virus.win32.virus.n - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : virus.win32.virus.n
 
uluru51
Profil : IDNaute
Plus d'informations
n°306893
01-05-2008 à 00:36:14

bonjour a tous,

Aprés un an de voyage a l'étranger , je reviens super content de me reconnecter sur mon ordi.. je télécharge kaspersky histoire de remettre tous ca a la page ... et la surprise...
je me retrouve avec ce virus assez virulant .
j'ai essayer de comprendre en lisant des post mais j'avoue que je patoge un peu ...
pouvez vous me donner un coup de pousse?
Il ma deja bouffé pas mal de .exe et j'aimerais bien le suprimé !!!!
voici ce que m'indique HIJACKTHIS :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:30, on 01/05/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sylvain Lombart\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
C:\Documents and Settings\Sylvain Lombart\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
C:\Documents and Settings\Sylvain Lombart\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\System32\Winsxs\zage.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [WinMedia] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Uninstall59555.exe
O4 - HKCU\..\Run: [WinUpdate] "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Uninstall126471.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Sylvain Lombart\Application Data\Microsoft\Windows\cmrpyr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com [...] nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db0c [...] 601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5097226888
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/globa [...] OFILER.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

--
End of file - 6722 bytes



merci d'avance pour vos reponses.

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Eric_71
Profil : Helper
Plus d'informations
n°306895
01-05-2008 à 00:58:07

Hello ,

Bien infecté ..

Télécharge SDFix [:eric_71:14] < ici
Enregistre le sur ton Bureau

Double clique sur SDFix.exe ( le .exe peut ne pas apparaitre )
Choisis Install pour l'extraire sur ton Bureau
Redémarre en mode sans échec : >> Comment démarrer en mode Sans Echec <<
Double clic sur le dossier SDFix
puis double clique sur RunThis.bat ( le .bat peut ne pas apparaitre )
Appuie sur Y pour le lancer , laisse le s'éxécuter
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est possible que le redémarrage soit plus long que d'habitude
Une fois ton Bureau chargé ,il affichera Finished
Appuie sur une touche pour finir l'exécution et charger les icônes de ton Bureau

Un rapport est généré , Copie / colle le dans ta réponse

tu trouveras aussi ce rapport dans le dossier SDFix ( Report.txt )
et un nouveau rapport Hijackthis

uluru51
Profil : IDNaute
Plus d'informations
n°306925
01-05-2008 à 10:50:13

bonjour eric _71

j'ai eu bien du mal a pouvoir faire le check car une fenetre venais sans cesse : ntvdm doit fermer .......

mais voici le rapport


SDFix: Version 1.177
Run by Sylvain Lombart on 01/05/2008 at 10:17

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Sylvain Lombart\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Sylvain Lombart\Local Settings\Temp\ttsetup.tmp.exe - Deleted
C:\Program Files\CPV\CPV8.dll - Deleted
C:\Program Files\JavaCore\UnInstall.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\b152.exe - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\b156.exe - Deleted
C:\WINDOWS\b157.exe - Deleted



Folder C:\Program Files\CPV - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 10:34:58
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Sylvain Lombart\Local Settings\Temporary Internet Files\Content.IE5\CTOPMBGT\fr[1].: 33279 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Fichiers communs\\System\\MSASP32.exe"="C:\\Program Files\\Fichiers communs\\System\\MSASP32.exe:*:Enabled:Microsoft ASP"

Remaining Files :


File Backups: - C:\DOCUME~1\SYLVAI~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!







catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 10:34:58
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Sylvain Lombart\Local Settings\Temporary Internet Files\Content.IE5\CTOPMBGT\fr[1].: 33279 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

voici le nouveau rapport de hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:09, on 01/05/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\Winsxs\zage.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sylvain Lombart\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\System32\Winsxs\zage.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En&registrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com [...] nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db0c [...] 601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5097226888
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/globa [...] OFILER.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

--
End of file - 6315 bytes




merci beaucoup pour ton aide

Eric_71
Profil : Helper
Plus d'informations
n°306945
01-05-2008 à 11:33:43

Re ,

SDfix à fait un bon ménage :)

Clique sur le menu Demarrer / Panneau de configuration / Options des dossiers / puis dans l'onglet Affichage
- coche Afficher les fichiers et dossiers cachés
- decoche Masquer les extensions des fichiers dont le type est connu
- decoche Masquer les fichiers protégés du système d'exploitation ( recommandé )
clique sur Appliquer

--------------------------------------------------

Fais analyser le(s) fichier(s) ci dessous ici : Virustotal
Clique sur http://img85.imageshack.us/img85/442/080103185511dr2.jpg , choisis ( un par un si il y en à plusieurs ):

C:\WINDOWS\System32\Winsxs\zage.exe


Clique maintenant sur
http://img137.imageshack.us/img137/6048/080103185538sj9.jpg
il sera analysé par une plusieurs Antivirus

copie / colle le(s) rapport(s)

uluru51
Profil : IDNaute
Plus d'informations
n°306954
01-05-2008 à 12:12:00

voici le rapport:



Fichier zage.exe reçu le 2008.05.01 12:05:16 (CET)
Situation actuelle: terminé
Résultat: 11/32 (34.38%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.1.0 2008.05.01 Win-Trojan/MircPack.1790464
AntiVir 7.8.0.11 2008.04.30 -
Authentium 4.93.8 2008.04.30 -
Avast 4.8.1169.0 2008.04.30 -
AVG 7.5.0.516 2008.04.30 -
BitDefender 7.2 2008.05.01 -
CAT-QuickHeal 9.50 2008.04.30 Backdoor.mIRC-based
ClamAV None 2008.05.01 -
DrWeb 4.44.0.09170 2008.04.30 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5750 2008.05.01 -
Ewido 4.0 2008.04.30 -
F-Prot 4.4.2.54 2008.05.01 -
F-Secure 6.70.13260.0 2008.04.30 Backdoor.Win32.mIRC-based
FileAdvisor 1 2008.05.01 -
Fortinet 3.14.0.0 2008.05.01 -
Ikarus T3.1.1.26.0 2008.05.01 Backdoor.IRC.mIRC-based
Kaspersky 7.0.0.125 2008.05.01 Backdoor.Win32.mIRC-based
McAfee 5285 2008.04.30 Trojan mIRC Client
Microsoft 1.3408 2008.04.22 -
NOD32v2 3068 2008.05.01 -
Norman 5.80.02 2008.04.30 -
Panda 9.0.0.4 2008.04.30 Suspicious file
Prevx1 V2 2008.05.01 Heuristic: Suspicious File With Covert Attributes
Rising 20.42.22.00 2008.04.30 Worm.IRC.Win32.Not.a
Sophos 4.29.0 2008.05.01 -
Sunbelt 3.0.1097.0 2008.05.01 -
Symantec 10 2008.05.01 -
TheHacker 6.2.92.298 2008.04.30 -
VBA32 3.12.6.5 2008.05.01 BackDoor.IRC.based
VirusBuster 4.3.26:9 2008.04.30 -
Webwasher-Gateway 6.6.2 2008.04.30 Worm.Win32.Malware.gen
Information additionnelle
File size: 1771008 bytes
MD5...: 7bf69f9c3bfd6aecd996be71e21d6e54
SHA1..: 462990a013bde9a6563770fde6e48df5e8b0d411
SHA256: abc92c5f8366ebed9f95b833515926b69d64a04a82e1ef489e0b83fd2631c9cc
SHA512: 7bdc59c362905e467828626bdf34f3aff9a61c991fbe0b75d0006e1f7e5e2643
c477281e54819e3a6a0c4e77c0963c79fcb1355c0faed5bf43248e880e3005b2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0xa0a0a0a0L (invalid)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15d000 0x15c600 6.51 e7e5163d68aae3e3df1c27a467d9c177
.data 0x15e000 0x30000 0x1b400 5.07 b9e0f7d0e196e0620965ee9d6badc952
.tls 0x18e000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x18f000 0x1000 0x200 0.21 c57356aadbf85114b76bf712ff1d23dd
.idata 0x190000 0x3000 0x2e00 5.27 f646a95e2e0c7b1d873b9a6fefd7f78e
.edata 0x193000 0x1000 0x200 2.44 dc1e37693808104e52bcf5c86556308a
.rsrc 0x194000 0x3d200 0x35200 3.95 ffeacf93eacb3d1079d20eeb9ebff39a

( 12 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueA, RegSetValueA, RegSetValueExA
> KERNEL32.dll: CloseHandle, CompareFileTime, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateThread, DeleteFileA, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextChangeNotification, FindNextFileA, FindResourceA, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetShortPathNameA, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetTempPathA, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalSize, GlobalUnlock, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFree, LocalReAlloc, LockResource, MapViewOfFile, MoveFileA, MoveFileExA, MulDiv, MultiByteToWideChar, OpenFile, OpenFileMappingA, QueryDosDeviceA, RaiseException, ReadFile, RemoveDirectoryA, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetEvent, SetFileAttributesA, SetFilePointer, SetHandleCount, SetStdHandle, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, _hread, _hwrite, _lclose, _llseek, _lopen, _lwrite, lstrcatA, lstrcmpA, lstrcpyA, lstrcpynA, lstrlenA
> MPR.dll: WNetCloseEnum, WNetEnumResourceA, WNetOpenEnumA
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSAStartup, accept, closesocket, connect, gethostname, getsockname, htonl, htons, inet_addr, inet_ntoa, listen, ntohl, ntohs, recv, recvfrom, send, sendto, setsockopt, shutdown, socket, bind
> COMDLG32.dll: ChooseColorA, ChooseFontA, GetOpenFileNameA
> GDI32.dll: BitBlt, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBitmap, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreatePalette, CreatePatternBrush, CreatePen, CreatePolygonRgn, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteObject, Ellipse, ExcludeClipRect, ExtFloodFill, ExtTextOutA, GetDIBits, GetDeviceCaps, GetNearestColor, GetObjectA, GetObjectType, GetPixel, GetStockObject, GetTextExtentPointA, GetTextMetricsA, LineTo, MoveToEx, PatBlt, Polyline, PtInRegion, Rectangle, RoundRect, SelectClipRgn, SelectObject, SetBkColor, SetBkMode, SetBrushOrgEx, SetPixel, SetPixelV, SetROP2, SetStretchBltMode, SetTextColor, SetWindowOrgEx, StretchBlt, StretchDIBits, TextOutA
> SHELL32.dll: DragAcceptFiles, DragFinish, DragQueryFileA, DragQueryPoint, ExtractIconA, FindExecutableA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA, Shell_NotifyIconA
> USER32.dll: AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CheckDlgButton, CheckMenuItem, ChildWindowFromPointEx, ClientToScreen, ClipCursor, CloseClipboard, CopyRect, CreateDialogParamA, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DdeAccessData, DdeClientTransaction, DdeConnect, DdeCreateDataHandle, DdeCreateStringHandleA, DdeDisconnect, DdeFreeDataHandle, DdeFreeStringHandle, DdeInitializeA, DdeNameService, DdeQueryStringA, DdeUnaccessData, DdeUninitialize, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawFocusRect, DrawIcon, DrawMenuBar, DrawTextA, EmptyClipboard, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumThreadWindows, EqualRect, FillRect, FindWindowA, FindWindowExA, FlashWindow, FrameRect, GetActiveWindow, GetAsyncKeyState, GetCapture, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyState, GetKeyboardState, GetMenu, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessageA, GetNextDlgTabItem, GetParent, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, InsertMenuA, InvalidateRect, InvertRect, IsCharAlphaNumericA, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsDlgButtonChecked, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadMenuA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBeep, MessageBoxA, ModifyMenuA, MoveWindow, OpenClipboard, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollDC, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetDlgItemInt, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowScrollBar, ShowWindow, SystemParametersInfoA, ToAscii, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UpdateWindow, ValidateRect, WinHelpA, WindowFromPoint, wsprintfA
> WINMM.dll: mciGetDeviceIDA, mciGetErrorStringA, mciSendStringA, mixerClose, mixerGetControlDetailsA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerSetControlDetails, sndPlaySoundA, timeBeginPeriod, timeEndPeriod, timeGetDevCaps, timeKillEvent, timeSetEvent
> OLE32.dll: CLSIDFromProgID, CoCreateInstance, OleInitialize, OleUninitialize
> OLEAUT32.dll: LoadRegTypeLib, SetErrorInfo, SysAllocString, SysFreeString, VarCyFromR8, VarDateFromR8, VarR8FromCy, VarR8FromDate, VariantChangeType, VariantClear, VariantInit

( 5 exports )
@__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook
Prevx info: http://info.prevx.com/aboutprogram [...] 009C922F36

uluru51
Profil : IDNaute
Plus d'informations
n°307012
01-05-2008 à 15:02:15

quesque tu pense du rapport??

Eric_71
Profil : Helper
Plus d'informations
n°307241
02-05-2008 à 05:37:22

Re ,

J'en pense qu'il est pas gentil du tout .. :D

Tu peux l'uploader ici , Merci : http://secubox.gateweb.org/mad.php

Dans les commentaires , colle ce lien : http://www.infos-du-net.com/forum/ [...] us#t306954

Ensuite on le supprime

======================================

Relance HiJackThis clique cette fois sur [do a system scan only]
coche dans les cases à gauche les lignes suivantes ( et uniquement celles-ci ) :

O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\System32\Winsxs\zage.exe
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db0c [...] 601_fr.cab


et clique sur [Fix checked] ( en bas à gauche )
A la demande de confirmation , répond Oui

--------------------------------------------------------------------

Télécharge OTMoveIt2 [:eric_71:2] < ici

Sauvegarde-le sur ton Bureau
Séléctionne l'encadré ci-dessous , puis Clique droit , puis Copier :

C:\WINDOWS\System32\Winsxs\zage.exe


Lance maintenant OTMoveIt en double cliquant sur OTMoveIt.exe
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis Coller
Enfin , clique sur [MoveIt!]

Il est possible qu'il te demande de redemarrer , accepte en cliquant sur YES
Poste le rapport généré ( C:\_OTMoveIt\MovedFiles\date de création )


Message édité par Eric_71 le 02-05-2008 à 05:41:48
uluru51
Profil : IDNaute
Plus d'informations
n°307248
02-05-2008 à 09:53:23

C:\WINDOWS\System32\Winsxs\zage.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05022008_095133

Eric_71
Profil : Helper
Plus d'informations
n°307303
02-05-2008 à 17:05:22

Bien , c'est mieux ?

Télécharge MalwareBytes' Anti-Malwares [:eric_71:21] < ici

Double clique sur Download_mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !

Redémarre en mode sans echec ( > Mode Sans Echec < )

Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]

Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )

uluru51
Profil : IDNaute
Plus d'informations