Sujet Précédent Sujet Suivant

Virus empeche la suppression de programmes

Résolu

cutter4 Messages postés 181 Statut Membre -
Utilisateur anonyme - 9 avr. 2009 à 16:10

Bonjour,
J'ai récupéré un vieux PC que j'essaye de désinfecter mais il est salement endommagé. Il y a par ailleurs plusieurs antivirus (Antivir, Avast et un certain A360 qui me semble douteux) et je n'arrive pas à les désinstaller car je n'ai pas accès à la partie "ajout/suppression de programmes", il me dit que je n'ai pas les droits nécessaires ou je ne sais pas quoi. Que dois-je faire? Le PC fonctionne sous Windows XP.

Afficher la suite

A voir également:

Virus empeche la suppression de programmes
Forcer la suppression d'un fichier - Guide
Virus mcafee - Accueil - Piratage
Suppression compte gmail - Guide
Programmes au démarrage windows - Guide
Softonic virus ✓ - Forum Virus

87 réponses

Précédent

1
2
3
4
5

Suivant

Réponse 61 / 87

cutter4 Messages postés 181 Statut Membre 1

Oups! Petit problème: antivir détecte un virus ou programme indésirable dans C//WINDOWS/explorer.exe. Il me dit que c'est un résultat heuristique et qu'il a trouvé le code suspect HEUR/Malware. Que faire?

Réponse 62 / 87

Utilisateur anonyme

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :

C:\WINDOWS\explorer.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Réponse 63 / 87

cutter4 Messages postés 181 Statut Membre 1

Voilà! Entre temps il m'a dit la même chose d'un autre fichier qui se trouve dans C:/WIndows... je vais faire la même manip!

Fichier explorer.exe reçu le 2009.04.08 13:01:40 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.08 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 W32/Patched.E.gen!Eldorado
Avast 4.8.1335.0 2009.04.07 Win32:Agent-TFC
AVG 8.5.0.285 2009.04.08 Win32/Heur.dropper
BitDefender 7.2 2009.04.08 Trojan.Patched.Dropper.A
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1102 2009.04.07 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 Win32/Sality.AA
F-Prot 4.4.4.56 2009.04.08 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.08 Trojan.Win32.Patched.bl
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 Trojan.Patched.Dropper.A
Ikarus T3.1.1.49.0 2009.04.08 Trojan.Win32.Patched
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Trojan.Win32.Patched.bl
McAfee 5577 2009.04.07 New Win32
McAfee+Artemis 5577 2009.04.07 New Win32
McAfee-GW-Edition 6.7.6 2009.04.08 Heuristic.Malware
Microsoft 1.4502 2009.04.08 Virus:Win32/Pakabot
NOD32 3994 2009.04.07 Win32/Agent.NAD
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 W32/UPhoto.A
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 Win32.InjectCode.a
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 Trojan.Win32.ExplorerHijack
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 Cryp_Xed-16
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Information additionnelle
File size: 1100553 bytes
MD5...: 35cd19e741081f84a3d3a23a193f2e2e
SHA1..: 15c54b2a0c68f49c267db20174037dd8473842b7
SHA256: 6e0a27932ac6c07cddf053a3fb073565f2d2911b6c7bfd0b39a37595aab3304f
SHA512: d5b1276d94042f5598b7b5d958663be448e978fd4cc574b55844c1c0ed6da968<BR>89432b66c60161732182fc894b4647f7988427597170028f8a78f2165effc24d
ssdeep: 12288:0RFHBdIwCDrA6hWVz0v/la0BVa/oXqoJpaz/g/J/vqyMySy:0zhOwCDE6h<BR>COta0BEoXJaz/g/J/CyNp<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (44.6%)<BR>Win32 EXE Yoda's Crypter (31.4%)<BR>Win32 Executable Generic (10.1%)<BR>Win32 Dynamic Link Library (generic) (8.9%)<BR>Generic Win/DOS Executable (2.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xff804<BR>timedatestamp.....: 0x466fc588 (Wed Jun 13 10:23:04 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44ad9 0x44c00 6.36 7de882aa0da62b155286cb91c8f0fbd9<BR>.data 0x46000 0x1db4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 c03607a562c6216fc2b6b5b97ae67ceb<BR>.reloc 0xfc000 0x12000 0x12000 7.71 55668fcfb311d3ed80030402d7773eb1<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.08 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 W32/Patched.E.gen!Eldorado
Avast 4.8.1335.0 2009.04.07 Win32:Agent-TFC
AVG 8.5.0.285 2009.04.08 Win32/Heur.dropper
BitDefender 7.2 2009.04.08 Trojan.Patched.Dropper.A
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1102 2009.04.07 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 Win32/Sality.AA
F-Prot 4.4.4.56 2009.04.08 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.08 Trojan.Win32.Patched.bl
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 Trojan.Patched.Dropper.A
Ikarus T3.1.1.49.0 2009.04.08 Trojan.Win32.Patched
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Trojan.Win32.Patched.bl
McAfee 5577 2009.04.07 New Win32
McAfee+Artemis 5577 2009.04.07 New Win32
McAfee-GW-Edition 6.7.6 2009.04.08 Heuristic.Malware
Microsoft 1.4502 2009.04.08 Virus:Win32/Pakabot
NOD32 3994 2009.04.07 Win32/Agent.NAD
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 W32/UPhoto.A
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 Win32.InjectCode.a
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 Trojan.Win32.ExplorerHijack
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 Cryp_Xed-16
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Information additionnelle
File size: 1100553 bytes
MD5...: 35cd19e741081f84a3d3a23a193f2e2e
SHA1..: 15c54b2a0c68f49c267db20174037dd8473842b7
SHA256: 6e0a27932ac6c07cddf053a3fb073565f2d2911b6c7bfd0b39a37595aab3304f
SHA512: d5b1276d94042f5598b7b5d958663be448e978fd4cc574b55844c1c0ed6da968<BR>89432b66c60161732182fc894b4647f7988427597170028f8a78f2165effc24d
ssdeep: 12288:0RFHBdIwCDrA6hWVz0v/la0BVa/oXqoJpaz/g/J/vqyMySy:0zhOwCDE6h<BR>COta0BEoXJaz/g/J/CyNp<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (44.6%)<BR>Win32 EXE Yoda's Crypter (31.4%)<BR>Win32 Executable Generic (10.1%)<BR>Win32 Dynamic Link Library (generic) (8.9%)<BR>Generic Win/DOS Executable (2.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xff804<BR>timedatestamp.....: 0x466fc588 (Wed Jun 13 10:23:04 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44ad9 0x44c00 6.36 7de882aa0da62b155286cb91c8f0fbd9<BR>.data 0x46000 0x1db4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 c03607a562c6216fc2b6b5b97ae67ceb<BR>.reloc 0xfc000 0x12000 0x12000 7.71 55668fcfb311d3ed80030402d7773eb1<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-

Réponse 64 / 87

cutter4 Messages postés 181 Statut Membre 1

Et voilà le rapport du deuxième fichier (jozlwmg.exe):

Fichier jozlwmg.exe reçu le 2009.04.08 13:12:28 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.08 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 W32/Patched.E.gen!Eldorado
Avast 4.8.1335.0 2009.04.07 Win32:Agent-TFC
AVG 8.5.0.285 2009.04.08 Win32/Heur.dropper
BitDefender 7.2 2009.04.08 Trojan.Patched.Dropper.A
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 Win32/Sality.AA
F-Prot 4.4.4.56 2009.04.08 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.08 Trojan.Win32.Patched.bl
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 Trojan.Patched.Dropper.A
Ikarus T3.1.1.49.0 2009.04.08 Trojan.Win32.Patched
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Trojan.Win32.Patched.bl
McAfee 5577 2009.04.07 New Win32
McAfee+Artemis 5577 2009.04.07 New Win32
McAfee-GW-Edition 6.7.6 2009.04.08 Heuristic.Malware
Microsoft 1.4502 2009.04.08 Virus:Win32/Pakabot
NOD32 3994 2009.04.07 Win32/Agent.NAD
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 W32/UPhoto.A
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 Win32.InjectCode.a
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 Trojan.Win32.ExplorerHijack
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 Cryp_Xed-16
VBA32 3.12.10.2 2009.04.08 Trojan.Win32.Restarter.e
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Information additionnelle
File size: 1100553 bytes
MD5...: 35cd19e741081f84a3d3a23a193f2e2e
SHA1..: 15c54b2a0c68f49c267db20174037dd8473842b7
SHA256: 6e0a27932ac6c07cddf053a3fb073565f2d2911b6c7bfd0b39a37595aab3304f
SHA512: d5b1276d94042f5598b7b5d958663be448e978fd4cc574b55844c1c0ed6da968<BR>89432b66c60161732182fc894b4647f7988427597170028f8a78f2165effc24d
ssdeep: 12288:0RFHBdIwCDrA6hWVz0v/la0BVa/oXqoJpaz/g/J/vqyMySy:0zhOwCDE6h<BR>COta0BEoXJaz/g/J/CyNp<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (44.6%)<BR>Win32 EXE Yoda's Crypter (31.4%)<BR>Win32 Executable Generic (10.1%)<BR>Win32 Dynamic Link Library (generic) (8.9%)<BR>Generic Win/DOS Executable (2.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xff804<BR>timedatestamp.....: 0x466fc588 (Wed Jun 13 10:23:04 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44ad9 0x44c00 6.36 7de882aa0da62b155286cb91c8f0fbd9<BR>.data 0x46000 0x1db4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 c03607a562c6216fc2b6b5b97ae67ceb<BR>.reloc 0xfc000 0x12000 0x12000 7.71 55668fcfb311d3ed80030402d7773eb1<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.08 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 W32/Patched.E.gen!Eldorado
Avast 4.8.1335.0 2009.04.07 Win32:Agent-TFC
AVG 8.5.0.285 2009.04.08 Win32/Heur.dropper
BitDefender 7.2 2009.04.08 Trojan.Patched.Dropper.A
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 Win32/Sality.AA
F-Prot 4.4.4.56 2009.04.08 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.08 Trojan.Win32.Patched.bl
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 Trojan.Patched.Dropper.A
Ikarus T3.1.1.49.0 2009.04.08 Trojan.Win32.Patched
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Trojan.Win32.Patched.bl
McAfee 5577 2009.04.07 New Win32
McAfee+Artemis 5577 2009.04.07 New Win32
McAfee-GW-Edition 6.7.6 2009.04.08 Heuristic.Malware
Microsoft 1.4502 2009.04.08 Virus:Win32/Pakabot
NOD32 3994 2009.04.07 Win32/Agent.NAD
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 W32/UPhoto.A
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 Win32.InjectCode.a
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 Trojan.Win32.ExplorerHijack
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 Cryp_Xed-16
VBA32 3.12.10.2 2009.04.08 Trojan.Win32.Restarter.e
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Information additionnelle
File size: 1100553 bytes
MD5...: 35cd19e741081f84a3d3a23a193f2e2e
SHA1..: 15c54b2a0c68f49c267db20174037dd8473842b7
SHA256: 6e0a27932ac6c07cddf053a3fb073565f2d2911b6c7bfd0b39a37595aab3304f
SHA512: d5b1276d94042f5598b7b5d958663be448e978fd4cc574b55844c1c0ed6da968<BR>89432b66c60161732182fc894b4647f7988427597170028f8a78f2165effc24d
ssdeep: 12288:0RFHBdIwCDrA6hWVz0v/la0BVa/oXqoJpaz/g/J/vqyMySy:0zhOwCDE6h<BR>COta0BEoXJaz/g/J/CyNp<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (44.6%)<BR>Win32 EXE Yoda's Crypter (31.4%)<BR>Win32 Executable Generic (10.1%)<BR>Win32 Dynamic Link Library (generic) (8.9%)<BR>Generic Win/DOS Executable (2.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xff804<BR>timedatestamp.....: 0x466fc588 (Wed Jun 13 10:23:04 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44ad9 0x44c00 6.36 7de882aa0da62b155286cb91c8f0fbd9<BR>.data 0x46000 0x1db4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 c03607a562c6216fc2b6b5b97ae67ceb<BR>.reloc 0xfc000 0x12000 0x12000 7.71 55668fcfb311d3ed80030402d7773eb1<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 87

Utilisateur anonyme

ok apres remise de l autre rapport fais ceci :

> Télécharge Dr Web CureIt sur ton Bureau :

- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;

- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

Réponse 66 / 87

cutter4 Messages postés 181 Statut Membre 1

J'ai suivi la préocédure mais il n'a absolument rien trouvé. J'ai du désactiver antivir guard car il me mettait en boucle que le fichier explorer.exe est un virus et ca empechait drweb de faire son boulot... mais le probleme n'est donc malheureusement pas réglé...

Réponse 67 / 87

Utilisateur anonyme

euh tu as fait l analyse complete ensuite avec DrWeb ?

pour explorer.exe on va peut etre voir de le supprimer et que je t en envoie un sain

Réponse 68 / 87

cutter4 Messages postés 181 Statut Membre 1

oui j'ai fait l'analyse complète et il n'a rien trouvé...

Réponse 69 / 87

cutter4 Messages postés 181 Statut Membre 1

tu peux m'envoyer le fichier à xxx@xxx.com (edit: inutile de laisser mon email sur le forum), c'est mon adresse-poubelle ;-)

Réponse 70 / 87

Utilisateur anonyme

non je vais te le mettre ici attends d avoir recu le mien pour supprimer l autre

Explorer.exe

Réponse 71 / 87

cutter4 Messages postés 181 Statut Membre 1

impossible de le supprimer: accès refusé!

Réponse 72 / 87

Utilisateur anonyme

explorer ?

en mode sans echec ?

Réponse 73 / 87

cutter4 Messages postés 181 Statut Membre 1

oui, je viens d'essayer en mode sans échec et ca marche pas non plus. c'est peut-etre parce que je vais dans l'explorateur windows et que c'est justement un fichier qui fait tourner l'explorateur windows? je sais pas...

Réponse 74 / 87

Utilisateur anonyme

decompresses le fichier que je viens de t'envoyer et colles-le dans C:\WINDOWS puis acceptes le confirmation du remplacement

si et seulement si cela ne marche pas tente la suppression avec ceci

Unlocker

ne redemarres le pc seulement si tu es sur que la copie de fichier decompressé a bien retrouvé sa place

Réponse 75 / 87

cutter4 Messages postés 181 Statut Membre 1

j'ai essayé de l'extraire direct et de remplacer le fichier mais il me dit que le fichier est protégé par un mot de passe. je vais essayer la deuxième méthode.

Réponse 76 / 87

cutter4 Messages postés 181 Statut Membre 1

ca ne marche pas. il a dit qu'il le ferait au redémmarage mais ca n'a visiblement pas marché. antivir se plaint toujours :-(

Réponse 77 / 87

Utilisateur anonyme

salut :

on va tenter comme cela ca devrait marcher (comme quoi une bonne nuit de sommeil...)

tu mets le "explorer.exe" (décompressé)que je t ai envoyé dans c:\ (poste de travail , doubleclic sur c:\ , et tu le mets ici )

ensuite tu redemarres sur la console de recuperation comme au prealable executé(pour wink32)

tu rentres dans la session Windows , ensuite

tu vas encore te retrouver avec ca :

C:\WINDOWS>

tu tapes :

del c:\Windows\explorer.exe

ensuite :

copy c:\explorer.exe c:\Windows\explorer.exe

ensuite :

del c:\explorer.exe

surtout repectes bien les espaces j'ai souligné a cette intention

puis redemarres normalement

Réponse 78 / 87

cutter4 Messages postés 181 Statut Membre 1

c'est fait! je crois qu'on est débarassé de ce virus mais il reste toujours le fichier jozlwmg.exe dans C:/Windows

Réponse 79 / 87

Utilisateur anonyme

vois si tu peux supprimer ce dossier manuellement si tu le trouves ... on a affiché les dossier caches il me semble

Réponse 80 / 87

cutter4 Messages postés 181 Statut Membre 1

euh c'est pas un dossier c'est juste un fichier.exe et je ne pense pas qu'il soit caché, en tout cas je le vois :-) mais ca va je l'ai mis sous quarantaine puis j'ai effacé la quarantaine d'antivir donc no problem. je lance un scan complet avec mon antivirus pour vérifier qu'il ne reste rien!

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."

comment desactiver un bloqueur de pub

M6 Replay désactiver le bloqueur de publicité

Softonic,est-ce un virus ?

Task host windows, c'est quoi ?

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple