Libellules.ch - forum d'informatique • warning spyware detected on your computer : Désinfections et demandes d'analyse

par **Asaracino** » 24 Juin 2008 14:38

Voici le test du fichier:

Fichier gsw32.exe reçu le 2008.06.24 15:29:37 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.23 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5323 2008.06.23 -
Microsoft None 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.23 -
Panda 9.0.0.4 2008.06.23 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 423016 bytes
MD5...: f60f75945d616754838b1f3f6ffd9d51
SHA1..: 217881890f788c42dd7e27ac71cc4b7bb6cf677a
SHA256: f12d10c72a5145bf4e41fc671db19c50a422e24af1b9b12457ec9de16e133bcd
SHA512: 5a5174922cf55f44d1b72460ff994a1b1557ae7f3c9a8baa537e8a2815405692 7ee976b0baf7a40dc80b37fb30b4916c40774b0860855f0f3e615431f27fd61d
PEiD..: Armadillo v1.71
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x445333 timedatestamp.....: 0x3641cad2 (Thu Nov 05 15:57:06 1998) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x57ca6 0x58000 6.46 5e9ddf077de8aaa82f8977eee5b59a6a .rdata 0x59000 0x75da 0x8000 4.39 1c84539724ecaa3ae0e7c767124cc7c1 .data 0x61000 0x63ac 0x3000 4.06 91aa6f75cabb300dee969c1d3775f276 .rsrc 0x68000 0x1628 0x2000 2.69 09c701a509fc941f63edc9e95a187c0c ( 9 imports ) > GSWDLL32.dll: -, - > KERNEL32.dll: TerminateProcess, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsA, LCMapStringA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringW, GetTimeZoneInformation, GlobalReAlloc, _lwrite, GlobalFree, _lread, _llseek, GlobalAlloc, LocalAlloc, GlobalHandle, lstrcatA, lstrcpyA, lstrlenA, MulDiv, _lclose, OpenFile, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcAddress, LoadLibraryA, _hread, _hwrite, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetProfileStringA, LocalHandle, GetCurrentThreadId, CreateMutexA, GetVersion, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, SetLastError, GetLastError, lstrcpynA, GetModuleHandleA, DuplicateHandle, GetCurrentProcess, CreateFileA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DeleteFileA, FindClose, FindFirstFileA, GetVolumeInformationA, GetFullPathNameA, GlobalUnlock, lstrcmpiA, GetModuleFileNameA, LocalFree, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, lstrcmpA, GlobalFlags, GetFileAttributesA, GetFileSize, GetFileTime, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetProcessVersion, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, HeapSize, HeapReAlloc, GetACP, GlobalLock > USER32.dll: GetPropA, CallNextHookEx, SetWindowsHookExA, GetKeyState, CallWindowProcA, SetPropA, WinHelpA, GetCapture, GetTopWindow, GetMenu, GetClassInfoA, GetMessageTime, CopyRect, AdjustWindowRectEx, MapWindowPoints, GetSysColorBrush, DestroyMenu, GetMessagePos, IsIconic, GetWindowPlacement, SetWindowPos, GetDlgItem, GetWindow, GetDlgCtrlID, GetClassNameA, GetLastActivePopup, IsWindowEnabled, EnableWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, GetFocus, GetParent, GetNextDlgTabItem, UnregisterClassA, UnhookWindowsHookEx, CharUpperA, GrayStringA, SystemParametersInfoA, DrawTextA, ClientToScreen, LoadMenuA, GetSubMenu, SetMenuDefaultItem, SetForegroundWindow, TrackPopupMenu, SendMessageA, DialogBoxParamA, PostQuitMessage, GetProcessWindowStation, GetThreadDesktop, GetUserObjectInformationA, SetRectEmpty, ReleaseDC, IsDialogMessageA, CreateDialogParamA, GetDC, GetWindowTextA, GetCursorPos, WindowFromPoint, GetWindowRect, PtInRect, MessageBoxA, LoadIconA, LoadCursorA, RegisterClassA, RegisterWindowMessageA, EnableMenuItem, GetMessageA, TranslateMessage, DispatchMessageA, GetSysColor, PostThreadMessageA, SetRect, CreateWindowExA, ShowWindow, UpdateWindow, DestroyWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EnumClipboardFormats, GetClipboardData, CloseClipboard, InvalidateRect, MessageBeep, ScrollWindow, SetScrollPos, GetUpdateRect, ValidateRect, SetFocus, SetCursor, BeginPaint, EndPaint, SetScrollRange, GetClassLongA, SetWindowLongA, GetClientRect, GetScrollRange, GetSystemMetrics, GetSystemMenu, GetMenuItemCount, GetMenuItemID, DeleteMenu, AppendMenuA, GetWindowLongA, RemovePropA, TabbedTextOutA, LoadStringA, DefWindowProcA, EndDialog, PostMessageA, SetDlgItemTextA, SetWindowTextA, IsWindow, GetForegroundWindow, MoveWindow, OffsetRect, PeekMessageA > GDI32.dll: CreateMetaFileA, ExtTextOutA, RectVisible, PtVisible, GetClipBox, ScaleWindowExtEx, ScaleViewportExtEx, OffsetViewportOrgEx, Escape, SelectClipRgn, SetWindowOrgEx, CreateRectRgn, CombineRgn, EndPage, StartPage, EndDoc, SetAbortProc, StartDocA, CreateDCA, PtInRegion, GetMetaFileBitsEx, CreateICA, CreatePolygonRgn, DeleteDC, CloseMetaFile, PlayMetaFile, GetViewportExtEx, CreateBitmap, SetBitmapDimensionEx, SetMetaFileBitsEx, SetMapMode, GetViewportOrgEx, SetWindowExtEx, SetViewportExtEx, SetViewportOrgEx, LPtoDP, DPtoLP, SaveDC, StretchDIBits, RestoreDC, EnumMetaFile, DeleteMetaFile, GetWindowExtEx, BitBlt, PlayMetaFileRecord, GetDeviceCaps, SetBkColor, SetROP2, FloodFill, Pie, Arc, MoveToEx, LineTo, GetTextExtentPointA, GetTextMetricsA, CreateFontIndirectA, CreateSolidBrush, CreateHatchBrush, CreateCompatibleBitmap, PatBlt, CreateDIBPatternBrush, CreatePen, DeleteObject, IntersectClipRect, Rectangle, Ellipse, SetTextAlign, SetBkMode, SetTextColor, SelectObject, TextOutA, SetPolyFillMode, Polyline, Polygon, GetPaletteEntries, CreatePalette, GetStockObject, GetObjectA, CreateCompatibleDC, SelectPalette, RealizePalette, GetDIBits > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > ADVAPI32.dll: InitializeSecurityDescriptor, SetSecurityDescriptorDacl > SHELL32.dll: Shell_NotifyIconA > COMCTL32.dll: - ( 4 exports ) DrawingWndProc, PrintAbortProc, PrintDialogProc, ServerWndProc 

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.23 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5323 2008.06.23 -
Microsoft None 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.23 -
Panda 9.0.0.4 2008.06.23 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 423016 bytes
MD5...: f60f75945d616754838b1f3f6ffd9d51
SHA1..: 217881890f788c42dd7e27ac71cc4b7bb6cf677a
SHA256: f12d10c72a5145bf4e41fc671db19c50a422e24af1b9b12457ec9de16e133bcd
SHA512: 5a5174922cf55f44d1b72460ff994a1b1557ae7f3c9a8baa537e8a2815405692 7ee976b0baf7a40dc80b37fb30b4916c40774b0860855f0f3e615431f27fd61d
PEiD..: Armadillo v1.71
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x445333 timedatestamp.....: 0x3641cad2 (Thu Nov 05 15:57:06 1998) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x57ca6 0x58000 6.46 5e9ddf077de8aaa82f8977eee5b59a6a .rdata 0x59000 0x75da 0x8000 4.39 1c84539724ecaa3ae0e7c767124cc7c1 .data 0x61000 0x63ac 0x3000 4.06 91aa6f75cabb300dee969c1d3775f276 .rsrc 0x68000 0x1628 0x2000 2.69 09c701a509fc941f63edc9e95a187c0c ( 9 imports ) > GSWDLL32.dll: -, - > KERNEL32.dll: TerminateProcess, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsA, LCMapStringA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringW, GetTimeZoneInformation, GlobalReAlloc, _lwrite, GlobalFree, _lread, _llseek, GlobalAlloc, LocalAlloc, GlobalHandle, lstrcatA, lstrcpyA, lstrlenA, MulDiv, _lclose, OpenFile, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcAddress, LoadLibraryA, _hread, _hwrite, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetProfileStringA, LocalHandle, GetCurrentThreadId, CreateMutexA, GetVersion, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, SetLastError, GetLastError, lstrcpynA, GetModuleHandleA, DuplicateHandle, GetCurrentProcess, CreateFileA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DeleteFileA, FindClose, FindFirstFileA, GetVolumeInformationA, GetFullPathNameA, GlobalUnlock, lstrcmpiA, GetModuleFileNameA, LocalFree, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, lstrcmpA, GlobalFlags, GetFileAttributesA, GetFileSize, GetFileTime, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetProcessVersion, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, HeapSize, HeapReAlloc, GetACP, GlobalLock > USER32.dll: GetPropA, CallNextHookEx, SetWindowsHookExA, GetKeyState, CallWindowProcA, SetPropA, WinHelpA, GetCapture, GetTopWindow, GetMenu, GetClassInfoA, GetMessageTime, CopyRect, AdjustWindowRectEx, MapWindowPoints, GetSysColorBrush, DestroyMenu, GetMessagePos, IsIconic, GetWindowPlacement, SetWindowPos, GetDlgItem, GetWindow, GetDlgCtrlID, GetClassNameA, GetLastActivePopup, IsWindowEnabled, EnableWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, GetFocus, GetParent, GetNextDlgTabItem, UnregisterClassA, UnhookWindowsHookEx, CharUpperA, GrayStringA, SystemParametersInfoA, DrawTextA, ClientToScreen, LoadMenuA, GetSubMenu, SetMenuDefaultItem, SetForegroundWindow, TrackPopupMenu, SendMessageA, DialogBoxParamA, PostQuitMessage, GetProcessWindowStation, GetThreadDesktop, GetUserObjectInformationA, SetRectEmpty, ReleaseDC, IsDialogMessageA, CreateDialogParamA, GetDC, GetWindowTextA, GetCursorPos, WindowFromPoint, GetWindowRect, PtInRect, MessageBoxA, LoadIconA, LoadCursorA, RegisterClassA, RegisterWindowMessageA, EnableMenuItem, GetMessageA, TranslateMessage, DispatchMessageA, GetSysColor, PostThreadMessageA, SetRect, CreateWindowExA, ShowWindow, UpdateWindow, DestroyWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EnumClipboardFormats, GetClipboardData, CloseClipboard, InvalidateRect, MessageBeep, ScrollWindow, SetScrollPos, GetUpdateRect, ValidateRect, SetFocus, SetCursor, BeginPaint, EndPaint, SetScrollRange, GetClassLongA, SetWindowLongA, GetClientRect, GetScrollRange, GetSystemMetrics, GetSystemMenu, GetMenuItemCount, GetMenuItemID, DeleteMenu, AppendMenuA, GetWindowLongA, RemovePropA, TabbedTextOutA, LoadStringA, DefWindowProcA, EndDialog, PostMessageA, SetDlgItemTextA, SetWindowTextA, IsWindow, GetForegroundWindow, MoveWindow, OffsetRect, PeekMessageA > GDI32.dll: CreateMetaFileA, ExtTextOutA, RectVisible, PtVisible, GetClipBox, ScaleWindowExtEx, ScaleViewportExtEx, OffsetViewportOrgEx, Escape, SelectClipRgn, SetWindowOrgEx, CreateRectRgn, CombineRgn, EndPage, StartPage, EndDoc, SetAbortProc, StartDocA, CreateDCA, PtInRegion, GetMetaFileBitsEx, CreateICA, CreatePolygonRgn, DeleteDC, CloseMetaFile, PlayMetaFile, GetViewportExtEx, CreateBitmap, SetBitmapDimensionEx, SetMetaFileBitsEx, SetMapMode, GetViewportOrgEx, SetWindowExtEx, SetViewportExtEx, SetViewportOrgEx, LPtoDP, DPtoLP, SaveDC, StretchDIBits, RestoreDC, EnumMetaFile, DeleteMetaFile, GetWindowExtEx, BitBlt, PlayMetaFileRecord, GetDeviceCaps, SetBkColor, SetROP2, FloodFill, Pie, Arc, MoveToEx, LineTo, GetTextExtentPointA, GetTextMetricsA, CreateFontIndirectA, CreateSolidBrush, CreateHatchBrush, CreateCompatibleBitmap, PatBlt, CreateDIBPatternBrush, CreatePen, DeleteObject, IntersectClipRect, Rectangle, Ellipse, SetTextAlign, SetBkMode, SetTextColor, SelectObject, TextOutA, SetPolyFillMode, Polyline, Polygon, GetPaletteEntries, CreatePalette, GetStockObject, GetObjectA, CreateCompatibleDC, SelectPalette, RealizePalette, GetDIBits > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > ADVAPI32.dll: InitializeSecurityDescriptor, SetSecurityDescriptorDacl > SHELL32.dll: Shell_NotifyIconA > COMCTL32.dll: - ( 4 exports ) DrawingWndProc, PrintAbortProc, PrintDialogProc, ServerWndProc 

le fichier gsw32.exe est bien dans le ZIP sur le bureau

par **Asaracino** » 24 Juin 2008 14:40

voila le rapport

Fichier gsw32.exe reçu le 2008.06.24 15:29:37 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.23 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5323 2008.06.23 -
Microsoft None 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.23 -
Panda 9.0.0.4 2008.06.23 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 423016 bytes
MD5...: f60f75945d616754838b1f3f6ffd9d51
SHA1..: 217881890f788c42dd7e27ac71cc4b7bb6cf677a
SHA256: f12d10c72a5145bf4e41fc671db19c50a422e24af1b9b12457ec9de16e133bcd
SHA512: 5a5174922cf55f44d1b72460ff994a1b1557ae7f3c9a8baa537e8a2815405692 7ee976b0baf7a40dc80b37fb30b4916c40774b0860855f0f3e615431f27fd61d
PEiD..: Armadillo v1.71
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x445333 timedatestamp.....: 0x3641cad2 (Thu Nov 05 15:57:06 1998) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x57ca6 0x58000 6.46 5e9ddf077de8aaa82f8977eee5b59a6a .rdata 0x59000 0x75da 0x8000 4.39 1c84539724ecaa3ae0e7c767124cc7c1 .data 0x61000 0x63ac 0x3000 4.06 91aa6f75cabb300dee969c1d3775f276 .rsrc 0x68000 0x1628 0x2000 2.69 09c701a509fc941f63edc9e95a187c0c ( 9 imports ) > GSWDLL32.dll: -, - > KERNEL32.dll: TerminateProcess, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsA, LCMapStringA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringW, GetTimeZoneInformation, GlobalReAlloc, _lwrite, GlobalFree, _lread, _llseek, GlobalAlloc, LocalAlloc, GlobalHandle, lstrcatA, lstrcpyA, lstrlenA, MulDiv, _lclose, OpenFile, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcAddress, LoadLibraryA, _hread, _hwrite, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetProfileStringA, LocalHandle, GetCurrentThreadId, CreateMutexA, GetVersion, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, SetLastError, GetLastError, lstrcpynA, GetModuleHandleA, DuplicateHandle, GetCurrentProcess, CreateFileA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DeleteFileA, FindClose, FindFirstFileA, GetVolumeInformationA, GetFullPathNameA, GlobalUnlock, lstrcmpiA, GetModuleFileNameA, LocalFree, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, lstrcmpA, GlobalFlags, GetFileAttributesA, GetFileSize, GetFileTime, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetProcessVersion, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, HeapSize, HeapReAlloc, GetACP, GlobalLock > USER32.dll: GetPropA, CallNextHookEx, SetWindowsHookExA, GetKeyState, CallWindowProcA, SetPropA, WinHelpA, GetCapture, GetTopWindow, GetMenu, GetClassInfoA, GetMessageTime, CopyRect, AdjustWindowRectEx, MapWindowPoints, GetSysColorBrush, DestroyMenu, GetMessagePos, IsIconic, GetWindowPlacement, SetWindowPos, GetDlgItem, GetWindow, GetDlgCtrlID, GetClassNameA, GetLastActivePopup, IsWindowEnabled, EnableWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, GetFocus, GetParent, GetNextDlgTabItem, UnregisterClassA, UnhookWindowsHookEx, CharUpperA, GrayStringA, SystemParametersInfoA, DrawTextA, ClientToScreen, LoadMenuA, GetSubMenu, SetMenuDefaultItem, SetForegroundWindow, TrackPopupMenu, SendMessageA, DialogBoxParamA, PostQuitMessage, GetProcessWindowStation, GetThreadDesktop, GetUserObjectInformationA, SetRectEmpty, ReleaseDC, IsDialogMessageA, CreateDialogParamA, GetDC, GetWindowTextA, GetCursorPos, WindowFromPoint, GetWindowRect, PtInRect, MessageBoxA, LoadIconA, LoadCursorA, RegisterClassA, RegisterWindowMessageA, EnableMenuItem, GetMessageA, TranslateMessage, DispatchMessageA, GetSysColor, PostThreadMessageA, SetRect, CreateWindowExA, ShowWindow, UpdateWindow, DestroyWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EnumClipboardFormats, GetClipboardData, CloseClipboard, InvalidateRect, MessageBeep, ScrollWindow, SetScrollPos, GetUpdateRect, ValidateRect, SetFocus, SetCursor, BeginPaint, EndPaint, SetScrollRange, GetClassLongA, SetWindowLongA, GetClientRect, GetScrollRange, GetSystemMetrics, GetSystemMenu, GetMenuItemCount, GetMenuItemID, DeleteMenu, AppendMenuA, GetWindowLongA, RemovePropA, TabbedTextOutA, LoadStringA, DefWindowProcA, EndDialog, PostMessageA, SetDlgItemTextA, SetWindowTextA, IsWindow, GetForegroundWindow, MoveWindow, OffsetRect, PeekMessageA > GDI32.dll: CreateMetaFileA, ExtTextOutA, RectVisible, PtVisible, GetClipBox, ScaleWindowExtEx, ScaleViewportExtEx, OffsetViewportOrgEx, Escape, SelectClipRgn, SetWindowOrgEx, CreateRectRgn, CombineRgn, EndPage, StartPage, EndDoc, SetAbortProc, StartDocA, CreateDCA, PtInRegion, GetMetaFileBitsEx, CreateICA, CreatePolygonRgn, DeleteDC, CloseMetaFile, PlayMetaFile, GetViewportExtEx, CreateBitmap, SetBitmapDimensionEx, SetMetaFileBitsEx, SetMapMode, GetViewportOrgEx, SetWindowExtEx, SetViewportExtEx, SetViewportOrgEx, LPtoDP, DPtoLP, SaveDC, StretchDIBits, RestoreDC, EnumMetaFile, DeleteMetaFile, GetWindowExtEx, BitBlt, PlayMetaFileRecord, GetDeviceCaps, SetBkColor, SetROP2, FloodFill, Pie, Arc, MoveToEx, LineTo, GetTextExtentPointA, GetTextMetricsA, CreateFontIndirectA, CreateSolidBrush, CreateHatchBrush, CreateCompatibleBitmap, PatBlt, CreateDIBPatternBrush, CreatePen, DeleteObject, IntersectClipRect, Rectangle, Ellipse, SetTextAlign, SetBkMode, SetTextColor, SelectObject, TextOutA, SetPolyFillMode, Polyline, Polygon, GetPaletteEntries, CreatePalette, GetStockObject, GetObjectA, CreateCompatibleDC, SelectPalette, RealizePalette, GetDIBits > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > ADVAPI32.dll: InitializeSecurityDescriptor, SetSecurityDescriptorDacl > SHELL32.dll: Shell_NotifyIconA > COMCTL32.dll: - ( 4 exports ) DrawingWndProc, PrintAbortProc, PrintDialogProc, ServerWndProc 

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.23 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5323 2008.06.23 -
Microsoft None 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.23 -
Panda 9.0.0.4 2008.06.23 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 423016 bytes
MD5...: f60f75945d616754838b1f3f6ffd9d51
SHA1..: 217881890f788c42dd7e27ac71cc4b7bb6cf677a
SHA256: f12d10c72a5145bf4e41fc671db19c50a422e24af1b9b12457ec9de16e133bcd
SHA512: 5a5174922cf55f44d1b72460ff994a1b1557ae7f3c9a8baa537e8a2815405692 7ee976b0baf7a40dc80b37fb30b4916c40774b0860855f0f3e615431f27fd61d
PEiD..: Armadillo v1.71
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x445333 timedatestamp.....: 0x3641cad2 (Thu Nov 05 15:57:06 1998) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x57ca6 0x58000 6.46 5e9ddf077de8aaa82f8977eee5b59a6a .rdata 0x59000 0x75da 0x8000 4.39 1c84539724ecaa3ae0e7c767124cc7c1 .data 0x61000 0x63ac 0x3000 4.06 91aa6f75cabb300dee969c1d3775f276 .rsrc 0x68000 0x1628 0x2000 2.69 09c701a509fc941f63edc9e95a187c0c ( 9 imports ) > GSWDLL32.dll: -, - > KERNEL32.dll: TerminateProcess, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsA, LCMapStringA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringW, GetTimeZoneInformation, GlobalReAlloc, _lwrite, GlobalFree, _lread, _llseek, GlobalAlloc, LocalAlloc, GlobalHandle, lstrcatA, lstrcpyA, lstrlenA, MulDiv, _lclose, OpenFile, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcAddress, LoadLibraryA, _hread, _hwrite, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetProfileStringA, LocalHandle, GetCurrentThreadId, CreateMutexA, GetVersion, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, SetLastError, GetLastError, lstrcpynA, GetModuleHandleA, DuplicateHandle, GetCurrentProcess, CreateFileA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, DeleteFileA, FindClose, FindFirstFileA, GetVolumeInformationA, GetFullPathNameA, GlobalUnlock, lstrcmpiA, GetModuleFileNameA, LocalFree, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, TlsGetValue, lstrcmpA, GlobalFlags, GetFileAttributesA, GetFileSize, GetFileTime, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, GetProcessVersion, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, HeapSize, HeapReAlloc, GetACP, GlobalLock > USER32.dll: GetPropA, CallNextHookEx, SetWindowsHookExA, GetKeyState, CallWindowProcA, SetPropA, WinHelpA, GetCapture, GetTopWindow, GetMenu, GetClassInfoA, GetMessageTime, CopyRect, AdjustWindowRectEx, MapWindowPoints, GetSysColorBrush, DestroyMenu, GetMessagePos, IsIconic, GetWindowPlacement, SetWindowPos, GetDlgItem, GetWindow, GetDlgCtrlID, GetClassNameA, GetLastActivePopup, IsWindowEnabled, EnableWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, GetFocus, GetParent, GetNextDlgTabItem, UnregisterClassA, UnhookWindowsHookEx, CharUpperA, GrayStringA, SystemParametersInfoA, DrawTextA, ClientToScreen, LoadMenuA, GetSubMenu, SetMenuDefaultItem, SetForegroundWindow, TrackPopupMenu, SendMessageA, DialogBoxParamA, PostQuitMessage, GetProcessWindowStation, GetThreadDesktop, GetUserObjectInformationA, SetRectEmpty, ReleaseDC, IsDialogMessageA, CreateDialogParamA, GetDC, GetWindowTextA, GetCursorPos, WindowFromPoint, GetWindowRect, PtInRect, MessageBoxA, LoadIconA, LoadCursorA, RegisterClassA, RegisterWindowMessageA, EnableMenuItem, GetMessageA, TranslateMessage, DispatchMessageA, GetSysColor, PostThreadMessageA, SetRect, CreateWindowExA, ShowWindow, UpdateWindow, DestroyWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EnumClipboardFormats, GetClipboardData, CloseClipboard, InvalidateRect, MessageBeep, ScrollWindow, SetScrollPos, GetUpdateRect, ValidateRect, SetFocus, SetCursor, BeginPaint, EndPaint, SetScrollRange, GetClassLongA, SetWindowLongA, GetClientRect, GetScrollRange, GetSystemMetrics, GetSystemMenu, GetMenuItemCount, GetMenuItemID, DeleteMenu, AppendMenuA, GetWindowLongA, RemovePropA, TabbedTextOutA, LoadStringA, DefWindowProcA, EndDialog, PostMessageA, SetDlgItemTextA, SetWindowTextA, IsWindow, GetForegroundWindow, MoveWindow, OffsetRect, PeekMessageA > GDI32.dll: CreateMetaFileA, ExtTextOutA, RectVisible, PtVisible, GetClipBox, ScaleWindowExtEx, ScaleViewportExtEx, OffsetViewportOrgEx, Escape, SelectClipRgn, SetWindowOrgEx, CreateRectRgn, CombineRgn, EndPage, StartPage, EndDoc, SetAbortProc, StartDocA, CreateDCA, PtInRegion, GetMetaFileBitsEx, CreateICA, CreatePolygonRgn, DeleteDC, CloseMetaFile, PlayMetaFile, GetViewportExtEx, CreateBitmap, SetBitmapDimensionEx, SetMetaFileBitsEx, SetMapMode, GetViewportOrgEx, SetWindowExtEx, SetViewportExtEx, SetViewportOrgEx, LPtoDP, DPtoLP, SaveDC, StretchDIBits, RestoreDC, EnumMetaFile, DeleteMetaFile, GetWindowExtEx, BitBlt, PlayMetaFileRecord, GetDeviceCaps, SetBkColor, SetROP2, FloodFill, Pie, Arc, MoveToEx, LineTo, GetTextExtentPointA, GetTextMetricsA, CreateFontIndirectA, CreateSolidBrush, CreateHatchBrush, CreateCompatibleBitmap, PatBlt, CreateDIBPatternBrush, CreatePen, DeleteObject, IntersectClipRect, Rectangle, Ellipse, SetTextAlign, SetBkMode, SetTextColor, SelectObject, TextOutA, SetPolyFillMode, Polyline, Polygon, GetPaletteEntries, CreatePalette, GetStockObject, GetObjectA, CreateCompatibleDC, SelectPalette, RealizePalette, GetDIBits > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > ADVAPI32.dll: InitializeSecurityDescriptor, SetSecurityDescriptorDacl > SHELL32.dll: Shell_NotifyIconA > COMCTL32.dll: - ( 4 exports ) DrawingWndProc, PrintAbortProc, PrintDialogProc, ServerWndProc 

le fichier gsw32.exe est bien ds la ZIP sur le bureau

par **Falkra** » 24 Juin 2008 14:47

Ok, super !

On va envoyer ce ZIP au développer de l'outil, Il-Mafioso, pour analyse complémentaire (aucune donnée privée n'est collectée).

Rends toi sur ce site :
http://www.bleepingcomputer.com/submit- ... channel=35

A droite de Link to topic where this file was requested: copie-colle cette adresse :

http://www.libellules.ch/phpBB2/warning-spyware-detected-on-your-computer-t28719.html#p180035

Clique sur le bouton "Parcourir", à droite de Browse to the file you want to submit: et désigne lui le Zip qui contient le fichier en question.

Dans Leave any comments, further information about this file, or contact information: tu peux marquer ceci :

Possible FP de GenericNaviSearch sur c:\window\system32\gsw32.exe
Falkra

Confirme moi que ça a fonctionné, après ça.

par **Asaracino** » 24 Juin 2008 15:34

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

C OK!!

On doit attendre maintenant?

par **Falkra** » 24 Juin 2008 15:39

Super, merci ! :supers:

On va attendre un petit peu, je pense que ce n'est pas forcément infectieux. Si c'est vrai, il ne faudrait pas effacer le fichier.
J'ai prévenu directement Il-Mafioso, en parallèle. Ce ne sera pas long.

Le gros de l'infection est déjà HS.

par **Falkra** » 24 Juin 2008 15:50

Il-Mafioso (quelle rapidité) a le fichier et va regarder.
Pendant ce temps, on va faire un test plus en profondeur.

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

ferme toutes les applications et fenêtres
double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
- tu devras cliquer 2 fois sur le OK des boîtes de dialogue
 Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
- quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
 main.txt <- ouvert en premier plan et en plein écran
 extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
- tu n'auras pas de boîte de dialogue (pas de OK)
- quand le traitement est terminé, un fichier texte s'affiche :
 main.txt <- ouvert en premier plan et en plein écran
copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
Copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

crée un point de restauration dans Windows XP et Vista
nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

par **Asaracino** » 24 Juin 2008 16:34

voici MAIN.TXT:

Deckard's System Scanner v20071014.68
Run by Antonys on 2008-06-24 17:24:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
5: 2008-06-24 15:24:46 UTC - RP190 - Deckard's System Scanner Restore Point
4: 2008-06-24 09:58:23 UTC - RP189 - ComboFix created restore point
3: 2008-06-24 08:09:05 UTC - RP188 - Printer Driver Microsoft Office Document Image Writer Installed
2: 2008-06-18 07:12:38 UTC - RP187 - ComboFix created restore point
1: 2008-06-17 09:42:36 UTC - RP186 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Antonys.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\QAS\WORLDP~1\ProWeb5.17\QASWVDN.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\TGJSERVER\bin\windows\wrapper.exe
C:\TGJSERVER\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\antonys\Desktop\dss.exe
C:\DOCUME~1\antonys\Desktop\Antonys.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qas.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROXY:8080
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=LANDESK2:5007 /S=LANDESK2 /I=HTTP://LANDESK2/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [Reg2Reg2] C:\Program Files\LANDesk\LDClient\REG2REG2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: QuickAddress Pro (2).lnk = C:\Program Files\qas\QuickAddress Pro\KEEPPRO.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://qas-intranet/
O15 - Trusted Zone: http://*.aussblweb1 (HKLM)
O15 - Trusted Zone: http://*.bossblweb1 (HKLM)
O15 - Trusted Zone: http://*.gwhsblweb1 (HKLM)
O15 - Trusted Zone: http://*.gwhweb (HKLM)
O15 - Trusted Zone: http://*.otsblweb1 (HKLM)
O15 - Trusted Zone: http://*.sfosblweb1 (HKLM)
O16 - DPF: {819647C8-39C0-4C59-811C-928277815701} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://gwhsblweb1/sales_enu/19221/apple ... d_mail.cab
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://gwhsblweb1/sales_enu/19221/apple ... ration.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://gwhsblweb1/sales_enu/19221/apple ... Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qas.webex.com/client/T25L/support/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qas.com
O17 - HKLM\Software\..\Telephony: DomainName = qas.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qas.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: ProWeb - QAS Ltd - D:\QAS\WORLDP~1\ProWeb5.17\QASWVDN.EXE
O23 - Service: QuickAddress Pro Web ActiveX Adaptor 4.02 (QAPWWActiveX 4.02) - QAS Ltd. - D:\QAS\ids\proweb4.03\QAPWWSV.EXE
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - Unknown owner - C:\Program Files\LANDesk\LDClient\softmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Test Wrapper Sample Application (testwrapper) - Unknown owner - C:\TGJSERVER\bin\windows\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9214 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\antonys\Desktop\backups\) -------------

backup-20080624-141647-785 O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsyq.exe] C:\WINDOWS\system32\kdsyq.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>

S0 Iqy86 - c:\windows\system32\drivers\iqy86.sys (file missing)
S0 Sai18 - c:\windows\system32\drivers\sai18.sys (file missing)
S1 easdrv - c:\windows\system32\drivers\easdrv.sys (file missing)
S1 epfwtdir - c:\windows\system32\drivers\epfwtdir.sys (file missing)
S1 kbd - c:\windows\system32\drivers\kbd.sys (file missing)
S2 eamon - c:\windows\system32\drivers\eamon.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CBA8 (LANDesk(R) Management Agent) - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk(R) Management Agent>
R2 Intel Local Scheduler Service - "c:\program files\landesk\ldclient\localsch.exe" <Not Verified; LANDesk Software Ltd.; LANDesk® Management Suite>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; LANDesk Software Ltd.; Intel Common Base Agent>
R2 Intel Targeted Multicast (LANDesk Targeted Multicast) - c:\program files\landesk\ldclient\tmcsvc.exe <Not Verified; LANDesk Software Ltd.; LANDesk® Management Suite>
R2 ISSUSER (LANDesk Remote Control Service) - c:\progra~1\landesk\ldclient\issuser.exe /service <Not Verified; LANDesk Software, Ltd.; LANDesk System Server Manager>
R2 ProWeb - d:\qas\worldp~1\proweb5.17\qaswvdn.exe <Not Verified; QAS Ltd; QuickAddress Pro Server>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>
R2 testwrapper (Test Wrapper Sample Application) - c:\tgjserver\bin\windows\wrapper.exe -s c:\tgjserver\\conf\wrapper.conf

S2 Softmon (LANDesk(R) Software Monitoring Service) - "c:\program files\landesk\ldclient\softmon.exe" (file missing)
S2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; desktop>
S3 QAPWWActiveX 4.02 (QuickAddress Pro Web ActiveX Adaptor 4.02) - d:\qas\ids\proweb4.03\qapwwsv.exe <Not Verified; QAS Ltd.; QuickAddress Pro for the Web>
S3 wampapache - "c:\wamp\apache2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
S3 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service <Not Verified; Constantin Kaplinsky; TightVNC Win32 Server>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}
Description: Bluetooth Bus Enumerator
Device ID: ROOT\BTW\0000
Manufacturer: WIDCOMM
Name: Bluetooth Bus Enumerator
PNP Device ID: ROOT\BTW\0000
Service: btkrnl

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 14:17:56 0 d-------- C:\Program Files\Navilog1
2008-06-24 11:58:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-24 11:58:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-24 11:58:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-24 11:58:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-24 11:58:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-24 11:58:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-24 11:58:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-24 11:58:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-17 18:24:58 0 d-------- C:\WINDOWS\ERUNT
2008-06-17 10:13:18 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-17 10:13:18 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-17 10:12:24 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-17 10:12:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-16 19:58:04 224768 --a------ C:\WINDOWS\system32\dsquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 19:56:15 294944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-16 19:56:15 1293856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-16 19:55:50 0 d-------- C:\Documents and Settings\Default User\Local Settings
2008-06-16 18:46:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-16 18:12:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-16 16:33:47 0 d-------- C:\Program Files\Lavasoft
2008-06-16 16:33:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 15:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 14:15:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:31:05 0 d-------- C:\WINDOWS\htmCache
2008-06-03 19:16:18 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2008-06-03 19:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-06-03 17:50:13 0 d-------- C:\Documents and Settings\antonys\Application Data\vlc
2008-06-03 17:49:20 0 d-------- C:\Program Files\VideoLAN

-- Find3M Report ---------------------------------------------------------------

2008-06-24 10:08:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:34:15 2927 --a------ C:\Program Files\qabwv010.ssn
2008-06-18 10:40:49 1232896 --a------ C:\Program Files\qabwv010.idb
2008-06-17 10:28:31 504320 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 14:15:36 0 d-------- C:\Program Files\Common Files
2008-06-11 09:07:37 0 d-------- C:\Documents and Settings\antonys\Application Data\AdobeUM
2008-06-05 13:53:18 0 d-------- C:\Documents and Settings\antonys\Application Data\Adobe
2008-05-22 11:15:59 2727 --a------ C:\Program Files\qabwv009.ssn
2008-05-19 13:04:06 2213888 --a------ C:\Program Files\qabwv009.idb
2008-04-24 11:19:17 0 d-------- C:\Documents and Settings\antonys\Application Data\Macromedia
2008-04-24 11:18:27 0 d-------- C:\Program Files\Experian Ltd
2008-04-24 09:36:58 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56]
"IntelAPMClient"="C:\Program Files\LANDesk\LDClient\amclient.exe" [2005-08-30 08:05]
"LANDeskInventoryClient"="C:\Program Files\LANDesk\LDClient\LDIScn32.exe" [2005-11-18 16:54]
"LANDeskVulscanClient"="C:\Program Files\LANDesk\LDClient\vulScan.exe" [2006-01-06 02:00]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2005-08-30 07:55]
"Reg2Reg2"="C:\Program Files\LANDesk\LDClient\REG2REG2.EXE" [2005-12-12 09:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-17 16:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-11 22:47]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2005-07-06 13:26:01]
QuickAddress Pro (2).lnk - C:\Program Files\qas\QuickAddress Pro\KEEPPRO.exe [2008-04-14 15:22:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"Intellimenus"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoAutoUpdate"=0 (0x0)
"NoStartMenuEjectPC"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoAutoTrayNotify"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=\\qas.com\SYSVOL\qas.com\scripts\shutdown_par.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\qas\sysvol\qas.com\scripts\startup_par.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-16607\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-24255\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_lon_main.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-25650\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Coordialis 2.0 PADI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Coordialis 2.0 PADI.lnk
backup=C:\WINDOWS\pss\Coordialis 2.0 PADI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
"C:\Program Files\DialMessenger\dialmessenger.exe" -background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d74ba08-3d11-11dd-9f3d-545543445200}]
AutoRun\command- jfvkcsy.bat
explore\Command- jfvkcsy.bat
open\Command- jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7beab8d5-8217-11dc-9ec9-00166f7929a7}]
AutoRun\command- F:\FRA_GUI.exe

*Newly Created Service* - CATCHME

-- End of Deckard's System Scanner: finished at 2008-06-24 17:29:03 ------------

et voici EXTRA.TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1015.36 MiB / 601.21 MiB
Pagefile Memory (total/avail): 1686.35 MiB / 1397.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.45 MiB

C: is Fixed (NTFS) - 15 GiB total, 5.22 GiB free.
D: is Fixed (NTFS) - 40.88 GiB total, 31.23 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)
H: is Network (Unformatted)
Q: is Network (Unformatted)
U: is Network (*NT5CSC)
V: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD600VE-00KWT0 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 15 GiB - C:
\PARTITION1 - Installable File System - 40.88 GiB - D:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 960.98 MiB - F:

-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus v8.0.0.357 (Kaspersky Lab) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="C:\\Program Files\\LANDesk\\LDClient\\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\\WINDOWS\\system32\\CBA\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe"="C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe:*:enabled:Remote Control Agent"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk(R) Management Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\CBA\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk(R) Management Agent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\antonys\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANTONYSXP
COMPUTERTYPE=UNKNOWN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\paris1\home\Antonys
LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
LOGONSERVER=\\PARIS1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=d:\temp
TMP=d:\temp
USERDNSDOMAIN=QAS.COM
USERDOMAIN=QAS
USERNAME=Antonys
USERPROFILE=C:\Documents and Settings\antonys
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Administrator (new local, admin)
Owen (admin)
Christophepa
richardo (admin)
jamesc.QAS (new local, admin)
antonys (admin)
jamescadmin (new local, admin)
syspreptest (new local, admin, net ready)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Batch System Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9FD79D-DE72-4AA0-B45C-17A3A09A1FD3}\Setup.exe" -l0x9
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom NetXtreme Ethernet Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
DVD X Player 4.1 Standard --> "C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard\unins000.exe"
Guide Mosaic interactif --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Experian Ltd.\Guide Mosaic interactif\Uninst.isu"
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java 2 Runtime Environment, SE v1.4.2_12 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LANDesk Advance Agent --> MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
Microsoft ActiveSync 3.5 --> "C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Firewall Client --> MsiExec.exe /I{8C7A59A8-9ABE-459A-9A93-08C281A4A264}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SOAP Toolkit 3.0 --> MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
Mozilla Firefox (1.5.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.6 (en-US)"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Navilog1 3.5.8 --> "C:\Program Files\Navilog1\unins000.exe"
OrgPublisher PluginX 5 --> \UNWISE.EXE \INSTALL.LOG
QAS Network Information --> "C:\Documents and Settings\UNINSTAL.EXE" "C:\Documents and Settings\INSTALL.LOG" "QAS Network Information Uninstall"
QAS Screensaver --> C:\WINDOWS\system32\QASSCR~1.SCR /UNINSTALL "C:\WINDOWS\system32\QAS Screensaver.log"
QAS Siebel - Q4 Update --> "C:\Program Files\Untitled\UNINSTAL.EXE" "C:\Program Files\Untitled\INSTALL.LOG" "QAS Siebel - Q4 Update Uninstall"
QASFont --> "C:\Program Files\Untitled\UNINSTAL.EXE" "C:\Program Files\Untitled\INSTALL.LOG" "QASFont Uninstall"
QuickAddress Batch 4.35 --> C:\WINDOWS\IsUn040c.exe -fD:\Qas\Worldproduct\Batch4.35\Qbwmainn.isu
QuickAddress Pro 4.35 --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Qas\QuickAddress Pro\Qaprown.isu"
SecuRemote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCF2FC0-8268-11D4-A313-0006290D766E}\setup.exe" ADD_REMOVE
Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
Siebel 2000 for QAS --> "c:\sea\client\UNINSTAL.EXE" "c:\sea\client\INSTALL.LOG" "Siebel 2000 for QAS Uninstall"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WAMP5 1.7.3 --> c:\wamp\unins000.exe
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip_Companion --> MsiExec.exe /I{479C6BC5-4FA1-4CDF-991D-1E40E3E2D7A1}

-- Application Event Log -------------------------------------------------------

Event Record #/Type1819 / Error
Event Submitted/Written: 06/24/2008 00:11:01 PM
Event ID/Source: 25 / Inventory Scanner
Event Description:
LDIScn32: Failed to resolve the Host Name.

Event Record #/Type1818 / Error
Event Submitted/Written: 06/24/2008 00:08:56 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type1817 / Error
Event Submitted/Written: 06/24/2008 00:08:49 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script \\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat. No network provider accepted the given network path.
.

Event Record #/Type1816 / Error
Event Submitted/Written: 06/24/2008 00:08:45 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type1814 / Error
Event Submitted/Written: 06/24/2008 00:08:16 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script \\qas\sysvol\qas.com\scripts\startup_par.bat. No network provider accepted the given network path.
.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type22388 / Error
Event Submitted/Written: 06/24/2008 05:23:54 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type22387 / Error
Event Submitted/Written: 06/24/2008 05:18:12 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type22386 / Error
Event Submitted/Written: 06/24/2008 05:12:25 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type22385 / Error
Event Submitted/Written: 06/24/2008 05:06:27 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type22384 / Error
Event Submitted/Written: 06/24/2008 05:00:15 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

-- End of Deckard's System Scanner: finished at 2008-06-24 17:29:03 ------------

comment puis-je savoir si je dois réactiver les protections si elles ont été stoppées?

Merci d'avance

par **Falkra** » 24 Juin 2008 16:43

Je dois retirer d'autres choses, dans la base de registre.

Qas.com et les scripts batch de connexion automatique (réseau), c'est toi qui les a mis en place ?

par **Asaracino** » 24 Juin 2008 16:50

Ce sont mes applications produits , je m'en sers pour mes demos!

par **Falkra** » 24 Juin 2008 16:57

Ok impec, c'est donc légitime, parfait ça.

Je voudrais vérifier un petit fichier :

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Parcours tes dossiers jusque à ce fichier, si tu le trouves :

zip.exe

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Pour le reste, si tu sais effacer à la main une clé de registre, il faudrait shooter ça :

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d74ba08-3d11-11dd-9f3d-545543445200}]

Je te le fais en automatique si besoin. :D

par **Asaracino** » 24 Juin 2008 17:02

Le problème c'est que je n'arrive pas à me connecter à Internet! Je suis depuis le début en simultané sur 2 pc et je transfert les logiciel sur clé usb!

Comment puis je faire?

par **Falkra** » 24 Juin 2008 17:04

Il se peut que ComboFix (si c'est récent) endommage ta connexion Internet: si tu ne peux plus te connecter après le scan de cet outil, redémarre ton PC. Si cela s'avère insuffisant, suis cette méthode:

Clique sur le bouton Démarrer.
Clique sur l'option de menu Paramètres.
Clique sur l'option Panneau de configuration.
Après l'ouverture du Panneau de configuration, fais un double clic sur l'icône Connexions réseau. Si ton Panneau de configuration est paramétré pour un affichage en catégories, fais un double clic sur Connexions réseau et Internet puis clique sur Connexions réseau tout en bas.
Tu verras alors une liste de toutes les connexions réseau disponibles. Repère la connexion Réseau local (ou Sans fil si tu es en Wifi) et fais un clic droit dessus.
Tu verras alors un menu similaire à celui de l'image ci-dessous. Clique simplement sur l'option de menu Réparer.

A essayer, sinon, les messages d'erreur disent que ta machine ne reçoit rien du DHCP, il faudrait vérifier tes paramètres réseau de ce côté, et l'état du service windows DHCP, éventuellement.

par **Asaracino** » 24 Juin 2008 17:59

après le scan de combofix, l'ordinateur a mis près de 20 min à se relancer, depuis il est super lent.

J'ai tt de même attendu et malheureusement pas de connexion.

J'ai également essayé ta méthode pour réparer la connexion locale mais il m'a mis :"Windows could not finish reparairing the pro...Clearing the DNS Cache..."

Je suis actuellement en safe mode with Networks et ca fonctionne.

Que puis-je faire?

par **Asaracino** » 24 Juin 2008 18:06

De plus, qd j'essaie de lancer OUTLOOK k'ai ce message d'erreur:

"The Add-in: C:\PROGRAM~1\ESET\ESETNO~1\EPLGOU~1.dll could not be installed or loaded. This problem may be resolved by using Detect and Repair in the Help Menu"

Qd j'essaie il me dit: "tne Windows Installer Service could not be accessed..."

Que dois-je faire?

par **Asaracino** » 24 Juin 2008 18:11

voilà l'analyse du fichier Zip.exe en safe mode:

Fichier zip.exe reçu le 2008.06.24 19:09:53 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.24 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 Virus in password protected archive
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.24 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5324 2008.06.24 -
Microsoft 1.3604 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.24 -
Panda 9.0.0.4 2008.06.24 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 68096 bytes
MD5...: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA1..: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
SHA256: 2e28e6e768d5f0c821d45209e702d01be0a9fb632d7fd83620bcb71cc9ae00f9
SHA512: 0bef7c3e2db4b8ff4b1e58443eb021eb880d69a152c8dd00738c6f3b764de9b5 1f7eeecb41bb89197ac6c6caecdd4ad258f85d3388a06c614e64889f656c9b2a
PEiD..: Video-Lan-Client
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4011d4 timedatestamp.....: 0x3b9eb208 (Wed Sep 12 00:53:28 2001) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xf094 0xf200 6.58 2c73e8b2736583c21113dbde4ebf2c65 .data 0x11000 0x4a0 0x600 2.51 b8306ff71836f68500a984f5072fd03f .bss 0x12000 0x4be30 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x5e000 0xcd8 0xe00 4.75 d8357d645ac26489e61253c24b4471b0 ( 4 imports ) > ADVAPI32.DLL: AdjustTokenPrivileges, GetKernelObjectSecurity, GetSecurityDescriptorLength, LookupPrivilegeValueA, OpenProcessToken > KERNEL32.dll: CloseHandle, CreateFileA, CreateMutexA, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetConsoleMode, GetCurrentProcess, GetDriveTypeA, GetFileAttributesA, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetProcessHeap, GetVersion, GetVolumeInformationA, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedExchange, LeaveCriticalSection, ReadFile, ReleaseMutex, SetConsoleMode, SetUnhandledExceptionFilter, WaitForSingleObject, lstrcmpiA, lstrcpynA, lstrlenA > msvcrt.dll: _chmod, _close, _fdopen, _fileno, _fstat, _isatty, _mktemp, _read, _rmdir, _setmode, _spawnlp, _stat, _strupr, _unlink, _utime > msvcrt.dll: __getmainargs, __isascii, __iscsym, __iscsymf, __p___mb_cur_max, __p__environ, __set_app_type, __toascii, _cexit, _errno, _fileno, _fmode, _fpreset, _get_osfhandle, _iob, _setmode, _sopen, _tzset, atexit, clearerr, exit, fclose, ferror, fflush, fgets, fopen, fprintf, fputs, fread, free, fseek, ftell, fwrite, getc, getenv, isalpha, isspace, localtime, malloc, mblen, memcpy, mktime, perror, printf, putc, putchar, puts, qsort, realloc, rename, setlocale, setvbuf, signal, sprintf, sscanf, strcat, strchr, strcmp, strcpy, strncmp, strncpy, strrchr, time ( 0 exports ) 

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.24 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 Virus in password protected archive
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.24 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5324 2008.06.24 -
Microsoft 1.3604 2008.06.24 -
NOD32v2 3213 2008.06.24 -
Norman 5.80.02 2008.06.24 -
Panda 9.0.0.4 2008.06.24 -
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 68096 bytes
MD5...: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA1..: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
SHA256: 2e28e6e768d5f0c821d45209e702d01be0a9fb632d7fd83620bcb71cc9ae00f9
SHA512: 0bef7c3e2db4b8ff4b1e58443eb021eb880d69a152c8dd00738c6f3b764de9b5 1f7eeecb41bb89197ac6c6caecdd4ad258f85d3388a06c614e64889f656c9b2a
PEiD..: Video-Lan-Client
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4011d4 timedatestamp.....: 0x3b9eb208 (Wed Sep 12 00:53:28 2001) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xf094 0xf200 6.58 2c73e8b2736583c21113dbde4ebf2c65 .data 0x11000 0x4a0 0x600 2.51 b8306ff71836f68500a984f5072fd03f .bss 0x12000 0x4be30 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x5e000 0xcd8 0xe00 4.75 d8357d645ac26489e61253c24b4471b0 ( 4 imports ) > ADVAPI32.DLL: AdjustTokenPrivileges, GetKernelObjectSecurity, GetSecurityDescriptorLength, LookupPrivilegeValueA, OpenProcessToken > KERNEL32.dll: CloseHandle, CreateFileA, CreateMutexA, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetConsoleMode, GetCurrentProcess, GetDriveTypeA, GetFileAttributesA, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetProcessHeap, GetVersion, GetVolumeInformationA, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedExchange, LeaveCriticalSection, ReadFile, ReleaseMutex, SetConsoleMode, SetUnhandledExceptionFilter, WaitForSingleObject, lstrcmpiA, lstrcpynA, lstrlenA > msvcrt.dll: _chmod, _close, _fdopen, _fileno, _fstat, _isatty, _mktemp, _read, _rmdir, _setmode, _spawnlp, _stat, _strupr, _unlink, _utime > msvcrt.dll: __getmainargs, __isascii, __iscsym, __iscsymf, __p___mb_cur_max, __p__environ, __set_app_type, __toascii, _cexit, _errno, _fileno, _fmode, _fpreset, _get_osfhandle, _iob, _setmode, _sopen, _tzset, atexit, clearerr, exit, fclose, ferror, fflush, fgets, fopen, fprintf, fputs, fread, free, fseek, ftell, fwrite, getc, getenv, isalpha, isspace, localtime, malloc, mblen, memcpy, mktime, perror, printf, putc, putchar, puts, qsort, realloc, rename, setlocale, setvbuf, signal, sprintf, sscanf, strcat, strchr, strcmp, strcpy, strncmp, strncpy, strrchr, time ( 0 exports )

par **Falkra** » 24 Juin 2008 22:05

Outlook réclame Eset (antivirus) qui n'est pas chargé en mode sans échec, jusque là, c'est logique.

On va essayer des réparations :

Télécharge Dial-a-fix-v0.60.0.24 => http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
Enregistre-le sur ton Bureau.
Décompresse le puis double-clique sur le dossier "Dial-a-fix" qui vient d'être créé puis sur le fichier "Dial-a-fix.exe".

Ca a cette tête là :

Ferme la fenêtre qui peut se charger à l'arrière plan avec les restrictions, celle là :

Clique sur le bouton avec un petit marteau, ça ouvre ça :

Sélectionne "Flush DNS" et clique sur le bouton Go, en bas à gauche.
Sélectionne "Reinstalle BITS" et clique sur le bouton Go, en bas à gauche.

Vois si ça va mieux. Je vérifie le premier rapport ComboFix.

par **Asaracino** » 25 Juin 2008 08:44

Non malheureusement ca ne marche pas mieux! Je ne comprends cela fonctionnait très bien, par contre mon outlook fonctionne

par **Falkra** » 25 Juin 2008 08:47

Mais là tu es en mode normal, maintenant ?

par **Asaracino** » 25 Juin 2008 08:48

oui, pourquoi?

par **Asaracino** » 25 Juin 2008 08:51

Est ce que si je pe essayer de relancer combofix ou pe etre de le désinstaller?

warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Re: warning spyware detected on your computer

Qui est en ligne