Le virus pote de virut

Résolu
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

voila j'ai un petit problème je viens de choper le pote du virus virut

en effet maintenant au lieu que ce soit tous les point exe qui sont infecter

c'est tous mes .htm qui sont infecter

la je suis à 300 virus à 4% d analyse avec antivir ...



A voir également:

44 réponses

Précédent
Réponse 21 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
je fais quoi alors un killdisk ?vu que je suis dépourvu de renseignement ...
0
Réponse 22 / 44
Utilisateur anonyme
 
fais un rsit
0
Réponse 23 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
voici le log de rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Spoon at 2009-04-03 01:23:21
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 22 GB (48%) free of 46 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:23:28, on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Spoon\Mes documents\Downloads\Programs\RSIT.exe
C:\Program Files\trend micro\Spoon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISS_SIP] C:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 24 / 44
Utilisateur anonyme
 
Tu t'es infecté hier soir a minuit apparement : 2009-05-02 00:08:47 ----A---- C:\WINDOWS\003021_.tmp

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\system32\Lanceur2.exe
C:\WINDOWS\wb.ini
C:\WINDOWS\err.txt
C:\WINDOWS\system32\asr_ldm.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

---> Télécharge OTM (OldTimer) sur ton Bureau :

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services
nProtect GameGuard Service
npggsvc
am18klf1

:files
C:\WINDOWS\003021_.tmp
C:\WINDOWS\SET8.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET3.tmp
C:\WINDOWS\system32\GameMon.des

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-
"Alcmtr"=-
"PWRISOVM.EXE"=-
"NeroFilterCheck"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=-
"msnmsgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
Fichier Lanceur2.exe reçu le 2009.06.03 00:04:06 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
Information additionnelle
File size: 29656 bytes
MD5...: 6ca47b66a6f9d0b97c1ab84e3814a710
SHA1..: 95bf3665b0a409eb035513a2a163a0967a982de7
SHA256: 33bba590f069f3be6a6aa61c0d5ac4d8de5ecb3b89a140702f62073e649f5a99
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>VXD Driver (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x123c<br>timedatestamp.....: 0x467284b0 (Fri Jun 15 12:23:12 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2000 0x1a00 5.61 7ac92b46bed5f946cc41a3dbf58a2f74<br>.data 0x3000 0x1000 0x600 3.96 56b7f83ed14c9b520d855acac0c1736a<br>.tls 0x4000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0x5000 0x1000 0x200 0.19 5079358b468fb1d24e6110edc0bb2d70<br>.idata 0x6000 0x3000 0x2800 4.87 311355e06fd99c4ae1f4099ef595f23c<br>.edata 0x9000 0x1000 0x200 1.98 51f2e2f8527262db462000b71cfa6ec9<br>.rsrc 0xa000 0x1000 0x600 4.43 438c6f7fab110d25cd6c46acb698111d<br>.reloc 0xb000 0x1000 0x600 5.67 f359566e3a4b99c505a32748be5a2f27<br><br>( 33 imports ) <br>> rtl60.bpl: @System@initialization$qqrv, @System@Finalization$qqrv, @System@UnregisterModule$qqrp17System@TLibModule, @System@RegisterModule$qqrp17System@TLibModule, @System@FindHInstance$qqrpv, @System@@LStrFromPChar$qqrr17System@AnsiStringpc, @System@@LStrAsg$qqrpvpxv, @System@@LStrClr$qqrpv, @System@@HandleFinally$qqrv, @System@TObject@Dispatch$qqrpv, @System@TObject@$bdtr$qqrv, @System@TObject@FreeInstance$qqrv, @System@TObject@NewInstance$qqrp17System@TMetaClass, @System@IsMemoryManagerSet$qqrv, @System@SetMemoryManager$qqrrx21System@TMemoryManager, @System@IsMultiThread, @System@IsConsole, @System@ExitProc, @System@CmdLine, @System@IsLibrary, @System@MainInstance<br>> rtl60.bpl: @Types@initialization$qqrv, @Types@Finalization$qqrv<br>> rtl60.bpl: @Sysconst@initialization$qqrv, @Sysconst@Finalization$qqrv<br>> rtl60.bpl: @Sysutils@initialization$qqrv, @Sysutils@Finalization$qqrv<br>> rtl60.bpl: @Varutils@initialization$qqrv, @Varutils@Finalization$qqrv<br>> rtl60.bpl: @Variants@initialization$qqrv, @Variants@Finalization$qqrv<br>> rtl60.bpl: @Rtlconsts@initialization$qqrv, @Rtlconsts@Finalization$qqrv<br>> rtl60.bpl: @Typinfo@initialization$qqrv, @Typinfo@Finalization$qqrv, @Typinfo@DotSep, @Typinfo@BooleanIdents<br>> rtl60.bpl: @Activex@initialization$qqrv, @Activex@Finalization$qqrv<br>> rtl60.bpl: @Classes@initialization$qqrv, @Classes@Finalization$qqrv, @Classes@TComponent@UpdateRegistry$qqrp17System@TMetaClassox17System@AnsiStringt3, @Classes@TComponent@SafeCallException$qqrp14System@TObjectpv, @Classes@TComponent@WriteState$qqrp15Classes@TWriter, @Classes@TComponent@$bdtr$qqrv, @Classes@TPersistent@Assign$qqrp19Classes@TPersistent, @Classes@TPersistent@$bdtr$qqrv<br>> rtl60.bpl: @Math@initialization$qqrv, @Math@Finalization$qqrv<br>> rtl60.bpl: @Contnrs@initialization$qqrv, @Contnrs@Finalization$qqrv<br>> rtl60.bpl: @Strutils@initialization$qqrv, @Strutils@Finalization$qqrv<br>> rtl60.bpl: @Helpintfs@initialization$qqrv, @Helpintfs@Finalization$qqrv<br>> rtl60.bpl: @Flatsb@initialization$qqrv, @Flatsb@Finalization$qqrv<br>> rtl60.bpl: @Multimon@initialization$qqrv, @Multimon@Finalization$qqrv<br>> vcl60.bpl: @Consts@initialization$qqrv, @Consts@Finalization$qqrv<br>> vcl60.bpl: @Graphics@initialization$qqrv, @Graphics@Finalization$qqrv<br>> vcl60.bpl: @Printers@initialization$qqrv, @Printers@Finalization$qqrv<br>> vcl60.bpl: @Stdctrls@initialization$qqrv, @Stdctrls@Finalization$qqrv<br>> vcl60.bpl: @Extctrls@initialization$qqrv, @Extctrls@Finalization$qqrv<br>> vcl60.bpl: @Dialogs@initialization$qqrv, @Dialogs@Finalization$qqrv<br>> vcl60.bpl: @Clipbrd@initialization$qqrv, @Clipbrd@Finalization$qqrv<br>> vcl60.bpl: @Stdactns@initialization$qqrv, @Stdactns@Finalization$qqrv<br>> vcl60.bpl: @Winhelpviewer@initialization$qqrv, @Winhelpviewer@Finalization$qqrv<br>> vcl60.bpl: @Actnlist@initialization$qqrv, @Actnlist@Finalization$qqrv<br>> vcl60.bpl: @Forms@initialization$qqrv, @Forms@Finalization$qqrv, @Forms@TApplication@ShowException$qqrp18Sysutils@Exception, @Forms@TApplication@Terminate$qqrv, @Forms@TApplication@Run$qqrv, @Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv, @Forms@TApplication@Initialize$qqrv, @Forms@TCustomForm@QueryInterface$qqsrx5_GUIDpv, @Forms@TCustomForm@UpdateActions$qqrv, @Forms@TCustomForm@ShowModal$qqrv, @Forms@TCustomForm@SetFocus$qqrv, @Forms@TCustomForm@CloseQuery$qqrv, @Forms@TCustomForm@Resizing$qqr18Forms@TWindowState, @Forms@TCustomForm@PaintWindow$qqrui, @Forms@TCustomForm@SetFocusedControl$qqrp20Controls@TWinControl, @Forms@TCustomForm@DefaultHandler$qqrpv, @Forms@TCustomForm@DestroyWindowHandle$qqrv, @Forms@TCustomForm@CreateWindowHandle$qqrrx22Controls@TCreateParams, @Forms@TCustomForm@CreateWnd$qqrv, @Forms@TCustomForm@CreateParams$qqrr22Controls@TCreateParams, @Forms@TCustomForm@AlignControls$qqrp17Controls@TControlr11Types@TRect, @Forms@TCustomForm@WndProc$qqrr17Messages@TMessage, @Forms@TCustomForm@ValidateRename$qqrp18Classes@TComponentx17System@AnsiStringt2, @Forms@TCustomForm@SetParent$qqrp20Controls@TWinControl, @Forms@TCustomForm@WantChildKey$qqrp17Controls@TControlr17Messages@TMessage, @Forms@TCustomForm@SetParentBiDiMode$qqro, @Forms@TCustomForm@GetFloating$qqrv, @Forms@TCustomForm@GetClientRect$qqrv, @Forms@TCustomForm@DefineProperties$qqrp14Classes@TFiler, @Forms@TCustomForm@ReadState$qqrp15Classes@TReader, @Forms@TCustomForm@Notification$qqrp18Classes@TComponent18Classes@TOperation, @Forms@TCustomForm@Loaded$qqrv, @Forms@TCustomForm@DoDestroy$qqrv, @Forms@TCustomForm@DoCreate$qqrv, @Forms@TCustomForm@$bdtr$qqrv, @Forms@TCustomForm@BeforeDestruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponenti, @Forms@TCustomForm@AfterConstruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponent, @Forms@TScrollingWinControl@AdjustClientRect$qqrr11Types@TRect, @Forms@TScrollingWinControl@AutoScrollInView$qqrp17Controls@TControl, @Forms@TScrollingWinControl@AutoScrollEnabled$qqrv, @Forms@TScrollingWinControl@$bdtr$qqrv, @Forms@Application, @$xp$11Forms@TForm, @Forms@TForm@<br>> vcl60.bpl: @Imglist@initialization$qqrv, @Imglist@Finalization$qqrv<br>> vcl60.bpl: @Menus@initialization$qqrv, @Menus@Finalization$qqrv<br>> vcl60.bpl: @Controls@initialization$qqrv, @Controls@Finalization$qqrv, @Controls@TWinControl@CanAutoSize$qqrrit1, @Controls@TWinControl@AssignTo$qqrp19Classes@TPersistent, @Controls@TWinControl@ConstrainedResize$qqrrit1t1t1, @Controls@TWinControl@CanResize$qqrrit1, @Controls@TWinControl@GetClientOrigin$qqrv, @Controls@TWinControl@GetControlExtents$qqrv, @Controls@TWinControl@Repaint$qqrv, @Controls@TWinControl@Update$qqrv, @Controls@TWinControl@Invalidate$qqrv, @Controls@TWinControl@GetDeviceContext$qqrrui, @Controls@TWinControl@ShowControl$qqrp17Controls@TControl, @Controls@TWinControl@SetBounds$qqriiii, @Controls@TWinControl@CustomAlignPosition$qqrp17Controls@TControlrit2t2t2r11Types@TRectrx19Controls@TAlignInfo, @Controls@TWinControl@CustomAlignInsertBefore$qqrp17Controls@TControlt1, @Controls@TWinControl@CreateHandle$qqrv, @Controls@TWinControl@DestroyWnd$qqrv, @Controls@TWinControl@$bdtr$qqrv, @Controls@TControl@InitiateAction$qqrv, @Controls@TControl@GetFloatingDockSiteClass$qqrv, @Controls@TControl@SetBiDiMode$qqr17Classes@TBiDiMode, @Controls@TControl@SetEnabled$qqro, @Controls@TControl@SetName$qqrx17System@AnsiString, @Controls@TControl@SetAutoSize$qqro, @Controls@TControl@SetDragMode$qqr18Controls@TDragMode, @Controls@TControl@GetAction$qqrv, @Controls@TControl@GetEnabled$qqrv, @Controls@TControl@GetDragImages$qqrv, @Controls@TControl@$bdtr$qqrv<br>> BORLNDMM.DLL: -<br>> KERNEL32.DLL: FreeLibrary, GetCommandLineA, GetModuleHandleA, GetProcAddress, GetProcessHeap, HeapAlloc, HeapFree, WinExec<br>> CC3260MT.DLL: @$bdele$qpv, @_CatchCleanup$qv, @_InitTermAndUnexPtrs$qv, __ErrorExit, ___CRTL_MEM_GetBorMemPtrs, ___CRTL_MEM_UseBorMM, ___CRTL_TLS_Alloc, ___CRTL_TLS_ExitThread, ___CRTL_TLS_Free, ___CRTL_TLS_GetValue, ___CRTL_TLS_InitThread, ___CRTL_TLS_SetValue, ____ExceptionHandler, __argc, __argv, __argv_default_expand, __exitargv, __handle_exitargv, __handle_setargv, __handle_wexitargv, __handle_wsetargv, __matherr, __matherrl, __setargv, __startup, __wargv_default_expand, _memcpy<br><br>( 5 exports ) <br>@@Unit1@Finalize, @@Unit1@Initialize, _Form1, __GetExceptDLLinfo, ___CPPdebugHook<br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -

Information additionnelle
File size: 29656 bytes
MD5...: 6ca47b66a6f9d0b97c1ab84e3814a710
SHA1..: 95bf3665b0a409eb035513a2a163a0967a982de7
SHA256: 33bba590f069f3be6a6aa61c0d5ac4d8de5ecb3b89a140702f62073e649f5a99
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>VXD Driver (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x123c<br>timedatestamp.....: 0x467284b0 (Fri Jun 15 12:23:12 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2000 0x1a00 5.61 7ac92b46bed5f946cc41a3dbf58a2f74<br>.data 0x3000 0x1000 0x600 3.96 56b7f83ed14c9b520d855acac0c1736a<br>.tls 0x4000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0x5000 0x1000 0x200 0.19 5079358b468fb1d24e6110edc0bb2d70<br>.idata 0x6000 0x3000 0x2800 4.87 311355e06fd99c4ae1f4099ef595f23c<br>.edata 0x9000 0x1000 0x200 1.98 51f2e2f8527262db462000b71cfa6ec9<br>.rsrc 0xa000 0x1000 0x600 4.43 438c6f7fab110d25cd6c46acb698111d<br>.reloc 0xb000 0x1000 0x600 5.67 f359566e3a4b99c505a32748be5a2f27<br><br>( 33 imports ) <br>> rtl60.bpl: @System@initialization$qqrv, @System@Finalization$qqrv, @System@UnregisterModule$qqrp17System@TLibModule, @System@RegisterModule$qqrp17System@TLibModule, @System@FindHInstance$qqrpv, @System@@LStrFromPChar$qqrr17System@AnsiStringpc, @System@@LStrAsg$qqrpvpxv, @System@@LStrClr$qqrpv, @System@@HandleFinally$qqrv, @System@TObject@Dispatch$qqrpv, @System@TObject@$bdtr$qqrv, @System@TObject@FreeInstance$qqrv, @System@TObject@NewInstance$qqrp17System@TMetaClass, @System@IsMemoryManagerSet$qqrv, @System@SetMemoryManager$qqrrx21System@TMemoryManager, @System@IsMultiThread, @System@IsConsole, @System@ExitProc, @System@CmdLine, @System@IsLibrary, @System@MainInstance<br>> rtl60.bpl: @Types@initialization$qqrv, @Types@Finalization$qqrv<br>> rtl60.bpl: @Sysconst@initialization$qqrv, @Sysconst@Finalization$qqrv<br>> rtl60.bpl: @Sysutils@initialization$qqrv, @Sysutils@Finalization$qqrv<br>> rtl60.bpl: @Varutils@initialization$qqrv, @Varutils@Finalization$qqrv<br>> rtl60.bpl: @Variants@initialization$qqrv, @Variants@Finalization$qqrv<br>> rtl60.bpl: @Rtlconsts@initialization$qqrv, @Rtlconsts@Finalization$qqrv<br>> rtl60.bpl: @Typinfo@initialization$qqrv, @Typinfo@Finalization$qqrv, @Typinfo@DotSep, @Typinfo@BooleanIdents<br>> rtl60.bpl: @Activex@initialization$qqrv, @Activex@Finalization$qqrv<br>> rtl60.bpl: @Classes@initialization$qqrv, @Classes@Finalization$qqrv, @Classes@TComponent@UpdateRegistry$qqrp17System@TMetaClassox17System@AnsiStringt3, @Classes@TComponent@SafeCallException$qqrp14System@TObjectpv, @Classes@TComponent@WriteState$qqrp15Classes@TWriter, @Classes@TComponent@$bdtr$qqrv, @Classes@TPersistent@Assign$qqrp19Classes@TPersistent, @Classes@TPersistent@$bdtr$qqrv<br>> rtl60.bpl: @Math@initialization$qqrv, @Math@Finalization$qqrv<br>> rtl60.bpl: @Contnrs@initialization$qqrv, @Contnrs@Finalization$qqrv<br>> rtl60.bpl: @Strutils@initialization$qqrv, @Strutils@Finalization$qqrv<br>> rtl60.bpl: @Helpintfs@initialization$qqrv, @Helpintfs@Finalization$qqrv<br>> rtl60.bpl: @Flatsb@initialization$qqrv, @Flatsb@Finalization$qqrv<br>> rtl60.bpl: @Multimon@initialization$qqrv, @Multimon@Finalization$qqrv<br>> vcl60.bpl: @Consts@initialization$qqrv, @Consts@Finalization$qqrv<br>> vcl60.bpl: @Graphics@initialization$qqrv, @Graphics@Finalization$qqrv<br>> vcl60.bpl: @Printers@initialization$qqrv, @Printers@Finalization$qqrv<br>> vcl60.bpl: @Stdctrls@initialization$qqrv, @Stdctrls@Finalization$qqrv<br>> vcl60.bpl: @Extctrls@initialization$qqrv, @Extctrls@Finalization$qqrv<br>> vcl60.bpl: @Dialogs@initialization$qqrv, @Dialogs@Finalization$qqrv<br>> vcl60.bpl: @Clipbrd@initialization$qqrv, @Clipbrd@Finalization$qqrv<br>> vcl60.bpl: @Stdactns@initialization$qqrv, @Stdactns@Finalization$qqrv<br>> vcl60.bpl: @Winhelpviewer@initialization$qqrv, @Winhelpviewer@Finalization$qqrv<br>> vcl60.bpl: @Actnlist@initialization$qqrv, @Actnlist@Finalization$qqrv<br>> vcl60.bpl: @Forms@initialization$qqrv, @Forms@Finalization$qqrv, @Forms@TApplication@ShowException$qqrp18Sysutils@Exception, @Forms@TApplication@Terminate$qqrv, @Forms@TApplication@Run$qqrv, @Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv, @Forms@TApplication@Initialize$qqrv, @Forms@TCustomForm@QueryInterface$qqsrx5_GUIDpv, @Forms@TCustomForm@UpdateActions$qqrv, @Forms@TCustomForm@ShowModal$qqrv, @Forms@TCustomForm@SetFocus$qqrv, @Forms@TCustomForm@CloseQuery$qqrv, @Forms@TCustomForm@Resizing$qqr18Forms@TWindowState, @Forms@TCustomForm@PaintWindow$qqrui, @Forms@TCustomForm@SetFocusedControl$qqrp20Controls@TWinControl, @Forms@TCustomForm@DefaultHandler$qqrpv, @Forms@TCustomForm@DestroyWindowHandle$qqrv, @Forms@TCustomForm@CreateWindowHandle$qqrrx22Controls@TCreateParams, @Forms@TCustomForm@CreateWnd$qqrv, @Forms@TCustomForm@CreateParams$qqrr22Controls@TCreateParams, @Forms@TCustomForm@AlignControls$qqrp17Controls@TControlr11Types@TRect, @Forms@TCustomForm@WndProc$qqrr17Messages@TMessage, @Forms@TCustomForm@ValidateRename$qqrp18Classes@TComponentx17System@AnsiStringt2, @Forms@TCustomForm@SetParent$qqrp20Controls@TWinControl, @Forms@TCustomForm@WantChildKey$qqrp17Controls@TControlr17Messages@TMessage, @Forms@TCustomForm@SetParentBiDiMode$qqro, @Forms@TCustomForm@GetFloating$qqrv, @Forms@TCustomForm@GetClientRect$qqrv, @Forms@TCustomForm@DefineProperties$qqrp14Classes@TFiler, @Forms@TCustomForm@ReadState$qqrp15Classes@TReader, @Forms@TCustomForm@Notification$qqrp18Classes@TComponent18Classes@TOperation, @Forms@TCustomForm@Loaded$qqrv, @Forms@TCustomForm@DoDestroy$qqrv, @Forms@TCustomForm@DoCreate$qqrv, @Forms@TCustomForm@$bdtr$qqrv, @Forms@TCustomForm@BeforeDestruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponenti, @Forms@TCustomForm@AfterConstruction$qqrv, @Forms@TCustomForm@$bctr$qqrp18Classes@TComponent, @Forms@TScrollingWinControl@AdjustClientRect$qqrr11Types@TRect, @Forms@TScrollingWinControl@AutoScrollInView$qqrp17Controls@TControl, @Forms@TScrollingWinControl@AutoScrollEnabled$qqrv, @Forms@TScrollingWinControl@$bdtr$qqrv, @Forms@Application, @$xp$11Forms@TForm, @Forms@TForm@<br>> vcl60.bpl: @Imglist@initialization$qqrv, @Imglist@Finalization$qqrv<br>> vcl60.bpl: @Menus@initialization$qqrv, @Menus@Finalization$qqrv<br>> vcl60.bpl: @Controls@initialization$qqrv, @Controls@Finalization$qqrv, @Controls@TWinControl@CanAutoSize$qqrrit1, @Controls@TWinControl@AssignTo$qqrp19Classes@TPersistent, @Controls@TWinControl@ConstrainedResize$qqrrit1t1t1, @Controls@TWinControl@CanResize$qqrrit1, @Controls@TWinControl@GetClientOrigin$qqrv, @Controls@TWinControl@GetControlExtents$qqrv, @Controls@TWinControl@Repaint$qqrv, @Controls@TWinControl@Update$qqrv, @Controls@TWinControl@Invalidate$qqrv, @Controls@TWinControl@GetDeviceContext$qqrrui, @Controls@TWinControl@ShowControl$qqrp17Controls@TControl, @Controls@TWinControl@SetBounds$qqriiii, @Controls@TWinControl@CustomAlignPosition$qqrp17Controls@TControlrit2t2t2r11Types@TRectrx19Controls@TAlignInfo, @Controls@TWinControl@CustomAlignInsertBefore$qqrp17Controls@TControlt1, @Controls@TWinControl@CreateHandle$qqrv, @Controls@TWinControl@DestroyWnd$qqrv, @Controls@TWinControl@$bdtr$qqrv, @Controls@TControl@InitiateAction$qqrv, @Controls@TControl@GetFloatingDockSiteClass$qqrv, @Controls@TControl@SetBiDiMode$qqr17Classes@TBiDiMode, @Controls@TControl@SetEnabled$qqro, @Controls@TControl@SetName$qqrx17System@AnsiString, @Controls@TControl@SetAutoSize$qqro, @Controls@TControl@SetDragMode$qqr18Controls@TDragMode, @Controls@TControl@GetAction$qqrv, @Controls@TControl@GetEnabled$qqrv, @Controls@TControl@GetDragImages$qqrv, @Controls@TControl@$bdtr$qqrv<br>> BORLNDMM.DLL: -<br>> KERNEL32.DLL: FreeLibrary, GetCommandLineA, GetModuleHandleA, GetProcAddress, GetProcessHeap, HeapAlloc, HeapFree, WinExec<br>> CC3260MT.DLL: @$bdele$qpv, @_CatchCleanup$qv, @_InitTermAndUnexPtrs$qv, __ErrorExit, ___CRTL_MEM_GetBorMemPtrs, ___CRTL_MEM_UseBorMM, ___CRTL_TLS_Alloc, ___CRTL_TLS_ExitThread, ___CRTL_TLS_Free, ___CRTL_TLS_GetValue, ___CRTL_TLS_InitThread, ___CRTL_TLS_SetValue, ____ExceptionHandler, __argc, __argv, __argv_default_expand, __exitargv, __handle_exitargv, __handle_setargv, __handle_wexitargv, __handle_wsetargv, __matherr, __matherrl, __setargv, __startup, __wargv_default_expand, _memcpy<br><br>( 5 exports ) <br>@@Unit1@Finalize, @@Unit1@Initialize, _Form1, __GetExceptDLLinfo, ___CPPdebugHook<br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-





Fichier wb.ini reçu le 2009.03.05 15:34:41 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.05 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.100 2009.03.05 -
Authentium 5.1.0.4 2009.03.04 -
Avast 4.8.1335.0 2009.03.05 -
AVG 8.0.0.237 2009.03.05 -
BitDefender 7.2 2009.03.05 -
CAT-QuickHeal 10.00 2009.03.05 -
ClamAV 0.94.1 2009.03.05 -
Comodo 1027 2009.03.05 -
DrWeb 4.44.0.09170 2009.03.05 -
eSafe 7.0.17.0 2009.03.04 -
eTrust-Vet 31.6.6382 2009.03.05 -
F-Prot 4.4.4.56 2009.03.04 -
F-Secure 8.0.14470.0 2009.03.05 -
Fortinet 3.117.0.0 2009.03.05 -
GData 19 2009.03.05 -
Ikarus T3.1.1.45.0 2009.03.05 -
K7AntiVirus 7.10.657 2009.03.04 -
Kaspersky 7.0.0.125 2009.03.05 -
McAfee 5543 2009.03.04 -
McAfee+Artemis 5543 2009.03.04 -
Microsoft 1.4405 2009.03.05 -
NOD32 3910 2009.03.05 -
Norman 6.00.06 2009.03.05 -
nProtect 2009.1.8.0 2009.03.05 -
Panda 10.0.0.10 2009.03.05 -
PCTools 4.4.2.0 2009.03.05 -
Prevx1 V2 2009.03.05 -
Rising 21.19.32.00 2009.03.05 -
SecureWeb-Gateway 6.7.6 2009.03.05 -
Sophos 4.39.0 2009.03.05 -
Sunbelt 3.2.1858.2 2009.03.05 -
Symantec 10 2009.03.05 -
TheHacker 6.3.2.7.272 2009.03.05 -
TrendMicro 8.700.0.1004 2009.03.05 -
VBA32 3.12.10.1 2009.03.05 -
ViRobot 2009.3.5.1635 2009.03.05 -
VirusBuster 4.5.11.0 2009.03.04 -
Information additionnelle
File size: 56 bytes
MD5   : 284cffc287fc1a919faeb3ac22e3a47e
SHA1  : 0b0dc06404d742fa09988aa4da4a46b57e9c5cf3
SHA256: 093eb3093bd62a872ce2d268c500859875e7c4f0e6cece3c5081a8eb876a6ee7
TrID  : File type identification<br>Generic INI configuration (100.0%)
ssdeep: 3:JJ11ERNLfFjSWAyghnI:H1yEHygxI
PEiD  : -
RDS   : NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.05 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.100 2009.03.05 -
Authentium 5.1.0.4 2009.03.04 -
Avast 4.8.1335.0 2009.03.05 -
AVG 8.0.0.237 2009.03.05 -
BitDefender 7.2 2009.03.05 -
CAT-QuickHeal 10.00 2009.03.05 -
ClamAV 0.94.1 2009.03.05 -
Comodo 1027 2009.03.05 -
DrWeb 4.44.0.09170 2009.03.05 -
eSafe 7.0.17.0 2009.03.04 -
eTrust-Vet 31.6.6382 2009.03.05 -
F-Prot 4.4.4.56 2009.03.04 -
F-Secure 8.0.14470.0 2009.03.05 -
Fortinet 3.117.0.0 2009.03.05 -
GData 19 2009.03.05 -
Ikarus T3.1.1.45.0 2009.03.05 -
K7AntiVirus 7.10.657 2009.03.04 -
Kaspersky 7.0.0.125 2009.03.05 -
McAfee 5543 2009.03.04 -
McAfee+Artemis 5543 2009.03.04 -
Microsoft 1.4405 2009.03.05 -
NOD32 3910 2009.03.05 -
Norman 6.00.06 2009.03.05 -
nProtect 2009.1.8.0 2009.03.05 -
Panda 10.0.0.10 2009.03.05 -
PCTools 4.4.2.0 2009.03.05 -
Prevx1 V2 2009.03.05 -
Rising 21.19.32.00 2009.03.05 -
SecureWeb-Gateway 6.7.6 2009.03.05 -
Sophos 4.39.0 2009.03.05 -
Sunbelt 3.2.1858.2 2009.03.05 -
Symantec 10 2009.03.05 -
TheHacker 6.3.2.7.272 2009.03.05 -
TrendMicro 8.700.0.1004 2009.03.05 -
VBA32 3.12.10.1 2009.03.05 -
ViRobot 2009.3.5.1635 2009.03.05 -
VirusBuster 4.5.11.0 2009.03.04 -

Information additionnelle
File size: 56 bytes
MD5   : 284cffc287fc1a919faeb3ac22e3a47e
SHA1  : 0b0dc06404d742fa09988aa4da4a46b57e9c5cf3
SHA256: 093eb3093bd62a872ce2d268c500859875e7c4f0e6cece3c5081a8eb876a6ee7
TrID  : File type identification<br>Generic INI configuration (100.0%)
ssdeep: 3:JJ11ERNLfFjSWAyghnI:H1yEHygxI
PEiD  : -
RDS   : NSRL Reference Data Set<br>-





Fichier err.txt reçu le 2009.06.03 00:05:25 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
Information additionnelle
File size: 504 bytes
MD5...: 2cb023071ae421d7fc0d3c57d537175c
SHA1..: 059da743bb0a85672650ce7636cbd2a1fdb4fddb
SHA256: 8ad4ade5e7ad852d6dd20a4b82951c2643d71037429426283201f798c5099d87
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -

Information additionnelle
File size: 504 bytes
MD5...: 2cb023071ae421d7fc0d3c57d537175c
SHA1..: 059da743bb0a85672650ce7636cbd2a1fdb4fddb
SHA256: 8ad4ade5e7ad852d6dd20a4b82951c2643d71037429426283201f798c5099d87
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-







Pour le dernier il a détecter un truc



Fichier asr_ldm.exe reçu le 2009.06.03 00:06:48 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 Win32/Virut
BitDefender 7.2 2009.06.03 Gen:Malware.Heur.3004FBEBEB
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 Gen:Malware.Heur.3004FBEBEB
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 Heuristic.Malware
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 Suspicious file
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
Information additionnelle
File size: 55215 bytes
MD5...: b7049a6305366bf3c26e5ddf9248b9a7
SHA1..: c3090642e67c3234a73d145560b979de548ff2c3
SHA256: fd0290bd1112fec8363050d928f8ee813a882b3b78bfaa615a1eed41b1dc8cc0
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2e51<br>timedatestamp.....: 0x3b7d85b2 (Fri Aug 17 20:59:30 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x26ea 0x2800 5.88 d912a5230d043f630f3970cc66989666<br>.data 0x4000 0x2c 0x200 0.02 9475a59226943a3ad422e18169989f66<br>.rsrc 0x5000 0xa9af 0xa9af 5.15 448531c5d7a0d7026e640caa802f7366<br><br>( 7 imports ) <br>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, __winitenv, exit, _XcptFilter, _exit, _c_exit, _wfopen, fgetws, fwscanf, fgetwc, fread, fclose, wcsncmp, atol, wcscpy, _except_handler3, _cexit, swprintf, _wcsicmp, wcsstr, wcsncpy, wprintf, wcslen, swscanf<br>> ADVAPI32.dll: LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges<br>> KERNEL32.dll: HeapFree, GetProcessHeap, GetModuleHandleW, GetModuleHandleA, LoadLibraryW, GetProcAddress, FreeLibrary, OutputDebugStringW, GetLocalTime, WriteFile, SetFilePointer, ExpandEnvironmentStringsW, GetEnvironmentVariableW, HeapAlloc, CreateFileW, DeviceIoControl, CreateThread, WaitForSingleObject, GetCurrentProcess, GetLastError, CloseHandle, ExitThread, SetLastError<br>> USER32.dll: MessageBoxW, LoadStringW<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree<br>> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList<br>> SYSSETUP.dll: AsrAddSifEntryW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.02 -
AVG 8.5.0.339 2009.06.02 Win32/Virut
BitDefender 7.2 2009.06.03 Gen:Malware.Heur.3004FBEBEB
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1239 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6536 2009.06.02 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 Gen:Malware.Heur.3004FBEBEB
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5634 2009.06.02 -
McAfee-GW-Edition 6.7.6 2009.05.29 Heuristic.Malware
Microsoft 1.4701 2009.06.02 -
NOD32 4124 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.02 Suspicious file
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.337 2009.06.02 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -

Information additionnelle
File size: 55215 bytes
MD5...: b7049a6305366bf3c26e5ddf9248b9a7
SHA1..: c3090642e67c3234a73d145560b979de548ff2c3
SHA256: fd0290bd1112fec8363050d928f8ee813a882b3b78bfaa615a1eed41b1dc8cc0
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2e51<br>timedatestamp.....: 0x3b7d85b2 (Fri Aug 17 20:59:30 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x26ea 0x2800 5.88 d912a5230d043f630f3970cc66989666<br>.data 0x4000 0x2c 0x200 0.02 9475a59226943a3ad422e18169989f66<br>.rsrc 0x5000 0xa9af 0xa9af 5.15 448531c5d7a0d7026e640caa802f7366<br><br>( 7 imports ) <br>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, __winitenv, exit, _XcptFilter, _exit, _c_exit, _wfopen, fgetws, fwscanf, fgetwc, fread, fclose, wcsncmp, atol, wcscpy, _except_handler3, _cexit, swprintf, _wcsicmp, wcsstr, wcsncpy, wprintf, wcslen, swscanf<br>> ADVAPI32.dll: LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges<br>> KERNEL32.dll: HeapFree, GetProcessHeap, GetModuleHandleW, GetModuleHandleA, LoadLibraryW, GetProcAddress, FreeLibrary, OutputDebugStringW, GetLocalTime, WriteFile, SetFilePointer, ExpandEnvironmentStringsW, GetEnvironmentVariableW, HeapAlloc, CreateFileW, DeviceIoControl, CreateThread, WaitForSingleObject, GetCurrentProcess, GetLastError, CloseHandle, ExitThread, SetLastError<br>> USER32.dll: MessageBoxW, LoadStringW<br>> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree<br>> SETUPAPI.dll: SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList<br>> SYSSETUP.dll: AsrAddSifEntryW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-


je vais faire l'analyse otm je te la post après


0
Réponse 26 / 44
Utilisateur anonyme
 
C:\WINDOWS\system32\asr_ldm.exe

supprime ca manuellement c'est ton virut
0
Réponse 27 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
tiens le rapport
otm

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver nProtect GameGuard Service not found.
Service\Driver nProtect GameGuard Service not found.
Service\Driver nProtect GameGuard Service not found.
Service\Driver npggsvc deleted successfully.
Service\Driver am18klf1 not found.
Service\Driver key am18klf1 deleted successfully.
========== FILES ==========
C:\WINDOWS\003021_.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\system32\GameMon.des moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PWRISOVM.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\\??\C:\WINDOWS\system32\winlogon.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Spoon\LOCALS~1\Temp\etilqs_YFtDtnvIBKP4a0gYzPsi scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.0 log created on 04032009_021236

Files moved on Reboot...
File C:\DOCUME~1\Spoon\LOCALS~1\Temp\etilqs_YFtDtnvIBKP4a0gYzPsi not found!
C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Spoon\Local Settings\Application Data\Mozilla\Firefox\Profiles\cy1b2bgf.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...



oui j'ai vu je vais le supprimer ce qui est bizar c'est qu'il ne s'est pas propager lui (tant mieu :)
0
Réponse 28 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
j'ai fais nettoyer l'analyse avec antivir des 293 virus pour finir

je dois faire autre chose?

merci en tous cas jusque la

par contre quand j'ai supprimé le fichier infecter j'ai eu une erreur windows
j'ai redemarré et la pas d'erreur sa a l'air d aller
0
Réponse 29 / 44
Utilisateur anonyme
 
fais un complet avec MBAM à jour
0
Réponse 30 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
en mode sans echec?
je desactive l'antivirus ?
0
Réponse 31 / 44
Utilisateur anonyme
 
oui en Mse (d abord a jour en normal bien sur)
0
Réponse 32 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
sa a l'air bon gen hackman pour le moment malwarebytes ne détecte rien et antivir tous a l'heue à pas regueulé

je vais attendre la fin de l'analyse
0
Réponse 33 / 44
Utilisateur anonyme
 
oui avant de crier victoire!!! :)

lol le resident d antivir n est pas actif en Mode sans echec
0
Réponse 34 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
*sourire au lèvre*
toujours rien avec mlawarebytes
0
Réponse 35 / 44
Utilisateur anonyme
 
je te conseille de virer IDM c'est bidon
0
Réponse 36 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
il m'aide bien dans certain cas je vais utiliser une autre methode pour qu'il marche plus longtemps on va dire :D
0
Réponse 37 / 44
Utilisateur anonyme
 
quand mbam sera fini ,tu renverras rsit ,apres son rapport(s il trouve rien laisse tomber le rapport).
0
Réponse 38 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
ok c'est clean merci de ton aide
bonne nuit
0
Réponse 39 / 44
Utilisateur anonyme
 
renvoies quand meme un rsit demain on sait jamais ce qu il peut rester qu on ait pas vu :)
0
Réponse 40 / 44
Polonwn Messages postés 11676 Date d'inscription   Statut Contributeur Dernière intervention   1 434
 
oki je te le fait maintenant meme
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses
impossible de terminer l’opération car virus Win 7
Slipt -
Malekal_morte- -

2 réponses