---- C:\WINDOWS\Installer
2008-11-08 07:47:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-08 07:47:10 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-11-08 07:46:57 ----RD---- C:\Program Files
2008-11-08 07:46:51 ----D---- C:\WINDOWS\WinSxS
2008-11-02 10:02:46 ----A---- C:\WINDOWS\system32\guard32.dll
2008-10-29 08:21:30 ----D---- C:\WINDOWS
2008-10-29 08:19:25 ----D---- C:\WINDOWS\system32\DllCache
2008-10-27 12:49:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 06:58:49 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-20 15:54:48 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-10-20 13:17:35 ----D---- C:\Downloads
2008-10-15 05:27:53 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 05:27:32 ----D---- C:\Program Files\Fichiers communs
2008-10-15 05:26:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-15 05:07:02 ----RSD---- C:\WINDOWS\Fonts
2008-10-14 04:30:36 ----RSD---- C:\WINDOWS\assembly
2008-10-14 04:29:21 ----D---- C:\Program Files\OpenOffice.org 2.1
2008-10-12 13:47:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-09-22 01:00:48 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-02 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-02 31504]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2003-02-18 17504]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-18 7435136]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
S3 MBAMCatchMe;MBAMCatchMe; \??\C:\WINDOWS\system32\drivers\mbamcatchme.sys []
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51; C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 253440]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-18 164097]
R2 AntiVirScheduler;AntiVir PersonalEdition Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-10-23 68865]
R2 AntiVirService;AntiVir PersonalEdition Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-10-23 151297]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-18 41217]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2007-11-26 73472]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\Firewall\cmdagent.exe [2008-11-02 614136]
R2 InCDsrv;InCD Helper; E:\Program Files\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-18 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe [2007-12-12 213176]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe [2007-12-12 1253568]

-----------------EOF-----------------
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 17 Nov 2008 07:23

....

info.txt logfile of random's system information tool 1.04 2008-11-17 07:08:06

======Uninstall list======

-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->E:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x40c
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
BearPaw 2400CU Plus v1.6-->C:\PROGRA~1\BEARPA~1\Driver\UNINST.EXE
BOClean-->C:\WINDOWS\UNBOC.EXE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Conexant 11252 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Desk Drive-->MsiExec.exe /I{09883A2B-9EAD-4D5C-883E-1547B5684917}
Elfima Notepad 1.6.3-->"e:\Program Files\Elfima\Notepad\unins000.exe"
Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
FEAR-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x10 -removeonly
Foxit PDF Editor-->e:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Handy Recovery 4.0-->"e:\Program Files\SoftLogica\Handy Recovery\Uninstall.exe" "e:\Program Files\SoftLogica\Handy Recovery\install.log" -u
HDD Health v3.0 Beta-->"C:\Program Files\HDD Health\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hpHosts-->"C:\Program Files\hpHosts\unins000.exe"
IEEE 802.11g Wireless Cardbus/PCI Adapter-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{29F15D3F-5B37-44DB-BB89-390B3AD1404E}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JLC's Internet TV-->"e:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
Nero 7 Essentials-->MsiExec.exe /X{8046A32C-88A7-45DA-B6D7-B6191E261036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCCT Perestroika 1.1.1b-->"C:\Program Files\OCCT\unins000.exe"
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Pack Crystal Clear 1.0-->C:\WINDOWS\BricoPacks\Crystal Clear\Remove.exe
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c
PC Wizard 2008.1.86-->"E:\Program Files\PC Wizard 2006\PC Wizard 2008\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recover Files 2.1-->"e:\Program Files\Recover Files\unins000.exe"
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Revo Uninstaller 1.71-->E:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RivaTuner v2.06-->"C:\Program Files\RivaTuner v2.06\uninstall.exe"
SiSoftware Sandra Lite XII.SP1-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\unins000.exe"
SkypeMate-->"C:\Program Files\SkypeMate\uninstall.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Task Killer (remove only)-->\uninstall.exe
TmNationsForever-->"e:\Program Files\TmNationsForever\unins000.exe"
TUGZip 3.5-->"e:\Program Files\TUGZip\unins000.exe"
Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Undelete SD card-->MsiExec.exe /I{6D7CBF44-29F2-49B4-9859-1A50732EC31F}
Video Card Stability Test-->C:\Program Files\Video Card Stability Test\uninstall.exe
VLC media player 0.9.2-->e:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->e:\Program Files\Vuze\uninstall.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WordBiz version 1.8-->"e:\Program Files\WordBiz\unins000.exe"
WordFree PDF-->"e:\Program Files\WordFree PDF\unins000.exe"
XPize 4.6-->C:\WINDOWS\XPize\uninst.exe
ZebHelpProcess 2.23.3-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"

=====HijackThis Backups=====

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 000webhost.com
127.0.0.1 005.free-counter.co.uk
127.0.0.1 006.free-counter.co.uk
127.0.0.1 007.free-counter.co.uk
127.0.0.1 007guard.com
127.0.0.1 008.free-counter.co.uk
127.0.0.1 00a0-f0d5-a44e-33s6.cnc-inc.cn
127.0.0.1 00fun.com
127.0.0.1 00hq.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1

-----------------EOF-----------------

Merci
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar Falkra » 17 Nov 2008 15:53

Rien de suspect ici, si ça se trouve l'antivirus a bien fait son boulot et a mis fin à ça.

Est-ce qu'il se manifeste encore ?
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Virus or unwanted program 'BDS/Small.gov [backdoor]' detecte

Messagepar 1664 » 17 Nov 2008 16:12

Bonjour Falkra

Plus de manifestation, et pour l'instant aucun programme qui plante.
Je referai une analyse des fichiers mis en quarantaine par Avira ultérieurement.

Merci pour l'aide et salutations.
Avatar de l’utilisateur
1664
 
Messages: 44
Inscription: 02 Juil 2008 17:03
Localisation: Monastir


Retourner vers Discussions, prévention, protection

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités