Processus OYQEY.EXE
Résolu
Gafda
Messages postés
181
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, depuis peut j'ai un processus bizare qui tourne en permanence (il se nomme oyqey.exe) et il prends la moitiée de la ressours alors est-ce que c'est un virus et si oui comment l'enlever ??
MERCI
MERCI
A voir également:
- Processus OYQEY.EXE
- Processus inactif du systeme ✓ - Forum Windows
- Processus déclaration tva rapport de stage ✓ - Forum compta / gestion
- Processus d'execution client serveur - Forum Windows 10
- Echec de l'initialisation du processus de connexion interactive - Forum Windows 7
- Processus hote windows rundll32 c'est quoi - Forum Virus
50 réponses
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok http://www.cijoint.fr/cjlink.php?file=cj200907/cijYvBgaRw.txt
et pour le extra
http://www.cijoint.fr/cjlink.php?file=cj200907/cij85FUM2K.txt
Voila !
et pour le extra
http://www.cijoint.fr/cjlink.php?file=cj200907/cij85FUM2K.txt
Voila !
oui mais du coup il y a dessus les infections que vient de te virer l'autre programme ce qui ne veut plus rien dire :)
tu peux m'en refaire un neuf ?? merci
tu peux m'en refaire un neuf ?? merci
VOICI LE SCAN DE
ext2fs.sys
Fichier ext2fs.sys reçu le 2009.07.13 19:00:08 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 132736 bytes
MD5...: 948b9b45076b1d347a27abbf29a209c9
SHA1..: 41f1099047e4e9b649d666c631a3b94591f0bdda
SHA256: 9a80a0e3bd76af85fe4a9eb20925ca002ae7c8f6a9c7855e79d3862bf8a8620c
ssdeep: 3072:q8Tonbx1Gy3xUCd9j/gAf1kCVeUYEY/pvmRzYPbgs4:qZnbx1PmCd5/gAfD<br>eUYHoRzYzU<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1d800<br>timedatestamp.....: 0x453cf9da (Mon Oct 23 17:20:26 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x3db6 0x3e00 6.36 21fc4ef1904f99ea5415bad2fff2aec2<br>.rdata 0x4280 0x2b6e 0x2b80 4.25 48f10759b78bac565a93760a4c15a0d3<br>.data 0x6e00 0x170 0x180 1.66 469d78c56bcb13e9efb7cb9e8380e1c6<br>PAGE 0x6f80 0x16823 0x16880 6.31 482ae480acee9e873dad8f36901cc011<br>INIT 0x1d800 0x1324 0x1380 5.66 0eb5ba9a83a369b716b07d8936d3515c<br>.rsrc 0x1eb80 0x308 0x380 2.92 0d2c255c171017b78f62dcb6abc1fa29<br>.reloc 0x1ef00 0x1776 0x1780 6.22 01c93b73f9b7aaa07200ae62e88c7b27<br><br>( 2 imports ) <br>> ntoskrnl.exe: ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, _except_handler3, RtlRealSuccessor, KeWaitForSingleObject, RtlSplay, RtlDelete, KeSetEvent, FsRtlUninitializeFileLock, ExDeleteResourceLite, FsRtlInitializeOplock, FsRtlInitializeFileLock, ExInitializeResourceLite, KeInitializeSpinLock, ExReleaseResourceForThreadLite, KeGetCurrentThread, ExAcquireResourceSharedLite, CcZeroData, ExAcquireResourceExclusiveLite, MmFlushImageSection, FsRtlOplockFsctrl, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoGetCurrentProcess, FsRtlOplockIsFastIoPossible, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlUninitializeOplock, ObfDereferenceObject, IoCreateStreamFileObject, FsRtlCheckOplock, MmQuerySystemSize, IoRemoveShareAccess, IoGetRequestorProcess, IoSetShareAccess, IoUpdateShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ExIsResourceAcquiredExclusiveLite, MmCanFileBeTruncated, FsRtlProcessFileLock, CcFlushCache, MmIsRecursiveIoFault, CcCopyRead, CcMdlRead, KeBugCheckEx, FsRtlCheckLockForReadAccess, CcMdlReadComplete, CcCopyWrite, CcPrepareMdlWrite, CcPurgeCacheSection, FsRtlCheckLockForWriteAccess, CcCanIWrite, CcMdlWriteComplete, CcSetDirtyPinnedData, CcUnpinData, CcPinRead, CcPreparePinWrite, _allshl, KeInitializeMutex, RtlSecondsSince1970ToTime, SeSinglePrivilegeCheck, RtlOemStringToCountedUnicodeString, RtlUnicodeStringToOemString, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlEqualUnicodeString, RtlInitUnicodeString, RtlxOemStringToUnicodeSize, FsRtlNotifyVolumeEvent, FsRtlAreNamesEqual, KeInitializeEvent, KeReleaseMutex, FsRtlDoesNameContainWildCards, RtlUpcaseUnicodeString, RtlCopyString, IoGetStackLimits, FsRtlPostStackOverflow, KeLeaveCriticalRegion, KeEnterCriticalRegion, FsRtlPostPagingFileStackOverflow, ExFreePoolWithTag, ExAllocatePoolWithTag, RtlQueryRegistryValues, FsRtlLegalAnsiCharacterArray, IoDeleteDevice, IoCreateDevice, ObReferenceObjectByHandle, IoFileObjectType, IofCallDriver, IoBuildDeviceIoControlRequest, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyCleanup, FsRtlNotifyUninitializeSync, FsRtlTeardownPerStreamContexts, IoSetHardErrorOrVerifyDevice, FsRtlDissectName, KeSetTimer, RtlTimeToSecondsSince1970, KeQuerySystemTime, CcIsThereDirtyData, IoSetTopLevelIrp, ExQueueWorkItem, IoBuildSynchronousFsdRequest, ObfReferenceObject, FsRtlNotifyInitializeSync, KeInitializeDpc, KeInitializeTimer, _aullshr, ExAllocatePoolWithQuotaTag, RtlCompareMemory, RtlFreeOemString, _allmul, FsRtlUninitializeMcb, FsRtlLookupMcbEntry, FsRtlAddMcbEntry, FsRtlTruncateMcb, FsRtlInitializeMcb, IoRegisterFileSystem, FsRtlCopyRead, FsRtlCopyWrite, IoGetRelatedDeviceObject, IoIsOperationSynchronous, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IoRaiseHardError, IoSetDeviceToVerify, IoGetDeviceToVerify, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoGetTopLevelIrp, IoVerifyVolume, CcSetFileSizes, CcInitializeCacheMap, CcUninitializeCacheMap, IoMakeAssociatedIrp, IoFreeIrp, ExIsResourceAcquiredSharedLite, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, RtlCompareMemoryUlong, KeInsertQueueDpc, InterlockedPushEntrySList, InterlockedPopEntrySList, FsRtlIsNtstatusExpected, FsRtlNormalizeNtstatus, FsRtlIsNameInExpression, ExRaiseStatus<br>> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 132736 bytes
MD5...: 948b9b45076b1d347a27abbf29a209c9
SHA1..: 41f1099047e4e9b649d666c631a3b94591f0bdda
SHA256: 9a80a0e3bd76af85fe4a9eb20925ca002ae7c8f6a9c7855e79d3862bf8a8620c
ssdeep: 3072:q8Tonbx1Gy3xUCd9j/gAf1kCVeUYEY/pvmRzYPbgs4:qZnbx1PmCd5/gAfD<br>eUYHoRzYzU<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1d800<br>timedatestamp.....: 0x453cf9da (Mon Oct 23 17:20:26 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x3db6 0x3e00 6.36 21fc4ef1904f99ea5415bad2fff2aec2<br>.rdata 0x4280 0x2b6e 0x2b80 4.25 48f10759b78bac565a93760a4c15a0d3<br>.data 0x6e00 0x170 0x180 1.66 469d78c56bcb13e9efb7cb9e8380e1c6<br>PAGE 0x6f80 0x16823 0x16880 6.31 482ae480acee9e873dad8f36901cc011<br>INIT 0x1d800 0x1324 0x1380 5.66 0eb5ba9a83a369b716b07d8936d3515c<br>.rsrc 0x1eb80 0x308 0x380 2.92 0d2c255c171017b78f62dcb6abc1fa29<br>.reloc 0x1ef00 0x1776 0x1780 6.22 01c93b73f9b7aaa07200ae62e88c7b27<br><br>( 2 imports ) <br>> ntoskrnl.exe: ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, _except_handler3, RtlRealSuccessor, KeWaitForSingleObject, RtlSplay, RtlDelete, KeSetEvent, FsRtlUninitializeFileLock, ExDeleteResourceLite, FsRtlInitializeOplock, FsRtlInitializeFileLock, ExInitializeResourceLite, KeInitializeSpinLock, ExReleaseResourceForThreadLite, KeGetCurrentThread, ExAcquireResourceSharedLite, CcZeroData, ExAcquireResourceExclusiveLite, MmFlushImageSection, FsRtlOplockFsctrl, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoGetCurrentProcess, FsRtlOplockIsFastIoPossible, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlUninitializeOplock, ObfDereferenceObject, IoCreateStreamFileObject, FsRtlCheckOplock, MmQuerySystemSize, IoRemoveShareAccess, IoGetRequestorProcess, IoSetShareAccess, IoUpdateShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ExIsResourceAcquiredExclusiveLite, MmCanFileBeTruncated, FsRtlProcessFileLock, CcFlushCache, MmIsRecursiveIoFault, CcCopyRead, CcMdlRead, KeBugCheckEx, FsRtlCheckLockForReadAccess, CcMdlReadComplete, CcCopyWrite, CcPrepareMdlWrite, CcPurgeCacheSection, FsRtlCheckLockForWriteAccess, CcCanIWrite, CcMdlWriteComplete, CcSetDirtyPinnedData, CcUnpinData, CcPinRead, CcPreparePinWrite, _allshl, KeInitializeMutex, RtlSecondsSince1970ToTime, SeSinglePrivilegeCheck, RtlOemStringToCountedUnicodeString, RtlUnicodeStringToOemString, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlEqualUnicodeString, RtlInitUnicodeString, RtlxOemStringToUnicodeSize, FsRtlNotifyVolumeEvent, FsRtlAreNamesEqual, KeInitializeEvent, KeReleaseMutex, FsRtlDoesNameContainWildCards, RtlUpcaseUnicodeString, RtlCopyString, IoGetStackLimits, FsRtlPostStackOverflow, KeLeaveCriticalRegion, KeEnterCriticalRegion, FsRtlPostPagingFileStackOverflow, ExFreePoolWithTag, ExAllocatePoolWithTag, RtlQueryRegistryValues, FsRtlLegalAnsiCharacterArray, IoDeleteDevice, IoCreateDevice, ObReferenceObjectByHandle, IoFileObjectType, IofCallDriver, IoBuildDeviceIoControlRequest, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyCleanup, FsRtlNotifyUninitializeSync, FsRtlTeardownPerStreamContexts, IoSetHardErrorOrVerifyDevice, FsRtlDissectName, KeSetTimer, RtlTimeToSecondsSince1970, KeQuerySystemTime, CcIsThereDirtyData, IoSetTopLevelIrp, ExQueueWorkItem, IoBuildSynchronousFsdRequest, ObfReferenceObject, FsRtlNotifyInitializeSync, KeInitializeDpc, KeInitializeTimer, _aullshr, ExAllocatePoolWithQuotaTag, RtlCompareMemory, RtlFreeOemString, _allmul, FsRtlUninitializeMcb, FsRtlLookupMcbEntry, FsRtlAddMcbEntry, FsRtlTruncateMcb, FsRtlInitializeMcb, IoRegisterFileSystem, FsRtlCopyRead, FsRtlCopyWrite, IoGetRelatedDeviceObject, IoIsOperationSynchronous, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IoRaiseHardError, IoSetDeviceToVerify, IoGetDeviceToVerify, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoGetTopLevelIrp, IoVerifyVolume, CcSetFileSizes, CcInitializeCacheMap, CcUninitializeCacheMap, IoMakeAssociatedIrp, IoFreeIrp, ExIsResourceAcquiredSharedLite, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, RtlCompareMemoryUlong, KeInsertQueueDpc, InterlockedPushEntrySList, InterlockedPopEntrySList, FsRtlIsNtstatusExpected, FsRtlNormalizeNtstatus, FsRtlIsNameInExpression, ExRaiseStatus<br>> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ext2fs.sys
Fichier ext2fs.sys reçu le 2009.07.13 19:00:08 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 132736 bytes
MD5...: 948b9b45076b1d347a27abbf29a209c9
SHA1..: 41f1099047e4e9b649d666c631a3b94591f0bdda
SHA256: 9a80a0e3bd76af85fe4a9eb20925ca002ae7c8f6a9c7855e79d3862bf8a8620c
ssdeep: 3072:q8Tonbx1Gy3xUCd9j/gAf1kCVeUYEY/pvmRzYPbgs4:qZnbx1PmCd5/gAfD<br>eUYHoRzYzU<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1d800<br>timedatestamp.....: 0x453cf9da (Mon Oct 23 17:20:26 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x3db6 0x3e00 6.36 21fc4ef1904f99ea5415bad2fff2aec2<br>.rdata 0x4280 0x2b6e 0x2b80 4.25 48f10759b78bac565a93760a4c15a0d3<br>.data 0x6e00 0x170 0x180 1.66 469d78c56bcb13e9efb7cb9e8380e1c6<br>PAGE 0x6f80 0x16823 0x16880 6.31 482ae480acee9e873dad8f36901cc011<br>INIT 0x1d800 0x1324 0x1380 5.66 0eb5ba9a83a369b716b07d8936d3515c<br>.rsrc 0x1eb80 0x308 0x380 2.92 0d2c255c171017b78f62dcb6abc1fa29<br>.reloc 0x1ef00 0x1776 0x1780 6.22 01c93b73f9b7aaa07200ae62e88c7b27<br><br>( 2 imports ) <br>> ntoskrnl.exe: ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, _except_handler3, RtlRealSuccessor, KeWaitForSingleObject, RtlSplay, RtlDelete, KeSetEvent, FsRtlUninitializeFileLock, ExDeleteResourceLite, FsRtlInitializeOplock, FsRtlInitializeFileLock, ExInitializeResourceLite, KeInitializeSpinLock, ExReleaseResourceForThreadLite, KeGetCurrentThread, ExAcquireResourceSharedLite, CcZeroData, ExAcquireResourceExclusiveLite, MmFlushImageSection, FsRtlOplockFsctrl, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoGetCurrentProcess, FsRtlOplockIsFastIoPossible, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlUninitializeOplock, ObfDereferenceObject, IoCreateStreamFileObject, FsRtlCheckOplock, MmQuerySystemSize, IoRemoveShareAccess, IoGetRequestorProcess, IoSetShareAccess, IoUpdateShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ExIsResourceAcquiredExclusiveLite, MmCanFileBeTruncated, FsRtlProcessFileLock, CcFlushCache, MmIsRecursiveIoFault, CcCopyRead, CcMdlRead, KeBugCheckEx, FsRtlCheckLockForReadAccess, CcMdlReadComplete, CcCopyWrite, CcPrepareMdlWrite, CcPurgeCacheSection, FsRtlCheckLockForWriteAccess, CcCanIWrite, CcMdlWriteComplete, CcSetDirtyPinnedData, CcUnpinData, CcPinRead, CcPreparePinWrite, _allshl, KeInitializeMutex, RtlSecondsSince1970ToTime, SeSinglePrivilegeCheck, RtlOemStringToCountedUnicodeString, RtlUnicodeStringToOemString, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlEqualUnicodeString, RtlInitUnicodeString, RtlxOemStringToUnicodeSize, FsRtlNotifyVolumeEvent, FsRtlAreNamesEqual, KeInitializeEvent, KeReleaseMutex, FsRtlDoesNameContainWildCards, RtlUpcaseUnicodeString, RtlCopyString, IoGetStackLimits, FsRtlPostStackOverflow, KeLeaveCriticalRegion, KeEnterCriticalRegion, FsRtlPostPagingFileStackOverflow, ExFreePoolWithTag, ExAllocatePoolWithTag, RtlQueryRegistryValues, FsRtlLegalAnsiCharacterArray, IoDeleteDevice, IoCreateDevice, ObReferenceObjectByHandle, IoFileObjectType, IofCallDriver, IoBuildDeviceIoControlRequest, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyCleanup, FsRtlNotifyUninitializeSync, FsRtlTeardownPerStreamContexts, IoSetHardErrorOrVerifyDevice, FsRtlDissectName, KeSetTimer, RtlTimeToSecondsSince1970, KeQuerySystemTime, CcIsThereDirtyData, IoSetTopLevelIrp, ExQueueWorkItem, IoBuildSynchronousFsdRequest, ObfReferenceObject, FsRtlNotifyInitializeSync, KeInitializeDpc, KeInitializeTimer, _aullshr, ExAllocatePoolWithQuotaTag, RtlCompareMemory, RtlFreeOemString, _allmul, FsRtlUninitializeMcb, FsRtlLookupMcbEntry, FsRtlAddMcbEntry, FsRtlTruncateMcb, FsRtlInitializeMcb, IoRegisterFileSystem, FsRtlCopyRead, FsRtlCopyWrite, IoGetRelatedDeviceObject, IoIsOperationSynchronous, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IoRaiseHardError, IoSetDeviceToVerify, IoGetDeviceToVerify, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoGetTopLevelIrp, IoVerifyVolume, CcSetFileSizes, CcInitializeCacheMap, CcUninitializeCacheMap, IoMakeAssociatedIrp, IoFreeIrp, ExIsResourceAcquiredSharedLite, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, RtlCompareMemoryUlong, KeInsertQueueDpc, InterlockedPushEntrySList, InterlockedPopEntrySList, FsRtlIsNtstatusExpected, FsRtlNormalizeNtstatus, FsRtlIsNameInExpression, ExRaiseStatus<br>> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 132736 bytes
MD5...: 948b9b45076b1d347a27abbf29a209c9
SHA1..: 41f1099047e4e9b649d666c631a3b94591f0bdda
SHA256: 9a80a0e3bd76af85fe4a9eb20925ca002ae7c8f6a9c7855e79d3862bf8a8620c
ssdeep: 3072:q8Tonbx1Gy3xUCd9j/gAf1kCVeUYEY/pvmRzYPbgs4:qZnbx1PmCd5/gAfD<br>eUYHoRzYzU<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.4%)<br>Clipper DOS Executable (13.8%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.7%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1d800<br>timedatestamp.....: 0x453cf9da (Mon Oct 23 17:20:26 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x3db6 0x3e00 6.36 21fc4ef1904f99ea5415bad2fff2aec2<br>.rdata 0x4280 0x2b6e 0x2b80 4.25 48f10759b78bac565a93760a4c15a0d3<br>.data 0x6e00 0x170 0x180 1.66 469d78c56bcb13e9efb7cb9e8380e1c6<br>PAGE 0x6f80 0x16823 0x16880 6.31 482ae480acee9e873dad8f36901cc011<br>INIT 0x1d800 0x1324 0x1380 5.66 0eb5ba9a83a369b716b07d8936d3515c<br>.rsrc 0x1eb80 0x308 0x380 2.92 0d2c255c171017b78f62dcb6abc1fa29<br>.reloc 0x1ef00 0x1776 0x1780 6.22 01c93b73f9b7aaa07200ae62e88c7b27<br><br>( 2 imports ) <br>> ntoskrnl.exe: ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, _except_handler3, RtlRealSuccessor, KeWaitForSingleObject, RtlSplay, RtlDelete, KeSetEvent, FsRtlUninitializeFileLock, ExDeleteResourceLite, FsRtlInitializeOplock, FsRtlInitializeFileLock, ExInitializeResourceLite, KeInitializeSpinLock, ExReleaseResourceForThreadLite, KeGetCurrentThread, ExAcquireResourceSharedLite, CcZeroData, ExAcquireResourceExclusiveLite, MmFlushImageSection, FsRtlOplockFsctrl, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoGetCurrentProcess, FsRtlOplockIsFastIoPossible, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlUninitializeOplock, ObfDereferenceObject, IoCreateStreamFileObject, FsRtlCheckOplock, MmQuerySystemSize, IoRemoveShareAccess, IoGetRequestorProcess, IoSetShareAccess, IoUpdateShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ExIsResourceAcquiredExclusiveLite, MmCanFileBeTruncated, FsRtlProcessFileLock, CcFlushCache, MmIsRecursiveIoFault, CcCopyRead, CcMdlRead, KeBugCheckEx, FsRtlCheckLockForReadAccess, CcMdlReadComplete, CcCopyWrite, CcPrepareMdlWrite, CcPurgeCacheSection, FsRtlCheckLockForWriteAccess, CcCanIWrite, CcMdlWriteComplete, CcSetDirtyPinnedData, CcUnpinData, CcPinRead, CcPreparePinWrite, _allshl, KeInitializeMutex, RtlSecondsSince1970ToTime, SeSinglePrivilegeCheck, RtlOemStringToCountedUnicodeString, RtlUnicodeStringToOemString, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlEqualUnicodeString, RtlInitUnicodeString, RtlxOemStringToUnicodeSize, FsRtlNotifyVolumeEvent, FsRtlAreNamesEqual, KeInitializeEvent, KeReleaseMutex, FsRtlDoesNameContainWildCards, RtlUpcaseUnicodeString, RtlCopyString, IoGetStackLimits, FsRtlPostStackOverflow, KeLeaveCriticalRegion, KeEnterCriticalRegion, FsRtlPostPagingFileStackOverflow, ExFreePoolWithTag, ExAllocatePoolWithTag, RtlQueryRegistryValues, FsRtlLegalAnsiCharacterArray, IoDeleteDevice, IoCreateDevice, ObReferenceObjectByHandle, IoFileObjectType, IofCallDriver, IoBuildDeviceIoControlRequest, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyCleanup, FsRtlNotifyUninitializeSync, FsRtlTeardownPerStreamContexts, IoSetHardErrorOrVerifyDevice, FsRtlDissectName, KeSetTimer, RtlTimeToSecondsSince1970, KeQuerySystemTime, CcIsThereDirtyData, IoSetTopLevelIrp, ExQueueWorkItem, IoBuildSynchronousFsdRequest, ObfReferenceObject, FsRtlNotifyInitializeSync, KeInitializeDpc, KeInitializeTimer, _aullshr, ExAllocatePoolWithQuotaTag, RtlCompareMemory, RtlFreeOemString, _allmul, FsRtlUninitializeMcb, FsRtlLookupMcbEntry, FsRtlAddMcbEntry, FsRtlTruncateMcb, FsRtlInitializeMcb, IoRegisterFileSystem, FsRtlCopyRead, FsRtlCopyWrite, IoGetRelatedDeviceObject, IoIsOperationSynchronous, MmMapLockedPagesSpecifyCache, IofCompleteRequest, IoRaiseHardError, IoSetDeviceToVerify, IoGetDeviceToVerify, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoGetTopLevelIrp, IoVerifyVolume, CcSetFileSizes, CcInitializeCacheMap, CcUninitializeCacheMap, IoMakeAssociatedIrp, IoFreeIrp, ExIsResourceAcquiredSharedLite, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, RtlCompareMemoryUlong, KeInsertQueueDpc, InterlockedPushEntrySList, InterlockedPopEntrySList, FsRtlIsNtstatusExpected, FsRtlNormalizeNtstatus, FsRtlIsNameInExpression, ExRaiseStatus<br>> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Fichier IfsDrives.sys reçu le 2009.07.13 19:04:55 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 4608 bytes
MD5...: a0ea264b8811a515e5372c73f5ad9c9d
SHA1..: 583bf62372e01380c26d7a536590974d08b03754
SHA256: 001c0a21a03b17d6aa4378409bbb8146508bea46709e2f6c84520f92abafb8d4
ssdeep: 48:AIh2Eq7vNuLhG+NA6HcijJB8bnoLGstWjG4zW/L7HwiSBWoRPnzcL1XxJXvFO<br>q0:FFLhPUikbnoLGstWjGOWIpsoJzIbR0<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xa98<br>timedatestamp.....: 0x4154ad87 (Fri Sep 24 23:28:07 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0xa4 0x100 4.11 96537baa770730e78e62c52419b4d2bd<br>.rdata 0x580 0x104 0x180 3.49 d47a920edde72839f19702a713abb7e6<br>PAGE 0x700 0x3 0x80 0.13 66c7f14aba6dd5c86a6a0effb7aed410<br>INIT 0x780 0x582 0x600 5.73 8754f40378b1e2393d8f327f59220160<br>.rsrc 0xd80 0x318 0x380 2.91 11d6bfb0876df17dfe0e6a128466bf8a<br>.reloc 0x1100 0xbc 0x100 2.21 808f4b3ed8bd9dd33284633aa8a37bd9<br><br>( 1 imports ) <br>> ntoskrnl.exe: ExFreePoolWithTag, IoCreateSymbolicLink, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, ExAllocatePoolWithTag, _except_handler3, RtlQueryRegistryValues, ExRaiseStatus, FsRtlNormalizeNtstatus, FsRtlIsNtstatusExpected<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
L'autre :
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 4608 bytes
MD5...: a0ea264b8811a515e5372c73f5ad9c9d
SHA1..: 583bf62372e01380c26d7a536590974d08b03754
SHA256: 001c0a21a03b17d6aa4378409bbb8146508bea46709e2f6c84520f92abafb8d4
ssdeep: 48:AIh2Eq7vNuLhG+NA6HcijJB8bnoLGstWjG4zW/L7HwiSBWoRPnzcL1XxJXvFO<br>q0:FFLhPUikbnoLGstWjGOWIpsoJzIbR0<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xa98<br>timedatestamp.....: 0x4154ad87 (Fri Sep 24 23:28:07 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0xa4 0x100 4.11 96537baa770730e78e62c52419b4d2bd<br>.rdata 0x580 0x104 0x180 3.49 d47a920edde72839f19702a713abb7e6<br>PAGE 0x700 0x3 0x80 0.13 66c7f14aba6dd5c86a6a0effb7aed410<br>INIT 0x780 0x582 0x600 5.73 8754f40378b1e2393d8f327f59220160<br>.rsrc 0xd80 0x318 0x380 2.91 11d6bfb0876df17dfe0e6a128466bf8a<br>.reloc 0x1100 0xbc 0x100 2.21 808f4b3ed8bd9dd33284633aa8a37bd9<br><br>( 1 imports ) <br>> ntoskrnl.exe: ExFreePoolWithTag, IoCreateSymbolicLink, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, ExAllocatePoolWithTag, _except_handler3, RtlQueryRegistryValues, ExRaiseStatus, FsRtlNormalizeNtstatus, FsRtlIsNtstatusExpected<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 4608 bytes
MD5...: a0ea264b8811a515e5372c73f5ad9c9d
SHA1..: 583bf62372e01380c26d7a536590974d08b03754
SHA256: 001c0a21a03b17d6aa4378409bbb8146508bea46709e2f6c84520f92abafb8d4
ssdeep: 48:AIh2Eq7vNuLhG+NA6HcijJB8bnoLGstWjG4zW/L7HwiSBWoRPnzcL1XxJXvFO<br>q0:FFLhPUikbnoLGstWjGOWIpsoJzIbR0<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xa98<br>timedatestamp.....: 0x4154ad87 (Fri Sep 24 23:28:07 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0xa4 0x100 4.11 96537baa770730e78e62c52419b4d2bd<br>.rdata 0x580 0x104 0x180 3.49 d47a920edde72839f19702a713abb7e6<br>PAGE 0x700 0x3 0x80 0.13 66c7f14aba6dd5c86a6a0effb7aed410<br>INIT 0x780 0x582 0x600 5.73 8754f40378b1e2393d8f327f59220160<br>.rsrc 0xd80 0x318 0x380 2.91 11d6bfb0876df17dfe0e6a128466bf8a<br>.reloc 0x1100 0xbc 0x100 2.21 808f4b3ed8bd9dd33284633aa8a37bd9<br><br>( 1 imports ) <br>> ntoskrnl.exe: ExFreePoolWithTag, IoCreateSymbolicLink, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, ExAllocatePoolWithTag, _except_handler3, RtlQueryRegistryValues, ExRaiseStatus, FsRtlNormalizeNtstatus, FsRtlIsNtstatusExpected<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
L'autre :
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.22 2009.07.13 -
AhnLab-V3 5.0.0.2 2009.07.13 -
AntiVir 7.9.0.204 2009.07.13 -
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.13 -
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 -
BitDefender 7.2 2009.07.13 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.13 -
Comodo 1638 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.13 -
eTrust-Vet 31.6.6610 2009.07.13 -
F-Prot 4.4.4.56 2009.07.13 -
F-Secure 8.0.14470.0 2009.07.13 -
Fortinet 3.120.0.0 2009.07.13 -
GData 19 2009.07.13 -
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.791 2009.07.13 -
Kaspersky 7.0.0.125 2009.07.13 -
McAfee 5675 2009.07.13 -
McAfee+Artemis 5675 2009.07.13 -
McAfee-GW-Edition 6.8.5 2009.07.13 -
Microsoft 1.4803 2009.07.13 -
NOD32 4240 2009.07.13 -
Norman 6.01.09 2009.07.13 -
nProtect 2009.1.8.0 2009.07.13 -
Panda 10.0.0.14 2009.07.12 -
PCTools 4.4.2.0 2009.07.13 -
Prevx 3.0 2009.07.13 -
Rising 21.38.04.00 2009.07.13 -
Sophos 4.43.0 2009.07.13 -
Sunbelt 3.2.1858.2 2009.07.13 -
Symantec 1.4.4.12 2009.07.13 -
TheHacker 6.3.4.3.366 2009.07.12 -
TrendMicro 8.950.0.1094 2009.07.13 -
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.13.1833 2009.07.13 -
VirusBuster 4.6.5.0 2009.07.13 -
Information additionnelle
File size: 4608 bytes
MD5...: a0ea264b8811a515e5372c73f5ad9c9d
SHA1..: 583bf62372e01380c26d7a536590974d08b03754
SHA256: 001c0a21a03b17d6aa4378409bbb8146508bea46709e2f6c84520f92abafb8d4
ssdeep: 48:AIh2Eq7vNuLhG+NA6HcijJB8bnoLGstWjG4zW/L7HwiSBWoRPnzcL1XxJXvFO<br>q0:FFLhPUikbnoLGstWjGOWIpsoJzIbR0<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xa98<br>timedatestamp.....: 0x4154ad87 (Fri Sep 24 23:28:07 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0xa4 0x100 4.11 96537baa770730e78e62c52419b4d2bd<br>.rdata 0x580 0x104 0x180 3.49 d47a920edde72839f19702a713abb7e6<br>PAGE 0x700 0x3 0x80 0.13 66c7f14aba6dd5c86a6a0effb7aed410<br>INIT 0x780 0x582 0x600 5.73 8754f40378b1e2393d8f327f59220160<br>.rsrc 0xd80 0x318 0x380 2.91 11d6bfb0876df17dfe0e6a128466bf8a<br>.reloc 0x1100 0xbc 0x100 2.21 808f4b3ed8bd9dd33284633aa8a37bd9<br><br>( 1 imports ) <br>> ntoskrnl.exe: ExFreePoolWithTag, IoCreateSymbolicLink, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, RtlAppendUnicodeToString, ExAllocatePoolWithTag, _except_handler3, RtlQueryRegistryValues, ExRaiseStatus, FsRtlNormalizeNtstatus, FsRtlIsNtstatusExpected<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Voila le rapport
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{66886C4D-B307-4ECA-A228-52CA9B9851A4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66886C4D-B307-4ECA-A228-52CA9B9851A4}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1326574676-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000002-F180-01E3-8B20-3A7733000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000002-F180-01E3-8B20-3A7733000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1326574676-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000002-F180-01E8-8B20-3A7733000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000002-F180-01E8-8B20-3A7733000000}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoCDBurning"|0 /E : value set successfully!
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} not found.
C:\WINDOWS\System32\Cache moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_GatARiTlIcXzYJy0riLl scheduled to be deleted on reboot.
->Temp folder emptied: 2686974 bytes
->Temporary Internet Files folder emptied: 3735400 bytes
->Java cache emptied: 239618 bytes
->FireFox cache emptied: 39917911 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c58.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 44,56 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07132009_211331
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_GatARiTlIcXzYJy0riLl not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c58.dat not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{66886C4D-B307-4ECA-A228-52CA9B9851A4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66886C4D-B307-4ECA-A228-52CA9B9851A4}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1326574676-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000002-F180-01E3-8B20-3A7733000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000002-F180-01E3-8B20-3A7733000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1326574676-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000002-F180-01E8-8B20-3A7733000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000002-F180-01E8-8B20-3A7733000000}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoCDBurning"|0 /E : value set successfully!
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} not found.
C:\WINDOWS\System32\Cache moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_GatARiTlIcXzYJy0riLl scheduled to be deleted on reboot.
->Temp folder emptied: 2686974 bytes
->Temporary Internet Files folder emptied: 3735400 bytes
->Java cache emptied: 239618 bytes
->FireFox cache emptied: 39917911 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c58.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 44,56 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07132009_211331
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_GatARiTlIcXzYJy0riLl not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c58.dat not found!
Registry entries deleted on Reboot...
