Sujet Précédent Sujet Suivant

2eme pc infecter acceuil internet derouter

tegor Messages postés 134 Statut Membre -  
tegor Messages postés 134 Statut Membre -
Bonjour,
voici le rapport de hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:55 AM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\UniKey v3.5\UniKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HOME\My Documents\piere\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {60212a44-0000-443b-8310-eb96712d8fba} - C:\WINDOWS\system32\apctui.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\PENTIUM4\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P34 "\\PENTIUM4\EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey v3.5\UniKey.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [UniKey] C:\Program Files\UniKey v3.5\UniKey.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - S-1-5-21-1659004503-1425521274-839522115-1003 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User '?')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljggfc.dll
O20 - Winlogon Notify: apctui - apctui.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
A voir également:

45 réponses

Précédent
Réponse 21 / 45
Utilisateur anonyme
 
tu nest pas infectee par Bagle mais je voudrais verifier des demmarages de certains services

desinstalle usbfix et :

Telecharge maintenant FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 22 / 45
tegor Messages postés 134 Statut Membre
 
pour celui là on finirat demain
finissons le premier merci
0
Réponse 23 / 45
Utilisateur anonyme
 
comme tu veux
0
Réponse 24 / 45
tegor Messages postés 134 Statut Membre
 
je fais etape 21

mais je trouve pas le programme USBfix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
tegor Messages postés 134 Statut Membre
 
j ai lancer quqnd meme find

voici rapport

----------------- FindyKill V4.711 ------------------

* User : HOME - KEN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 14:17:26 le Fri 01/09/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\UniKey v3.5\UniKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dofus\Dofus.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\Prefetch\UNIKEY.EXE-06ECAF81.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\HOME\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\HOME\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\HOME\Local Settings\Temporary Internet Files\Content.IE5

Found ! [11/19/2004 18:28] - C:\Program Files\EPSON\Creativity Suite\File Manager\Readme\_en_GB\ReadMe.txt
Found ! [11/19/2004 18:28] - C:\Program Files\EPSON\Creativity Suite\File Manager\Readme\_en_US\ReadMe.txt
Found ! [03/23/2001 21:52] - C:\Program Files\EPSON\Smart Panel\Guide\file.txt
Found ! [04/17/2001 15:33] - C:\Program Files\EPSON\Smart Panel\Guide\file-assist.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
UniKey=C:\Program Files\UniKey v3.5\UniKey.exe
mtd2002Svr="C:\Program Files\mtd2002"\mtdserver.exe -f
MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMan=SOUNDMAN.EXE
\\PENTIUM4\EPSON Stylus C67 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P34 "\\PENTIUM4\EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
EPSON Stylus C67 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
BigDogPath=C:\WINDOWS\VM_STI.EXE lebeca web camera driver
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HiYo=C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\EPSON SMART PANEL]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\HViewer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\RtlRack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\ScanToFile]

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Fixed Drive

D: - Fixed Drive

E: - Fixed Drive

+- Contenu de l'autorun : D:\autorun.inf

[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Wireless Network Setup Wizard

+- presence des fichiers :

Found ! [11/01/2008 17:45][--a------] - D:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0
Réponse 26 / 45
tegor Messages postés 134 Statut Membre
 
apparement tu m es pas la por m aider
0
Réponse 27 / 45
Utilisateur anonyme
 
ok bonjour desole pour le retard :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 28 / 45
tegor Messages postés 134 Statut Membre
 
je n ai pas de disque externe sur ce pc ni clef ...
j ai toujours le meme probleme
page 1er derouter sur site douteux
en faisant un refresh de la page page google apparet
le 3eme PC identique + tres grande lenteur de tout les programme
j ai commencer un traitement avec

http://www.commentcamarche.net/forum/affich 10413728 pc tres lent?dernier#dernier
0
Réponse 29 / 45
Utilisateur anonyme
 
pas grave faisquand meme findykill option2
0
Réponse 30 / 45
tegor Messages postés 134 Statut Membre
 
----------------- FindyKill V4.711 ------------------

* User : HOME - KEN
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 18:01:45 the Sun 01/11/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\UNIKEY.EXE-06ECAF81.pf

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HOME\Application Data

»»»» Supression files in C:\DOCUME~1\HOME\LOCALS~1\Temp
0
Réponse 31 / 45
Utilisateur anonyme
 
bonjour je peux avoir le rapport entier ?
0
Réponse 32 / 45
tegor Messages postés 134 Statut Membre
 
----------------- FindyKill V4.711 ------------------

* User : HOME - KEN
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 18:01:45 the Sun 01/11/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\UNIKEY.EXE-06ECAF81.pf

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HOME\Application Data

»»»» Supression files in C:\DOCUME~1\HOME\LOCALS~1\Temp
0
Réponse 33 / 45
Utilisateur anonyme
 
il manque tout le bas de ton rapport ca devrait etre beaucoup plus long que ca !!
0
Réponse 34 / 45
tegor Messages postés 134 Statut Membre
 
----------------- FindyKill V4.711 ------------------

* User : HOME - KEN
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 9:21:59 the Mon 01/12/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HOME\Application Data

»»»» Supression files in C:\DOCUME~1\HOME\LOCALS~1\Temp

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

»»»» Supression files in C:\Documents and Settings\HOME\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Fixed Drive

D: - Fixed Drive

E: - Fixed Drive

+- deleting files :

Deleted ! - D:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

--------------- [ Searching Cracks / Keygen ] ----------------

---------------- ! End of report ! ------------------
0
Réponse 35 / 45
Utilisateur anonyme
 
tres bien mais je m'apercois que tu avais Bagle" et qu'hijackthis a fonctionné quand meme :

Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse
0
Réponse 36 / 45
tegor Messages postés 134 Statut Membre
 
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1647
Windows 5.1.2600 Service Pack 2

1/13/2009 1:43:57 PM
mbam-log-2009-01-13 (13-43-57).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 110841
Temps écoulé: 12 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DInf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DnngCon (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DNIdent (Trojan.ConHook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\telecharger\Native Instruments\TRAKTOR_DJ_STUDIO_3_KEYGEN.exe (Trojan.Goldun) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 37 / 45
tegor Messages postés 134 Statut Membre
 
voici rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:04, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\UniKey v3.5\UniKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HOME\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\PENTIUM4\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P34 "\\PENTIUM4\EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey v3.5\UniKey.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [UniKey] C:\Program Files\UniKey v3.5\UniKey.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S (User '?')
O4 - S-1-5-21-1659004503-1425521274-839522115-1003 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User '?')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\HOME\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 38 / 45
Utilisateur anonyme
 
relances hijackthis , coches ces lignes sur leur gauche et "fix checked" :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1659004503-1425521274-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

ensuite :

fais analyser ceci :

C:\Program Files\mtd2002"\mtdserver.exe

ici :

https://www.virustotal.com/gui/
0
Réponse 39 / 45
tegor Messages postés 134 Statut Membre
 
voici analyse
Fichier mtdserver.exe reçu le 2009.01.13 12:05:42 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.13 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.13 -
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5493 2009.01.12 -
McAfee+Artemis 5493 2009.01.12 -
Microsoft 1.4205 2009.01.13 -
NOD32 3761 2009.01.13 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.12 -
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.13 -
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.13 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.13 -
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.12 -

Information additionnelle
File size: 544768 bytes
MD5...: cd6b589d9d4cdbcb76cd79104084bfda
SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a
SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5
SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR>
ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR>
<table border="1"><tr><td colspan="4">Fichier mtdserver.exe reçu le 2009.01.13 12:05:42 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>a-squared</td><td>4.0.0.73</td><td>2009.01.13</td><td>-</td</tr><tr><td>AhnLab-V3</td><td>2009.1.13.3</td><td>2009.01.13</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.0.54</td><td>2009.01.13</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.0.4</td><td>2009.01.13</td><td>-</td</tr><tr><td>Avast</td><td>4.8.1281.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>AVG</td><td>8.0.0.229</td><td>2009.01.13</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.01.13</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.01.12</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.01.13</td><td>-</td</tr><tr><td>Comodo</td><td>919</td><td>2009.01.12</td><td>-</td</tr><tr><td>DrWeb</td><td>4.44.0.09170</td><td>2009.01.12</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.01.12</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6304</td><td>2009.01.12</td><td>-</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.01.12</td><td>-</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.01.13</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.45.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.584</td><td>2009.01.09</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.01.13</td><td>-</td</tr><tr><td>McAfee</td><td>5493</td><td>2009.01.12</td><td>-</td</tr><tr><td>McAfee+Artemis</td><td>5493</td><td>2009.01.12</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4205</td><td>2009.01.13</td><td>-</td</tr><tr><td>NOD32</td><td>3761</td><td>2009.01.13</td><td>-</td</tr><tr><td>Norman</td><td>5.93.01</td><td>2009.01.12</td><td>-</td</tr><tr><td>Panda</td><td>9.4.3.3</td><td>2009.01.12</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.01.12</td><td>-</td</tr><tr><td>Prevx1</td><td>V2</td><td>2009.01.13</td><td>-</td</tr><tr><td>Rising</td><td>21.12.12.00</td><td>2009.01.13</td><td>-</td</tr><tr><td>SecureWeb-Gateway</td><td>6.7.6</td><td>2009.01.13</td><td>-</td</tr><tr><td>Sophos</td><td>4.37.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>Sunbelt</td><td>3.2.1831.2</td><td>2009.01.09</td><td>-</td</tr><tr><td>Symantec</td><td>10</td><td>2009.01.13</td><td>-</td</tr><tr><td>TheHacker</td><td>6.3.1.4.218</td><td>2009.01.11</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.700.0.1004</td><td>2009.01.13</td><td>-</td</tr><tr><td>ViRobot</td><td>2009.1.13.1556</td><td>2009.01.13</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.5.11.0</td><td>2009.01.12</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">File size: 544768 bytes</td></tr><tr><td colspan="4">MD5...: cd6b589d9d4cdbcb76cd79104084bfda</td></tr><tr><td colspan="4">SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a</td></tr><tr><td colspan="4">SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5</td></tr><tr><td colspan="4">SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR></td></tr><tr><td colspan="4">ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR></td></tr><tr><td colspan="4">PEiD..: Armadillo v1.71</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR></td></tr></table>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.13 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.13 -
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5493 2009.01.12 -
McAfee+Artemis 5493 2009.01.12 -
Microsoft 1.4205 2009.01.13 -
NOD32 3761 2009.01.13 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.12 -
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.13 -
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.13 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.13 -
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.12 -

Information additionnelle
File size: 544768 bytes
MD5...: cd6b589d9d4cdbcb76cd79104084bfda
SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a
SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5
SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR>
ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR>
0
Réponse 40 / 45
tegor Messages postés 134 Statut Membre
 
Fichier mtdserver.exe reçu le 2009.01.13 12:05:42 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.13 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.13 -
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5493 2009.01.12 -
McAfee+Artemis 5493 2009.01.12 -
Microsoft 1.4205 2009.01.13 -
NOD32 3761 2009.01.13 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.12 -
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.13 -
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.13 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.13 -
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.12 -

Information additionnelle
File size: 544768 bytes
MD5...: cd6b589d9d4cdbcb76cd79104084bfda
SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a
SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5
SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR>
ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR>
<table border="1"><tr><td colspan="4">Fichier mtdserver.exe reçu le 2009.01.13 12:05:42 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>a-squared</td><td>4.0.0.73</td><td>2009.01.13</td><td>-</td</tr><tr><td>AhnLab-V3</td><td>2009.1.13.3</td><td>2009.01.13</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.0.54</td><td>2009.01.13</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.0.4</td><td>2009.01.13</td><td>-</td</tr><tr><td>Avast</td><td>4.8.1281.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>AVG</td><td>8.0.0.229</td><td>2009.01.13</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.01.13</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.01.12</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.01.13</td><td>-</td</tr><tr><td>Comodo</td><td>919</td><td>2009.01.12</td><td>-</td</tr><tr><td>DrWeb</td><td>4.44.0.09170</td><td>2009.01.12</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.01.12</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6304</td><td>2009.01.12</td><td>-</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.01.12</td><td>-</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.01.13</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.45.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.584</td><td>2009.01.09</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.01.13</td><td>-</td</tr><tr><td>McAfee</td><td>5493</td><td>2009.01.12</td><td>-</td</tr><tr><td>McAfee+Artemis</td><td>5493</td><td>2009.01.12</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4205</td><td>2009.01.13</td><td>-</td</tr><tr><td>NOD32</td><td>3761</td><td>2009.01.13</td><td>-</td</tr><tr><td>Norman</td><td>5.93.01</td><td>2009.01.12</td><td>-</td</tr><tr><td>Panda</td><td>9.4.3.3</td><td>2009.01.12</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.01.12</td><td>-</td</tr><tr><td>Prevx1</td><td>V2</td><td>2009.01.13</td><td>-</td</tr><tr><td>Rising</td><td>21.12.12.00</td><td>2009.01.13</td><td>-</td</tr><tr><td>SecureWeb-Gateway</td><td>6.7.6</td><td>2009.01.13</td><td>-</td</tr><tr><td>Sophos</td><td>4.37.0</td><td>2009.01.13</td><td>-</td</tr><tr><td>Sunbelt</td><td>3.2.1831.2</td><td>2009.01.09</td><td>-</td</tr><tr><td>Symantec</td><td>10</td><td>2009.01.13</td><td>-</td</tr><tr><td>TheHacker</td><td>6.3.1.4.218</td><td>2009.01.11</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.700.0.1004</td><td>2009.01.13</td><td>-</td</tr><tr><td>ViRobot</td><td>2009.1.13.1556</td><td>2009.01.13</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.5.11.0</td><td>2009.01.12</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">File size: 544768 bytes</td></tr><tr><td colspan="4">MD5...: cd6b589d9d4cdbcb76cd79104084bfda</td></tr><tr><td colspan="4">SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a</td></tr><tr><td colspan="4">SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5</td></tr><tr><td colspan="4">SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR></td></tr><tr><td colspan="4">ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR></td></tr><tr><td colspan="4">PEiD..: Armadillo v1.71</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR></td></tr></table>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.13 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.13 -
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5493 2009.01.12 -
McAfee+Artemis 5493 2009.01.12 -
Microsoft 1.4205 2009.01.13 -
NOD32 3761 2009.01.13 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.12 -
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.13 -
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.13 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.13 -
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.12 -

Information additionnelle
File size: 544768 bytes
MD5...: cd6b589d9d4cdbcb76cd79104084bfda
SHA1..: 40e5ccd173e9e6a5e00123a7661a3de09149c69a
SHA256: 4fd620cf8c6be10d23206e3ebf58f960a86b963a94bf1303c02bc413fe9d34e5
SHA512: 919b5fc9c03ae3c1427cee1957b1581f3b22dfb3b31a9aab20fd3c30200d905a<BR>277830e0266d946ec7efc539fd65cf22c2c222304890b40a6affcf72ba150cb8<BR>
ssdeep: 12288:uUbmGr27MwWKLBqkdy0/WFcDdtuDIfIY2zxyCkLRNjVPJmm9:u227MGokd<BR>y0/vCYFCch<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46bc1a<BR>timedatestamp.....: 0x3d9e8114 (Sat Oct 05 06:05:08 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6d252 0x6e000 6.44 bb8da421f6b02d08782e5423d4a13750<BR>.rdata 0x6f000 0x9622 0xa000 5.14 30de5c7fcafb190ccd672dd9d2553f00<BR>.data 0x79000 0x85b8 0x9000 5.14 bc08fce09c4f73877b56c728b03f3539<BR>.rsrc 0x82000 0x2d08 0x3000 4.89 b01b6746a61bdd1eb93bfe17ccde5952<BR><BR>( 9 imports ) <BR>> regex.dll: _regcomp@12, _regexec@20, _regfree@4, _regerror@16<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _findfirst, fwrite, getc, _findnext, _commit, _errno, _fstati64, _findclose, __dllonexit, realloc, strncmp, qsort, getenv, __mb_cur_max, _get_osfhandle, _pctype, __1type_info@@UAE@XZ, _ftol, _lseeki64, _isctype, _onexit, _snprintf, strncpy, sscanf, fopen, fgets, fclose, _initterm, sprintf, _iob, setvbuf, fflush, _fdopen, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _exit, _getpid, _XcptFilter, _acmdln, exit, _controlfp, _vsnprintf, __getmainargs, strerror, fprintf, vfprintf, malloc, _mbslen, _purecall, strrchr, __p___argv, _mbsrchr, __p___argc, _CxxThrowException, time, ctime, vsprintf, _splitpath, _mbsicmp, wcsncpy, wcscpy, wcslen, atol, atoi, wcschr, strchr, memmove, printf, _mbscmp, calloc, free, __CxxFrameHandler, _open_osfhandle, _setmbcp, _unlink, _stat, _write, _read, _close, _open, _strdup<BR>> KERNEL32.dll: LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CompareStringA, lstrlenA, DeleteFileA, Sleep, EnterCriticalSection, MoveFileA, GetTempPathA, SetThreadPriority, CreateThread, _lclose, OpenFile, SetErrorMode, ResumeThread, GetModuleFileNameA, AllocConsole, SetEndOfFile, SetFilePointer, CreateFileA, MoveFileExA, CloseHandle, WriteFile, GetStdHandle, OutputDebugStringA, MapViewOfFile, GetLastError, CreateFileMappingA, UnmapViewOfFile, WaitForSingleObject, CreateEventA, SetEvent, GetExitCodeThread, GetVersionExA, GetProcAddress, GetModuleHandleA, SetConsoleCtrlHandler, LocalFree, FormatMessageA, GlobalFree, GlobalAlloc, GetCurrentThreadId, LockResource, LoadResource, FindResourceA, WideCharToMultiByte, MultiByteToWideChar, FlushFileBuffers, InterlockedExchange, GetSystemTime, GetFileInformationByHandle, GetSystemInfo, GetVersion, OpenFileMappingA, GetStartupInfoA, GetFileAttributesA<BR>> USER32.dll: DefWindowProcA, CreateWindowExA, IsIconic, GetClientRect, DrawIcon, RegisterClassA, DestroyWindow, GetSystemMenu, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, SendMessageA, PostThreadMessageA, wsprintfA, LoadIconA, AppendMenuA, GetSystemMetrics<BR>> ADVAPI32.dll: CopySid, RegisterEventSourceA, ReportEventA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, DeregisterEventSource, GetLengthSid, IsValidSid, LookupAccountNameA, GetUserNameA, StartServiceCtrlDispatcherA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, RegCreateKeyA, DeleteService, QueryServiceStatus, ControlService, OpenServiceA, StartServiceA, RegisterServiceCtrlHandlerA, SetServiceStatus<BR>> WSOCK32.dll: -<BR>> MSVCP60.dll: __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Xlen@std@@YAXXZ<BR>> MSVCIRT.dll: __4ios@@IAEAAV0@ABV0@@Z, _cout@@3Vostream_withassign@@A, ___8ostream_withassign@@7B@, _cerr@@3Vostream_withassign@@A, __6ostream@@QAEAAV0@PBD@Z, __4ostream@@IAEAAV0@PAVstreambuf@@@Z<BR><BR>( 0 exports ) <BR>
0