Detection Trojan TR/Crypt.XPACK.Gen et plus
jeannotlapin31
Messages postés
14
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un problème de Trojan sur mon portable depuis que j'ai installé Mind Manager Pro 7 en version pirate sur mon autre ordi et que je l'ai fait parvenir via ma cle USB . Voici les details :
Avira Antivir detecte le TR/Crypt.XPACK.Gen Trojan que je n'arrive jamais a supprimer car il revient a chaque démarrage de Windows. Aussi Spyware Doctor me détecte 6 infections du Trojan-Spy.Gampass mais celui-la revient moins souvent que l'autre.
Merci d'avance pour votre aide.
Voici le rapport du scan d'Avira et celui de Spyware:
Avira AntiVir Personal
Report file date: 30 juillet 2009 17:14
Scanning for 1284893 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : LIFEBOOK
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 12:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 19:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 22:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 01:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 16:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 18:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 20:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 18:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 19:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48
Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\DOCUME~1\Owner\LOCALS~1\Temp\7bec42aa.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 30 juillet 2009 17:14
Starting the file scan:
Begin scan in 'C:\Documents and Settings\Owner\Local Settings\Temp'
C:\Documents and Settings\Owner\Local Settings\Temp\4tddfwq0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Beginning disinfection:
C:\Documents and Settings\Owner\Local Settings\Temp\4tddfwq0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4ad61c63.qua'!
End of the scan: 30 juillet 2009 17:17
Used time: 02:39 Minute(s)
The scan has been done completely.
114 Scanned directories
2781 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2780 Files not concerned
136 Archives were scanned
0 Warnings
1 Notes
_____________________________________
PC Tools Spyware Doctor
7/30/2009 6:07:03 PM:273
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue
7/30/2009 6:07:03 PM:283
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden
7/30/2009 6:07:03 PM:293
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden
7/30/2009 6:07:03 PM:313
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Fichier
Degré de risque - Haut
Infection - C:\autorun.inf
7/30/2009 6:07:03 PM:503
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Clé de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
7/30/2009 6:07:03 PM:513
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN, urlinfo
7/30/2009 6:07:03 PM:784
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue
7/30/2009 6:07:03 PM:794
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden
7/30/2009 6:07:03 PM:814
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden
7/30/2009 6:07:04 PM:84
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Fichier
Degré de risque - Haut
Infection - C:\autorun.inf
7/30/2009 6:07:04 PM:194
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Clé de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
7/30/2009 6:07:04 PM:194
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN, urlinfo
7/30/2009 6:07:06 PM:528
Résumé des infections mises en quarantaine / supprimées
Mises en quarantaine - 6
Échec de la quarantaine - 0
Supprimée(s) - 6
Échec de la suppression - 0
J'ai un problème de Trojan sur mon portable depuis que j'ai installé Mind Manager Pro 7 en version pirate sur mon autre ordi et que je l'ai fait parvenir via ma cle USB . Voici les details :
Avira Antivir detecte le TR/Crypt.XPACK.Gen Trojan que je n'arrive jamais a supprimer car il revient a chaque démarrage de Windows. Aussi Spyware Doctor me détecte 6 infections du Trojan-Spy.Gampass mais celui-la revient moins souvent que l'autre.
Merci d'avance pour votre aide.
Voici le rapport du scan d'Avira et celui de Spyware:
Avira AntiVir Personal
Report file date: 30 juillet 2009 17:14
Scanning for 1284893 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : LIFEBOOK
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 12:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 19:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 22:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 01:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 16:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 18:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 20:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 18:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 19:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48
Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\DOCUME~1\Owner\LOCALS~1\Temp\7bec42aa.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 30 juillet 2009 17:14
Starting the file scan:
Begin scan in 'C:\Documents and Settings\Owner\Local Settings\Temp'
C:\Documents and Settings\Owner\Local Settings\Temp\4tddfwq0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Beginning disinfection:
C:\Documents and Settings\Owner\Local Settings\Temp\4tddfwq0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4ad61c63.qua'!
End of the scan: 30 juillet 2009 17:17
Used time: 02:39 Minute(s)
The scan has been done completely.
114 Scanned directories
2781 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2780 Files not concerned
136 Archives were scanned
0 Warnings
1 Notes
_____________________________________
PC Tools Spyware Doctor
7/30/2009 6:07:03 PM:273
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue
7/30/2009 6:07:03 PM:283
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden
7/30/2009 6:07:03 PM:293
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden
7/30/2009 6:07:03 PM:313
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Fichier
Degré de risque - Haut
Infection - C:\autorun.inf
7/30/2009 6:07:03 PM:503
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Clé de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
7/30/2009 6:07:03 PM:513
Infection mise en quarantaine
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN, urlinfo
7/30/2009 6:07:03 PM:784
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue
7/30/2009 6:07:03 PM:794
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden
7/30/2009 6:07:03 PM:814
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre modifiée
Degré de risque - Haut
Infection - HKEY_USERS\S-1-5-21-2549541156-3311695719-2667438633-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden
7/30/2009 6:07:04 PM:84
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Fichier
Degré de risque - Haut
Infection - C:\autorun.inf
7/30/2009 6:07:04 PM:194
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Clé de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
7/30/2009 6:07:04 PM:194
Infection nettoyée
Nom de la menace - Trojan-Spy.Gampass
Type - Valeur de registre
Degré de risque - Haut
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN, urlinfo
7/30/2009 6:07:06 PM:528
Résumé des infections mises en quarantaine / supprimées
Mises en quarantaine - 6
Échec de la quarantaine - 0
Supprimée(s) - 6
Échec de la suppression - 0
A voir également:
- Detection Trojan TR/Crypt.XPACK.Gen et plus
- Touslesdrivers detection - Télécharger - Pilotes & Matériel
- Detection materiel pc - Guide
- Sennheiser tr 4200 problème - Forum Casque et écouteurs
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Détection de l'ouverture du clapet de mon étui samsung - Forum Téléphones & tablettes Android
75 réponses
ComboFix 09-08-01.09 - EndUser 08/02/2009 19:55.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.87 [GMT -4:00]
Running from: c:\documents and settings\EndUser\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-08-02 04:16 . 2009-08-02 04:16 -------- d-----w- c:\documents and settings\EndUser\Application Data\Malwarebytes
2009-08-02 04:15 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 04:15 . 2009-08-02 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-02 04:15 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 04:15 . 2009-08-02 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:10 . 2009-08-01 20:10 -------- dc----w- C:\GenProc
2009-08-01 18:49 . 2009-08-01 18:50 -------- d-----w- c:\program files\CCleaner
2009-07-31 03:54 . 2009-07-31 03:54 -------- dc----w- C:\VundoFix Backups
2009-07-28 14:28 . 2009-08-01 18:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-25 02:51 . 2009-07-25 02:51 -------- d-----w- c:\program files\MSXML 6.0
2009-07-24 20:06 . 2009-07-24 20:06 -------- d-----w- c:\documents and settings\EndUser\Local Settings\Application Data\Mindjet
2009-07-24 19:19 . 2009-06-01 14:37 104690 -csh--r- C:\3m2.exe
2009-07-24 19:16 . 2002-12-28 14:26 20569 ----a-w- c:\windows\system32\pxc25pm.dll
2009-07-24 19:14 . 2001-08-17 17:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2009-07-24 19:14 . 2001-08-17 17:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2009-07-24 18:59 . 2009-07-24 18:59 -------- d-----w- c:\program files\Mindjet
2009-07-24 18:14 . 2009-07-24 18:38 80526776 -c--a-w- C:\sertup.exe
2009-07-18 02:12 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\EndUser\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-18 02:11 . 2009-07-18 02:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-18 02:05 . 2009-07-18 02:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-18 02:04 . 2009-07-18 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 02:04 . 2009-07-18 02:32 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 03:43 . 2009-05-12 01:50 -------- d-----w- c:\documents and settings\EndUser\Application Data\Skype
2009-08-01 21:32 . 2009-02-05 19:22 -------- d-----w- c:\documents and settings\EndUser\Application Data\DNA
2009-08-01 17:49 . 2009-02-05 19:22 -------- d-----w- c:\program files\DNA
2009-07-31 04:00 . 2009-05-12 01:54 -------- d-----w- c:\documents and settings\EndUser\Application Data\skypePM
2009-07-27 15:47 . 2009-02-03 00:08 -------- d-----w- c:\documents and settings\EndUser\Application Data\LimeWire
2009-07-18 02:27 . 2008-09-06 04:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-18 13:40 . 2009-01-09 01:35 -------- d-----w- c:\documents and settings\EndUser\Application Data\dvdcss
2009-06-18 13:29 . 2009-06-18 13:27 -------- d-----w- c:\documents and settings\EndUser\Application Data\U3
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 01:41 . 2009-06-09 01:41 -------- d-----w- c:\program files\Common Files\logishrd
2009-06-04 08:30 . 2008-09-06 04:30 -------- d-----w- c:\documents and settings\EndUser\Application Data\AdobeUM
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 19:05 . 2009-05-26 19:05 390664 -c--a-w- c:\documents and settings\EndUser\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-12 01:54 . 2009-05-12 01:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-27 20:44 . 2008-09-06 16:40 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2009 3:29 PM 108289]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/23/2005 7:06 AM 231424]
S3 UXDCMN;UXDCMN;c:\documents and settings\EndUser\My Documents\Winstress\uxdcmn.sys [8/10/2007 11:27 AM 4164]
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-pdfSaver3 - (no file)
Notify-wvUkIAsP - wvUkIAsP.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.badoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6711
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\EndUser\Application Data\Mozilla\Firefox\Profiles\it28w31i.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 20:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-08-03 20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 00:12
Pre-Run: 10,125,582,336 bytes free
Post-Run: 10,346,663,936 bytes free
142 --- E O F --- 2009-07-31 19:12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.87 [GMT -4:00]
Running from: c:\documents and settings\EndUser\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-08-02 04:16 . 2009-08-02 04:16 -------- d-----w- c:\documents and settings\EndUser\Application Data\Malwarebytes
2009-08-02 04:15 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 04:15 . 2009-08-02 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-02 04:15 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 04:15 . 2009-08-02 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:10 . 2009-08-01 20:10 -------- dc----w- C:\GenProc
2009-08-01 18:49 . 2009-08-01 18:50 -------- d-----w- c:\program files\CCleaner
2009-07-31 03:54 . 2009-07-31 03:54 -------- dc----w- C:\VundoFix Backups
2009-07-28 14:28 . 2009-08-01 18:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-25 02:51 . 2009-07-25 02:51 -------- d-----w- c:\program files\MSXML 6.0
2009-07-24 20:06 . 2009-07-24 20:06 -------- d-----w- c:\documents and settings\EndUser\Local Settings\Application Data\Mindjet
2009-07-24 19:19 . 2009-06-01 14:37 104690 -csh--r- C:\3m2.exe
2009-07-24 19:16 . 2002-12-28 14:26 20569 ----a-w- c:\windows\system32\pxc25pm.dll
2009-07-24 19:14 . 2001-08-17 17:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2009-07-24 19:14 . 2001-08-17 17:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2009-07-24 18:59 . 2009-07-24 18:59 -------- d-----w- c:\program files\Mindjet
2009-07-24 18:14 . 2009-07-24 18:38 80526776 -c--a-w- C:\sertup.exe
2009-07-18 02:12 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\EndUser\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-18 02:11 . 2009-07-18 02:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-18 02:05 . 2009-07-18 02:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-18 02:04 . 2009-07-18 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 02:04 . 2009-07-18 02:32 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 03:43 . 2009-05-12 01:50 -------- d-----w- c:\documents and settings\EndUser\Application Data\Skype
2009-08-01 21:32 . 2009-02-05 19:22 -------- d-----w- c:\documents and settings\EndUser\Application Data\DNA
2009-08-01 17:49 . 2009-02-05 19:22 -------- d-----w- c:\program files\DNA
2009-07-31 04:00 . 2009-05-12 01:54 -------- d-----w- c:\documents and settings\EndUser\Application Data\skypePM
2009-07-27 15:47 . 2009-02-03 00:08 -------- d-----w- c:\documents and settings\EndUser\Application Data\LimeWire
2009-07-18 02:27 . 2008-09-06 04:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-18 13:40 . 2009-01-09 01:35 -------- d-----w- c:\documents and settings\EndUser\Application Data\dvdcss
2009-06-18 13:29 . 2009-06-18 13:27 -------- d-----w- c:\documents and settings\EndUser\Application Data\U3
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 01:41 . 2009-06-09 01:41 -------- d-----w- c:\program files\Common Files\logishrd
2009-06-04 08:30 . 2008-09-06 04:30 -------- d-----w- c:\documents and settings\EndUser\Application Data\AdobeUM
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 19:05 . 2009-05-26 19:05 390664 -c--a-w- c:\documents and settings\EndUser\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-12 01:54 . 2009-05-12 01:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-27 20:44 . 2008-09-06 16:40 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/19/2009 3:29 PM 108289]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/23/2005 7:06 AM 231424]
S3 UXDCMN;UXDCMN;c:\documents and settings\EndUser\My Documents\Winstress\uxdcmn.sys [8/10/2007 11:27 AM 4164]
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-pdfSaver3 - (no file)
Notify-wvUkIAsP - wvUkIAsP.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.badoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6711
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\EndUser\Application Data\Mozilla\Firefox\Profiles\it28w31i.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 20:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-08-03 20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 00:12
Pre-Run: 10,125,582,336 bytes free
Post-Run: 10,346,663,936 bytes free
142 --- E O F --- 2009-07-31 19:12
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu vas me faire ceci jeannotlapin31:
▶ Télécharge Random's System Information Tool (RSIT).
▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur 'Continue' à l'écran Disclaimer.
▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
▶ Télécharge Random's System Information Tool (RSIT).
▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur 'Continue' à l'écran Disclaimer.
▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
Voila le log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by EndUser at 2009-08-03 13:15:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (26%) free of 38 GB
Total RAM: 222 MB (15% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:52 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EndUser\Desktop\RSIT.exe
C:\Program Files\trend micro\EndUser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://badoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by EndUser at 2009-08-03 13:15:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (26%) free of 38 GB
Total RAM: 222 MB (15% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:52 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EndUser\Desktop\RSIT.exe
C:\Program Files\trend micro\EndUser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://badoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
##################### | XP _ Instal & recherche | ########################
▶ Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Et voila,
############################## | UsbFix V6.013 |
User : EndUser (Administrators) # NC-M2105
Update on 03/08/09 by Chiquitine29 & C_XX
Start at: 11:31:17 PM | 8/3/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.30 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 37.25 Go (9.71 Go free) # NTFS
D:\ -> CD-ROM Disc # 460 Mo (0 Mo free) [020405_1221] # CDFS
E:\ -> Removable Disk
F:\ -> Removable Disk # 1.88 Go (393.7 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
################## | Fichiers # Dossiers infectieux |
Présent ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
################## | Other | https://www.virustotal.com/gui/ |
Suspect ! C:\ATELIER\Atelier.exe
Suspect ! C:\DECCHECK\DECCHECK.exe
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\shared tools\msconfig\startupreg\54dfsger
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.013 ! |
############################## | UsbFix V6.013 |
User : EndUser (Administrators) # NC-M2105
Update on 03/08/09 by Chiquitine29 & C_XX
Start at: 11:31:17 PM | 8/3/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.30 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 37.25 Go (9.71 Go free) # NTFS
D:\ -> CD-ROM Disc # 460 Mo (0 Mo free) [020405_1221] # CDFS
E:\ -> Removable Disk
F:\ -> Removable Disk # 1.88 Go (393.7 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
################## | Fichiers # Dossiers infectieux |
Présent ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
################## | Other | https://www.virustotal.com/gui/ |
Suspect ! C:\ATELIER\Atelier.exe
Suspect ! C:\DECCHECK\DECCHECK.exe
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\shared tools\msconfig\startupreg\54dfsger
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.013 ! |
##################### | XP _ Suppression | ########################
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
En passant j'imagine que je dois plus utiliser mes cles usb pour faire passer mes docs d'un portable a l'autre vu que l'autre est apparemment toujours infecte'??
############################## | UsbFix V6.013 |
User : EndUser (Administrators) # NC-M2105
Update on 03/08/09 by Chiquitine29 & C_XX
Start at: 12:22:58 PM | 8/4/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.30 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 37.25 Go (9.71 Go free) # NTFS
D:\ -> CD-ROM Disc # 460 Mo (0 Mo free) [020405_1221] # CDFS
E:\ -> Removable Disk
F:\ -> Removable Disk # 1.88 Go (393.7 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
################## | Other |
################## | Suspect ... | https://www.virustotal.com/gui/ |
Suspect ! C:\ATELIER\Atelier.exe
Suspect ! C:\DECCHECK\DECCHECK.exe
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\software\microsoft\shared tools\msconfig\startupreg\54dfsger
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[06/01/2009 10:37 AM|-r-hsc---|104690] -> C:\3m2.exe
[12/04/2004 07:47 AM|--a--c---|20008] -> C:\adobelog.txt
[08/10/2007 10:45 AM|--a--c---|0] -> C:\AUTOEXEC.BAT
[08/10/2007 11:22 AM|--a--c---|90] -> C:\bcmwl5.log
[08/10/2007 10:38 AM|--ahsc---|211] -> C:\BOOT.BAK
[08/02/2009 06:08 PM|-rahsc---|282] -> C:\boot.ini
[08/04/2004 08:00 AM|-r-hs----|260272] -> C:\cmldr
[08/02/2009 08:12 PM|--a--c---|9307] -> C:\ComboFix.txt
[08/10/2007 10:45 AM|--a--c---|0] -> C:\CONFIG.SYS
[08/10/2007 10:45 AM|-rahsc---|0] -> C:\IO.SYS
[08/10/2007 10:45 AM|-rahsc---|0] -> C:\MSDOS.SYS
[08/04/2004 08:00 AM|-rahs----|47564] -> C:\NTDETECT.COM
[08/04/2004 08:00 AM|-rahs----|250032] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[07/24/2009 02:38 PM|--a--c---|80526776] -> C:\sertup.exe
[08/04/2009 12:27 PM|--a--c---|3144] -> C:\UsbFix.txt
[07/30/2009 11:54 PM|--a--c---|104] -> C:\VundoFix.txt
[10/28/2001 02:23 PM|-r-------|10240] -> D:\AtelierSetup.exe
[06/23/2009 09:49 PM|--a------|5642284] -> F:\(CHANT) Luis Yawa 001.wav
[01/01/2004 12:00 AM|--a------|639839] -> F:\PICT0007.JPG
[01/01/2004 12:00 AM|--a------|584183] -> F:\PICT0008.JPG
[01/01/2004 12:00 AM|--a------|573995] -> F:\PICT0009.JPG
[01/01/2004 12:00 AM|--a------|588724] -> F:\PICT0010.JPG
[06/23/2009 09:56 PM|--a------|118330924] -> F:\(ENTRE) Churubia Machingue.wav
[01/01/2004 12:00 AM|--a------|521814] -> F:\PICT0011.JPG
[01/01/2004 12:00 AM|--a------|759805] -> F:\PICT0012.JPG
[01/01/2004 12:00 AM|--a------|863615] -> F:\PICT0013.JPG
[01/01/2004 12:00 AM|--a------|811886] -> F:\PICT0014.JPG
[06/20/2009 10:21 AM|--a------|162388524] -> F:\(ENTRE) Don Bosco Pati.wav
[01/01/2004 12:00 AM|--a------|814024] -> F:\PICT0015.JPG
[01/01/2004 12:00 AM|--a------|670153] -> F:\PICT0016.JPG
[01/01/2004 12:00 AM|--a------|752080] -> F:\PICT0017.JPG
[06/23/2009 09:45 PM|--a------|97067564] -> F:\(ENTRE) Jose Wek 002.wav
[01/01/2004 12:00 AM|--a------|810037] -> F:\PICT0018.JPG
[01/01/2004 12:00 AM|--a------|4159252] -> F:\PICT0019.MOV
[01/01/2004 12:00 AM|--a------|933485] -> F:\PICT0020.JPG
[06/16/2009 08:15 PM|--a------|111977004] -> F:\(ENTRE) Luis_Marco_Sundu.wav
[01/01/2004 12:00 AM|--a------|904815] -> F:\PICT0021.JPG
[01/01/2004 12:00 AM|--a------|871933] -> F:\PICT0022.JPG
[01/01/2004 12:00 AM|--a------|834277] -> F:\PICT0023.JPG
[01/01/2004 12:00 AM|--a------|828152] -> F:\PICT0024.JPG
[06/20/2009 10:26 AM|--a------|217212204] -> F:\(ENTRE) Sylverio Chiriap.wav
[01/01/2004 12:00 AM|--a------|706097] -> F:\PICT0025.JPG
[01/01/2004 12:00 AM|--a------|683319] -> F:\PICT0026.JPG
[01/01/2004 12:00 AM|--a------|667922] -> F:\PICT0027.JPG
[06/16/2009 08:26 PM|--a------|98807084] -> F:\(ENTRE)Efren_Sikuana.wav
[06/28/2009 02:21 PM|--a------|88223] -> F:\FIELD NOTES.rar
[07/23/2009 12:58 PM|--a------|5152989] -> F:\La Factoria Ft Eddie Lover - Morire.mp3
[07/04/2009 07:02 PM|--a------|64979244] -> F:\(ENTRE) Luis Suamar.wav
[07/24/2009 02:47 PM|--a------|92404524] -> F:\(ENTRE) Maria Angelina.wav
[07/04/2009 07:06 PM|--a------|96327724] -> F:\(ENTRE) Ricardo Tsakimp.wav
[07/13/2009 10:28 AM|--a------|81733164] -> F:\Bosco Pati 1_2.wav
[07/13/2009 10:30 AM|--a------|80655404] -> F:\Bosco Pati 2_2.wav
[07/04/2009 06:47 PM|--a------|126814764] -> F:\(ENTRE) Bolivar Kaita.wav
[07/04/2009 07:11 PM|--a------|37986604] -> F:\(ENTRE) Bolivar Kaita 002.wav
[07/24/2009 02:34 PM|--a------|59755564] -> F:\(ENTRE) Fransisco Yampik 002.wav
[07/24/2009 02:42 PM|--a------|6594604] -> F:\(ENTRE) Fransisco Yampik 003.wav
[07/24/2009 02:44 PM|--a------|3153964] -> F:\(ENTRE) Fransisco Yampik 004.wav
[01/01/2004 12:00 AM|--a------|650446] -> F:\PICT0005.JPG
[01/01/2004 12:00 AM|--a------|569878] -> F:\PICT0006.JPG
[01/01/2004 12:00 AM|--a------|742570] -> F:\PICT0028.JPG
[01/01/2004 12:00 AM|--a------|661296] -> F:\PICT0029.JPG
[01/01/2004 12:00 AM|--a------|777200] -> F:\PICT0030.JPG
[01/01/2004 12:00 AM|--a------|12766260] -> F:\PICT0031.MOV
[01/01/2004 12:00 AM|--a------|893808] -> F:\PICT0032.JPG
[01/01/2004 12:00 AM|--a------|885591] -> F:\PICT0033.JPG
[01/01/2004 12:00 AM|--a------|804552] -> F:\PICT0034.JPG
[01/01/2004 12:00 AM|--a------|553587] -> F:\PICT0035.JPG
[01/01/2004 12:00 AM|--a------|610316] -> F:\PICT0036.JPG
[01/01/2004 12:00 AM|--a------|884404] -> F:\PICT0037.JPG
[07/14/2009 06:51 AM|--ahs----|306688] -> F:\Thumbs.db
[07/13/2009 09:26 PM|--a------|560556] -> F:\ultima noche fiesta shuar 001.jpg
[07/13/2009 09:26 PM|--a------|574948] -> F:\ultima noche fiesta shuar 002.jpg
[07/13/2009 09:26 PM|--a------|551244] -> F:\ultima noche fiesta shuar 003.jpg
[07/13/2009 09:26 PM|--a------|533760] -> F:\ultima noche fiesta shuar 004.jpg
[07/13/2009 09:26 PM|--a------|541568] -> F:\ultima noche fiesta shuar 005.jpg
[01/01/2004 12:00 AM|--a------|667081] -> F:\PICT0001.JPG
[07/13/2009 09:26 PM|--a------|549272] -> F:\ultima noche fiesta shuar 006.jpg
[07/13/2009 09:26 PM|--a------|553480] -> F:\ultima noche fiesta shuar 007.jpg
[07/13/2009 09:26 PM|--a------|543176] -> F:\ultima noche fiesta shuar 008.jpg
[07/13/2009 09:26 PM|--a------|553240] -> F:\ultima noche fiesta shuar 009.jpg
[07/13/2009 09:26 PM|--a------|534508] -> F:\ultima noche fiesta shuar 010.jpg
[07/13/2009 09:26 PM|--a------|542140] -> F:\ultima noche fiesta shuar 011.jpg
[07/13/2009 09:26 PM|--a------|550636] -> F:\ultima noche fiesta shuar 012.jpg
[07/13/2009 09:26 PM|--a------|553561] -> F:\ultima noche fiesta shuar 013.jpg
[07/13/2009 09:26 PM|--a------|483992] -> F:\ultima noche fiesta shuar 014.jpg
[07/13/2009 09:26 PM|--a------|533876] -> F:\ultima noche fiesta shuar 015.jpg
[07/13/2009 09:26 PM|--a------|534641] -> F:\ultima noche fiesta shuar 016.jpg
[07/13/2009 09:26 PM|--a------|508028] -> F:\ultima noche fiesta shuar 017.jpg
[07/13/2009 09:26 PM|--a------|510684] -> F:\ultima noche fiesta shuar 018.jpg
[07/13/2009 09:26 PM|--a------|553987] -> F:\ultima noche fiesta shuar 019.jpg
[07/13/2009 09:26 PM|--a------|530292] -> F:\ultima noche fiesta shuar 020.jpg
[07/13/2009 09:26 PM|--a------|530902] -> F:\ultima noche fiesta shuar 021.jpg
[07/12/2009 06:29 PM|--a------|760102] -> F:\Christmas 2008 001.jpg
[07/12/2009 06:29 PM|--a------|643773] -> F:\Christmas 2008 002.jpg
[07/12/2009 06:29 PM|--a------|596740] -> F:\Christmas 2008 003.jpg
[07/12/2009 06:29 PM|--a------|609482] -> F:\Christmas 2008 004.jpg
[07/12/2009 06:29 PM|--a------|623717] -> F:\Christmas 2008 005.jpg
[07/12/2009 06:29 PM|--a------|646495] -> F:\Christmas 2008 006.jpg
[07/12/2009 06:29 PM|--a------|592727] -> F:\Christmas 2008 007.jpg
[07/12/2009 06:29 PM|--a------|410848] -> F:\Christmas 2008 008.jpg
[07/12/2009 06:29 PM|--a------|518112] -> F:\Christmas 2008 009.jpg
[07/12/2009 06:29 PM|--a------|493613] -> F:\Christmas 2008 010.jpg
[07/12/2009 06:29 PM|--a------|706867] -> F:\Christmas 2008 011.jpg
[07/12/2009 06:29 PM|--a------|679693] -> F:\Christmas 2008 012.jpg
[07/12/2009 06:29 PM|--a------|671342] -> F:\Christmas 2008 013.jpg
[07/12/2009 06:30 PM|--a------|640087] -> F:\Christmas 2008 014.jpg
[07/12/2009 06:30 PM|--a------|637477] -> F:\Christmas 2008 015.jpg
[07/12/2009 06:30 PM|--a------|733764] -> F:\Christmas 2008 016.jpg
[07/12/2009 06:30 PM|--a------|693317] -> F:\Christmas 2008 017.jpg
[07/12/2009 06:30 PM|--a------|937627] -> F:\Christmas 2008 018.jpg
[07/12/2009 06:30 PM|--a------|637113] -> F:\Christmas 2008 019.jpg
[07/12/2009 06:30 PM|--a------|809832] -> F:\Christmas 2008 020.jpg
[07/12/2009 06:30 PM|--a------|785951] -> F:\Christmas 2008 021.jpg
[01/01/2004 12:00 AM|--a------|645273] -> F:\PICT0002.JPG
[01/01/2004 12:00 AM|--a------|611633] -> F:\PICT0003.JPG
[01/01/2004 12:00 AM|--a------|510343] -> F:\PICT0004.JPG
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.013 ! |
############################## | UsbFix V6.013 |
User : EndUser (Administrators) # NC-M2105
Update on 03/08/09 by Chiquitine29 & C_XX
Start at: 12:22:58 PM | 8/4/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.30 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 37.25 Go (9.71 Go free) # NTFS
D:\ -> CD-ROM Disc # 460 Mo (0 Mo free) [020405_1221] # CDFS
E:\ -> Removable Disk
F:\ -> Removable Disk # 1.88 Go (393.7 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213
################## | Other |
################## | Suspect ... | https://www.virustotal.com/gui/ |
Suspect ! C:\ATELIER\Atelier.exe
Suspect ! C:\DECCHECK\DECCHECK.exe
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\software\microsoft\shared tools\msconfig\startupreg\54dfsger
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[06/01/2009 10:37 AM|-r-hsc---|104690] -> C:\3m2.exe
[12/04/2004 07:47 AM|--a--c---|20008] -> C:\adobelog.txt
[08/10/2007 10:45 AM|--a--c---|0] -> C:\AUTOEXEC.BAT
[08/10/2007 11:22 AM|--a--c---|90] -> C:\bcmwl5.log
[08/10/2007 10:38 AM|--ahsc---|211] -> C:\BOOT.BAK
[08/02/2009 06:08 PM|-rahsc---|282] -> C:\boot.ini
[08/04/2004 08:00 AM|-r-hs----|260272] -> C:\cmldr
[08/02/2009 08:12 PM|--a--c---|9307] -> C:\ComboFix.txt
[08/10/2007 10:45 AM|--a--c---|0] -> C:\CONFIG.SYS
[08/10/2007 10:45 AM|-rahsc---|0] -> C:\IO.SYS
[08/10/2007 10:45 AM|-rahsc---|0] -> C:\MSDOS.SYS
[08/04/2004 08:00 AM|-rahs----|47564] -> C:\NTDETECT.COM
[08/04/2004 08:00 AM|-rahs----|250032] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[07/24/2009 02:38 PM|--a--c---|80526776] -> C:\sertup.exe
[08/04/2009 12:27 PM|--a--c---|3144] -> C:\UsbFix.txt
[07/30/2009 11:54 PM|--a--c---|104] -> C:\VundoFix.txt
[10/28/2001 02:23 PM|-r-------|10240] -> D:\AtelierSetup.exe
[06/23/2009 09:49 PM|--a------|5642284] -> F:\(CHANT) Luis Yawa 001.wav
[01/01/2004 12:00 AM|--a------|639839] -> F:\PICT0007.JPG
[01/01/2004 12:00 AM|--a------|584183] -> F:\PICT0008.JPG
[01/01/2004 12:00 AM|--a------|573995] -> F:\PICT0009.JPG
[01/01/2004 12:00 AM|--a------|588724] -> F:\PICT0010.JPG
[06/23/2009 09:56 PM|--a------|118330924] -> F:\(ENTRE) Churubia Machingue.wav
[01/01/2004 12:00 AM|--a------|521814] -> F:\PICT0011.JPG
[01/01/2004 12:00 AM|--a------|759805] -> F:\PICT0012.JPG
[01/01/2004 12:00 AM|--a------|863615] -> F:\PICT0013.JPG
[01/01/2004 12:00 AM|--a------|811886] -> F:\PICT0014.JPG
[06/20/2009 10:21 AM|--a------|162388524] -> F:\(ENTRE) Don Bosco Pati.wav
[01/01/2004 12:00 AM|--a------|814024] -> F:\PICT0015.JPG
[01/01/2004 12:00 AM|--a------|670153] -> F:\PICT0016.JPG
[01/01/2004 12:00 AM|--a------|752080] -> F:\PICT0017.JPG
[06/23/2009 09:45 PM|--a------|97067564] -> F:\(ENTRE) Jose Wek 002.wav
[01/01/2004 12:00 AM|--a------|810037] -> F:\PICT0018.JPG
[01/01/2004 12:00 AM|--a------|4159252] -> F:\PICT0019.MOV
[01/01/2004 12:00 AM|--a------|933485] -> F:\PICT0020.JPG
[06/16/2009 08:15 PM|--a------|111977004] -> F:\(ENTRE) Luis_Marco_Sundu.wav
[01/01/2004 12:00 AM|--a------|904815] -> F:\PICT0021.JPG
[01/01/2004 12:00 AM|--a------|871933] -> F:\PICT0022.JPG
[01/01/2004 12:00 AM|--a------|834277] -> F:\PICT0023.JPG
[01/01/2004 12:00 AM|--a------|828152] -> F:\PICT0024.JPG
[06/20/2009 10:26 AM|--a------|217212204] -> F:\(ENTRE) Sylverio Chiriap.wav
[01/01/2004 12:00 AM|--a------|706097] -> F:\PICT0025.JPG
[01/01/2004 12:00 AM|--a------|683319] -> F:\PICT0026.JPG
[01/01/2004 12:00 AM|--a------|667922] -> F:\PICT0027.JPG
[06/16/2009 08:26 PM|--a------|98807084] -> F:\(ENTRE)Efren_Sikuana.wav
[06/28/2009 02:21 PM|--a------|88223] -> F:\FIELD NOTES.rar
[07/23/2009 12:58 PM|--a------|5152989] -> F:\La Factoria Ft Eddie Lover - Morire.mp3
[07/04/2009 07:02 PM|--a------|64979244] -> F:\(ENTRE) Luis Suamar.wav
[07/24/2009 02:47 PM|--a------|92404524] -> F:\(ENTRE) Maria Angelina.wav
[07/04/2009 07:06 PM|--a------|96327724] -> F:\(ENTRE) Ricardo Tsakimp.wav
[07/13/2009 10:28 AM|--a------|81733164] -> F:\Bosco Pati 1_2.wav
[07/13/2009 10:30 AM|--a------|80655404] -> F:\Bosco Pati 2_2.wav
[07/04/2009 06:47 PM|--a------|126814764] -> F:\(ENTRE) Bolivar Kaita.wav
[07/04/2009 07:11 PM|--a------|37986604] -> F:\(ENTRE) Bolivar Kaita 002.wav
[07/24/2009 02:34 PM|--a------|59755564] -> F:\(ENTRE) Fransisco Yampik 002.wav
[07/24/2009 02:42 PM|--a------|6594604] -> F:\(ENTRE) Fransisco Yampik 003.wav
[07/24/2009 02:44 PM|--a------|3153964] -> F:\(ENTRE) Fransisco Yampik 004.wav
[01/01/2004 12:00 AM|--a------|650446] -> F:\PICT0005.JPG
[01/01/2004 12:00 AM|--a------|569878] -> F:\PICT0006.JPG
[01/01/2004 12:00 AM|--a------|742570] -> F:\PICT0028.JPG
[01/01/2004 12:00 AM|--a------|661296] -> F:\PICT0029.JPG
[01/01/2004 12:00 AM|--a------|777200] -> F:\PICT0030.JPG
[01/01/2004 12:00 AM|--a------|12766260] -> F:\PICT0031.MOV
[01/01/2004 12:00 AM|--a------|893808] -> F:\PICT0032.JPG
[01/01/2004 12:00 AM|--a------|885591] -> F:\PICT0033.JPG
[01/01/2004 12:00 AM|--a------|804552] -> F:\PICT0034.JPG
[01/01/2004 12:00 AM|--a------|553587] -> F:\PICT0035.JPG
[01/01/2004 12:00 AM|--a------|610316] -> F:\PICT0036.JPG
[01/01/2004 12:00 AM|--a------|884404] -> F:\PICT0037.JPG
[07/14/2009 06:51 AM|--ahs----|306688] -> F:\Thumbs.db
[07/13/2009 09:26 PM|--a------|560556] -> F:\ultima noche fiesta shuar 001.jpg
[07/13/2009 09:26 PM|--a------|574948] -> F:\ultima noche fiesta shuar 002.jpg
[07/13/2009 09:26 PM|--a------|551244] -> F:\ultima noche fiesta shuar 003.jpg
[07/13/2009 09:26 PM|--a------|533760] -> F:\ultima noche fiesta shuar 004.jpg
[07/13/2009 09:26 PM|--a------|541568] -> F:\ultima noche fiesta shuar 005.jpg
[01/01/2004 12:00 AM|--a------|667081] -> F:\PICT0001.JPG
[07/13/2009 09:26 PM|--a------|549272] -> F:\ultima noche fiesta shuar 006.jpg
[07/13/2009 09:26 PM|--a------|553480] -> F:\ultima noche fiesta shuar 007.jpg
[07/13/2009 09:26 PM|--a------|543176] -> F:\ultima noche fiesta shuar 008.jpg
[07/13/2009 09:26 PM|--a------|553240] -> F:\ultima noche fiesta shuar 009.jpg
[07/13/2009 09:26 PM|--a------|534508] -> F:\ultima noche fiesta shuar 010.jpg
[07/13/2009 09:26 PM|--a------|542140] -> F:\ultima noche fiesta shuar 011.jpg
[07/13/2009 09:26 PM|--a------|550636] -> F:\ultima noche fiesta shuar 012.jpg
[07/13/2009 09:26 PM|--a------|553561] -> F:\ultima noche fiesta shuar 013.jpg
[07/13/2009 09:26 PM|--a------|483992] -> F:\ultima noche fiesta shuar 014.jpg
[07/13/2009 09:26 PM|--a------|533876] -> F:\ultima noche fiesta shuar 015.jpg
[07/13/2009 09:26 PM|--a------|534641] -> F:\ultima noche fiesta shuar 016.jpg
[07/13/2009 09:26 PM|--a------|508028] -> F:\ultima noche fiesta shuar 017.jpg
[07/13/2009 09:26 PM|--a------|510684] -> F:\ultima noche fiesta shuar 018.jpg
[07/13/2009 09:26 PM|--a------|553987] -> F:\ultima noche fiesta shuar 019.jpg
[07/13/2009 09:26 PM|--a------|530292] -> F:\ultima noche fiesta shuar 020.jpg
[07/13/2009 09:26 PM|--a------|530902] -> F:\ultima noche fiesta shuar 021.jpg
[07/12/2009 06:29 PM|--a------|760102] -> F:\Christmas 2008 001.jpg
[07/12/2009 06:29 PM|--a------|643773] -> F:\Christmas 2008 002.jpg
[07/12/2009 06:29 PM|--a------|596740] -> F:\Christmas 2008 003.jpg
[07/12/2009 06:29 PM|--a------|609482] -> F:\Christmas 2008 004.jpg
[07/12/2009 06:29 PM|--a------|623717] -> F:\Christmas 2008 005.jpg
[07/12/2009 06:29 PM|--a------|646495] -> F:\Christmas 2008 006.jpg
[07/12/2009 06:29 PM|--a------|592727] -> F:\Christmas 2008 007.jpg
[07/12/2009 06:29 PM|--a------|410848] -> F:\Christmas 2008 008.jpg
[07/12/2009 06:29 PM|--a------|518112] -> F:\Christmas 2008 009.jpg
[07/12/2009 06:29 PM|--a------|493613] -> F:\Christmas 2008 010.jpg
[07/12/2009 06:29 PM|--a------|706867] -> F:\Christmas 2008 011.jpg
[07/12/2009 06:29 PM|--a------|679693] -> F:\Christmas 2008 012.jpg
[07/12/2009 06:29 PM|--a------|671342] -> F:\Christmas 2008 013.jpg
[07/12/2009 06:30 PM|--a------|640087] -> F:\Christmas 2008 014.jpg
[07/12/2009 06:30 PM|--a------|637477] -> F:\Christmas 2008 015.jpg
[07/12/2009 06:30 PM|--a------|733764] -> F:\Christmas 2008 016.jpg
[07/12/2009 06:30 PM|--a------|693317] -> F:\Christmas 2008 017.jpg
[07/12/2009 06:30 PM|--a------|937627] -> F:\Christmas 2008 018.jpg
[07/12/2009 06:30 PM|--a------|637113] -> F:\Christmas 2008 019.jpg
[07/12/2009 06:30 PM|--a------|809832] -> F:\Christmas 2008 020.jpg
[07/12/2009 06:30 PM|--a------|785951] -> F:\Christmas 2008 021.jpg
[01/01/2004 12:00 AM|--a------|645273] -> F:\PICT0002.JPG
[01/01/2004 12:00 AM|--a------|611633] -> F:\PICT0003.JPG
[01/01/2004 12:00 AM|--a------|510343] -> F:\PICT0004.JPG
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.013 ! |
Bonjour,
ensuite tu vas analyser tout ces fichiers avec ceci et me poster les rapports :
- clic ici https://www.virustotal.com/gui/
- clic sur parcourir en milieu de page
- dans la nouvelle fenetre va chercher le fichier
- clic sur ouvrir
- le chemin d'accés ce met dans la page web a ce moment clic sur analyser
- si le fichier a deja ete analyser clic sur réanalyser
un rapport va s'etablir copie colle la page en entier AVEC en ENTETE le nom des fichiers
Les fichiers à analyser :
c:\windows\system32\ezsidmv.dat
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
C:\sertup.exe
C:\ATELIER\Atelier.exe
C:\DECCHECK\DECCHECK.exe
ensuite tu vas analyser tout ces fichiers avec ceci et me poster les rapports :
- clic ici https://www.virustotal.com/gui/
- clic sur parcourir en milieu de page
- dans la nouvelle fenetre va chercher le fichier
- clic sur ouvrir
- le chemin d'accés ce met dans la page web a ce moment clic sur analyser
- si le fichier a deja ete analyser clic sur réanalyser
un rapport va s'etablir copie colle la page en entier AVEC en ENTETE le nom des fichiers
Les fichiers à analyser :
c:\windows\system32\ezsidmv.dat
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
C:\sertup.exe
C:\ATELIER\Atelier.exe
C:\DECCHECK\DECCHECK.exe
Bonjour,
j'oubliais, avant de faire ceci, il faut afficher les fichiers cachés, regarde comment faire ici
j'oubliais, avant de faire ceci, il faut afficher les fichiers cachés, regarde comment faire ici
Salut,
Fichier ezsidmv.dat reçu le 2009.08.05 16:06:12 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4308 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 56 bytes
MD5...: e83e91e5ff79a33fbdb056a8cb3d4a86
SHA1..: ec3b666cdc47f24c9df7d163474d27caaea80dd2
SHA256: 5baf6a986f79563e077493e7ddb4a5402759d2cab89be0854c71102166cdfc68
ssdeep: 3:APZLFnAibodt/nuQwljo:ALx/ofPuQwlM<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4308 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 56 bytes
MD5...: e83e91e5ff79a33fbdb056a8cb3d4a86
SHA1..: ec3b666cdc47f24c9df7d163474d27caaea80dd2
SHA256: 5baf6a986f79563e077493e7ddb4a5402759d2cab89be0854c71102166cdfc68
ssdeep: 3:APZLFnAibodt/nuQwljo:ALx/ofPuQwlM<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_________________________________
Fichier arh.exe reçu le 2009.08.05 16:16:22 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin None 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 86016 bytes
MD5...: 8c27e380661ecbe327203f3b1456dd2c
SHA1..: 56e3abca71e56065fb1e91be7a070ddb8fe6f132
SHA256: 2bcfbfc72d442e492faa9e28aa18ccb7c2cee9a5ebfc6620bd164d2052886fe8
ssdeep: 1536:VYa5KvS+L6oSmpzovmSqbGSS3i8BkIk+asaMq5eZw:GS+Lhvb8KnH5eu<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2cd8<br>timedatestamp.....: 0x496aec51 (Mon Jan 12 07:08:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcf7a 0xd000 6.63 c602b5c4bc59e54d595f400e5a6aaf04<br>.rdata 0xe000 0x35f8 0x4000 4.79 14f76102f0e85272ccdb209a7d35e625<br>.data 0x12000 0x2ca4 0x2000 1.42 0ab3f9067a051cc346b8ae016e9a4d62<br>.rsrc 0x15000 0xb0 0x1000 3.05 77ce695c811789dde0a61350084b87ab<br><br>( 4 imports ) <br>> msi.dll: -, -, -<br>> SHLWAPI.dll: StrDupW, PathAppendW, PathRemoveFileSpecW, StrChrA<br>> KERNEL32.dll: HeapFree, GetExitCodeProcess, WaitForSingleObject, CloseHandle, LocalFree, MultiByteToWideChar, GetProcessHeap, CreateProcessW, WideCharToMultiByte, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, WriteConsoleW, GetFileType, GetStdHandle, GetModuleFileNameW, GetCommandLineA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetStartupInfoA, DeleteCriticalSection, Sleep, GetLastError, GetProcAddress, GetModuleHandleA, ExitProcess, LoadLibraryW, GetModuleFileNameA, RaiseException, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSection, HeapReAlloc, VirtualAlloc, LoadLibraryA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, HeapSize, SetFilePointer, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA<br>> ADVAPI32.dll: CryptReleaseContext, CryptCreateHash, CryptAcquireContextW, CryptHashData, CryptDestroyHash, CryptGetHashParam<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin None 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 86016 bytes
MD5...: 8c27e380661ecbe327203f3b1456dd2c
SHA1..: 56e3abca71e56065fb1e91be7a070ddb8fe6f132
SHA256: 2bcfbfc72d442e492faa9e28aa18ccb7c2cee9a5ebfc6620bd164d2052886fe8
ssdeep: 1536:VYa5KvS+L6oSmpzovmSqbGSS3i8BkIk+asaMq5eZw:GS+Lhvb8KnH5eu<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2cd8<br>timedatestamp.....: 0x496aec51 (Mon Jan 12 07:08:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcf7a 0xd000 6.63 c602b5c4bc59e54d595f400e5a6aaf04<br>.rdata 0xe000 0x35f8 0x4000 4.79 14f76102f0e85272ccdb209a7d35e625<br>.data 0x12000 0x2ca4 0x2000 1.42 0ab3f9067a051cc346b8ae016e9a4d62<br>.rsrc 0x15000 0xb0 0x1000 3.05 77ce695c811789dde0a61350084b87ab<br><br>( 4 imports ) <br>> msi.dll: -, -, -<br>> SHLWAPI.dll: StrDupW, PathAppendW, PathRemoveFileSpecW, StrChrA<br>> KERNEL32.dll: HeapFree, GetExitCodeProcess, WaitForSingleObject, CloseHandle, LocalFree, MultiByteToWideChar, GetProcessHeap, CreateProcessW, WideCharToMultiByte, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, WriteConsoleW, GetFileType, GetStdHandle, GetModuleFileNameW, GetCommandLineA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetStartupInfoA, DeleteCriticalSection, Sleep, GetLastError, GetProcAddress, GetModuleHandleA, ExitProcess, LoadLibraryW, GetModuleFileNameA, RaiseException, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSection, HeapReAlloc, VirtualAlloc, LoadLibraryA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, HeapSize, SetFilePointer, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA<br>> ADVAPI32.dll: CryptReleaseContext, CryptCreateHash, CryptAcquireContextW, CryptHashData, CryptDestroyHash, CryptGetHashParam<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_________________________________________________
Pour C:\sertup.exe :
Bigger than max permited size / Mayor del tamaño máximo permitido<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The answer to your request is located <a href="/fr/analisis/f644a0d2a6ab3d7dcf17445fcc0bfd6467769fa0cee61b85d8eee599b142c4ec-1249490706">here</a>.</p>
</body></html>
__________________________________________________
Fichier Atelier.exe reçu le 2009.08.05 16:53:39 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1876 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 647168 bytes
MD5...: 903bfdf4f69caba4f4de1e7fa3169c16
SHA1..: 3f174b652c6682c9e6532d3ad732c56c26310701
SHA256: bfee0c1c59baa7a01f93a9fd522c1622175d3bedff79f8dde6ad1b80bf094b1e
ssdeep: 6144:LJ2BlphwsnYI/Rt3iIhkPP+03IGUrGUU+KbNlPjWdChBNzrAsl6GCduPqZo<br>NdKfX:N4gbX+xqSIfP6splbYq7D64BQ9OaYg<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (90.9%)<br>Win32 Executable Generic (6.1%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3f7c<br>timedatestamp.....: 0x3cad7810 (Fri Apr 05 10:10:24 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9ad44 0x9b000 6.57 ea342d50d55846a2ad65281e656bc0dc<br>.data 0x9c000 0x7a20 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa4000 0x618 0x1000 1.69 c1453fabdaed8a9e230c4ebfdd4e794d<br><br>( 1 imports ) <br>> MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaStrAryToUnicode, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaStrAryToAnsi, __vbaFreeVar, __vbaLineInputStr, __vbaLateIdCall, __vbaStrVarMove, -, __vbaLenBstr, __vbaGosubReturn, __vbaPut3, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, -, __vbaCopyBytes, __vbaResume, __vbaVarCmpNe, __vbaStrCat, __vbaCyInt, -, __vbaLsetFixstr, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, -, _adj_fdiv_m32, -, __vbaVarXor, __vbaAryDestruct, __vbaLateMemSt, __vbaBoolStr, __vbaStrBool, __vbaExitProc, __vbaVarForInit, __vbaI4Abs, __vbaFileCloseAll, __vbaStrLike, __vbaObjSet, __vbaOnError, -, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, __vbaBoolVar, __vbaStrFixstr, -, __vbaVarTstLt, -, __vbaEraseKeepData, __vbaVargVar, __vbaFpR8, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, -, -, -, __vbaChkstk, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaGet4, __vbaCyI4, __vbaObjVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCySub, __vbaCastObjVar, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, -, __vbaLateIdCallLd, __vbaR8Cy, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, __vbaLateIdCallSt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, __vbaVarDiv, __vbaGosub, -, -, __vbaFPException, -, __vbaInStrVar, __vbaGetOwner3, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaGetOwner4, -, __vbaI2Var, -, __vbaFileSeek, __vbaStopExe, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, __vbaVarLateMemCallLdRf, -, __vbaNew2, __vbaInStr, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaI4Str, __vbaVarNot, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarLateMemStAd, __vbaVarCmpEq, __vbaFpCy, __vbaVarAdd, __vbaLateMemCall, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI2, __vbaVarMod, __vbaVarCopy, __vbaFpI4, __vbaVarLateMemCallLd, -, -, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaCastObj, __vbaStrMove, __vbaI4Cy, __vbaR8IntI4, -, _allmul, __vbaVarLateMemCallSt, __vbaLateIdSt, __vbaLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaFreeObj, __vbaFreeStr, -<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1876 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 647168 bytes
MD5...: 903bfdf4f69caba4f4de1e7fa3169c16
SHA1..: 3f174b652c6682c9e6532d3ad732c56c26310701
SHA256: bfee0c1c59baa7a01f93a9fd522c1622175d3bedff79f8dde6ad1b80bf094b1e
ssdeep: 6144:LJ2BlphwsnYI/Rt3iIhkPP+03IGUrGUU+KbNlPjWdChBNzrAsl6GCduPqZo<br>NdKfX:N4gbX+xqSIfP6splbYq7D64BQ9OaYg<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (90.9%)<br>Win32 Executable Generic (6.1%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3f7c<br>timedatestamp.....: 0x3cad7810 (Fri Apr 05 10:10:24 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9ad44 0x9b000 6.57 ea342d50d55846a2ad65281e656bc0dc<br>.data 0x9c000 0x7a20 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa4000 0x618 0x1000 1.69 c1453fabdaed8a9e230c4ebfdd4e794d<br><br>( 1 imports ) <br>> MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaStrAryToUnicode, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaStrAryToAnsi, __vbaFreeVar, __vbaLineInputStr, __vbaLateIdCall, __vbaStrVarMove, -, __vbaLenBstr, __vbaGosubReturn, __vbaPut3, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, -, __vbaCopyBytes, __vbaResume, __vbaVarCmpNe, __vbaStrCat, __vbaCyInt, -, __vbaLsetFixstr, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, -, _adj_fdiv_m32, -, __vbaVarXor, __vbaAryDestruct, __vbaLateMemSt, __vbaBoolStr, __vbaStrBool, __vbaExitProc, __vbaVarForInit, __vbaI4Abs, __vbaFileCloseAll, __vbaStrLike, __vbaObjSet, __vbaOnError, -, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, __vbaBoolVar, __vbaStrFixstr, -, __vbaVarTstLt, -, __vbaEraseKeepData, __vbaVargVar, __vbaFpR8, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, -, -, -, __vbaChkstk, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaGet4, __vbaCyI4, __vbaObjVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCySub, __vbaCastObjVar, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, -, __vbaLateIdCallLd, __vbaR8Cy, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, __vbaLateIdCallSt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, __vbaVarDiv, __vbaGosub, -, -, __vbaFPException, -, __vbaInStrVar, __vbaGetOwner3, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaGetOwner4, -, __vbaI2Var, -, __vbaFileSeek, __vbaStopExe, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, __vbaVarLateMemCallLdRf, -, __vbaNew2, __vbaInStr, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaI4Str, __vbaVarNot, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarLateMemStAd, __vbaVarCmpEq, __vbaFpCy, __vbaVarAdd, __vbaLateMemCall, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI2, __vbaVarMod, __vbaVarCopy, __vbaFpI4, __vbaVarLateMemCallLd, -, -, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaCastObj, __vbaStrMove, __vbaI4Cy, __vbaR8IntI4, -, _allmul, __vbaVarLateMemCallSt, __vbaLateIdSt, __vbaLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaFreeObj, __vbaFreeStr, -<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_____________________________________________________
Fichier DECCHECK.exe reçu le 2009.08.05 20:35:38 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1878 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 75264 bytes
MD5...: 1c59f1f2dce4b0b6cfe18162599e6fac
SHA1..: 5b39ed201d2ac22386a94745cb1e48d0c9f1fefb
SHA256: 4bf40e1e94fd7267cb4e81f4cabb76bd6f9383f08e71a7fcff0ff92a1074c762
ssdeep: 1536:o7c8INjxp2j+BRMBZ6WyZdAngjj4IoxS00sQHD533a5MQxO7LeRiAfLiJaK<br>QpdnH:oNj+BRMBxyjrjj4IPsQN336MdMfLirGp<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x95f9<br>timedatestamp.....: 0x41420ec8 (Fri Sep 10 20:30:00 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x99e8 0x9a00 6.35 6af91bcf0034dc4898aeb8a76b056b9b<br>.data 0xb000 0x21c 0x200 0.86 803d6443a13bee3aa507991a3fb8ac7a<br>.rsrc 0xc000 0x8590 0x8600 5.65 e756bebad93146465ebe06cbdcfeaa3e<br><br>( 11 imports ) <br>> KERNEL32.dll: SetUnhandledExceptionFilter, VirtualFree, UnhandledExceptionFilter, GetProcAddress, GetStartupInfoW, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, lstrlenW, GlobalHandle, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, SetLastError, lstrcmpW, GlobalAlloc, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentThread, GetLastError, CloseHandle, GetVersionExW, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, RaiseException, GetCurrentProcess, FlushInstructionCache, LoadLibraryA, VirtualAlloc<br>> msvcrt.dll: _cexit, exit, _wcmdln, __wgetmainargs, __3@YAXPAX@Z, free, _XcptFilter, _vsnwprintf, wcscmp, wcsstr, realloc, __2@YAPAXI@Z, _exit, _c_exit, _except_handler3, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsrchr<br>> ADVAPI32.dll: SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AccessCheck, FreeSid, OpenThreadToken, OpenProcessToken, DuplicateTokenEx, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, SetSecurityDescriptorOwner, AllocateAndInitializeSid, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid<br>> GDI32.dll: BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleBitmap, GetDeviceCaps, CreateCompatibleDC<br>> USER32.dll: GetActiveWindow, DialogBoxIndirectParamW, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, CharLowerW, SetDlgItemTextW, GetDlgItem, MessageBoxW, SendMessageW, LoadStringW, SetFocus, EnableWindow, EndDialog, DefWindowProcW, SetWindowLongW, GetSysColor, ReleaseCapture, SetCapture, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, GetDesktopWindow, CallWindowProcW, GetWindowLongW, GetWindow, IsChild, GetFocus, EndPaint, FillRect, GetClientRect, BeginPaint, SetWindowPos, IsWindow, RedrawWindow, GetClassNameW, GetParent, DestroyWindow, CreateAcceleratorTableW, RegisterClassExW, wsprintfW, LoadCursorW, GetClassInfoExW, CreateWindowExW, LoadIconW, SetWindowTextW<br>> SHELL32.dll: ShellExecuteW<br>> ole32.dll: CoInitialize, CoUninitialize, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CLSIDFromString, CLSIDFromProgID, OleLockRunning, CoTaskMemAlloc, CoCreateInstance, StringFromCLSID, CoTaskMemFree<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> COMCTL32.dll: ImageList_LoadImageW, ImageList_Destroy, -<br>> SHLWAPI.dll: SHDeleteEmptyKeyW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1c59f1f2dce4b0b6cfe18162599e6fac' target='_blank'>https://www.symantec.com?md5=1c59f1f2dce4b0b6cfe18162599e6fac</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1878 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 75264 bytes
MD5...: 1c59f1f2dce4b0b6cfe18162599e6fac
SHA1..: 5b39ed201d2ac22386a94745cb1e48d0c9f1fefb
SHA256: 4bf40e1e94fd7267cb4e81f4cabb76bd6f9383f08e71a7fcff0ff92a1074c762
ssdeep: 1536:o7c8INjxp2j+BRMBZ6WyZdAngjj4IoxS00sQHD533a5MQxO7LeRiAfLiJaK<br>QpdnH:oNj+BRMBxyjrjj4IPsQN336MdMfLirGp<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x95f9<br>timedatestamp.....: 0x41420ec8 (Fri Sep 10 20:30:00 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x99e8 0x9a00 6.35 6af91bcf0034dc4898aeb8a76b056b9b<br>.data 0xb000 0x21c 0x200 0.86 803d6443a13bee3aa507991a3fb8ac7a<br>.rsrc 0xc000 0x8590 0x8600 5.65 e756bebad93146465ebe06cbdcfeaa3e<br><br>( 11 imports ) <br>> KERNEL32.dll: SetUnhandledExceptionFilter, VirtualFree, UnhandledExceptionFilter, GetProcAddress, GetStartupInfoW, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, lstrlenW, GlobalHandle, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, SetLastError, lstrcmpW, GlobalAlloc, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentThread, GetLastError, CloseHandle, GetVersionExW, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, RaiseException, GetCurrentProcess, FlushInstructionCache, LoadLibraryA, VirtualAlloc<br>> msvcrt.dll: _cexit, exit, _wcmdln, __wgetmainargs, __3@YAXPAX@Z, free, _XcptFilter, _vsnwprintf, wcscmp, wcsstr, realloc, __2@YAPAXI@Z, _exit, _c_exit, _except_handler3, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsrchr<br>> ADVAPI32.dll: SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AccessCheck, FreeSid, OpenThreadToken, OpenProcessToken, DuplicateTokenEx, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, SetSecurityDescriptorOwner, AllocateAndInitializeSid, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid<br>> GDI32.dll: BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleBitmap, GetDeviceCaps, CreateCompatibleDC<br>> USER32.dll: GetActiveWindow, DialogBoxIndirectParamW, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, CharLowerW, SetDlgItemTextW, GetDlgItem, MessageBoxW, SendMessageW, LoadStringW, SetFocus, EnableWindow, EndDialog, DefWindowProcW, SetWindowLongW, GetSysColor, ReleaseCapture, SetCapture, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, GetDesktopWindow, CallWindowProcW, GetWindowLongW, GetWindow, IsChild, GetFocus, EndPaint, FillRect, GetClientRect, BeginPaint, SetWindowPos, IsWindow, RedrawWindow, GetClassNameW, GetParent, DestroyWindow, CreateAcceleratorTableW, RegisterClassExW, wsprintfW, LoadCursorW, GetClassInfoExW, CreateWindowExW, LoadIconW, SetWindowTextW<br>> SHELL32.dll: ShellExecuteW<br>> ole32.dll: CoInitialize, CoUninitialize, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CLSIDFromString, CLSIDFromProgID, OleLockRunning, CoTaskMemAlloc, CoCreateInstance, StringFromCLSID, CoTaskMemFree<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> COMCTL32.dll: ImageList_LoadImageW, ImageList_Destroy, -<br>> SHLWAPI.dll: SHDeleteEmptyKeyW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1c59f1f2dce4b0b6cfe18162599e6fac' target='_blank'>https://www.symantec.com?md5=1c59f1f2dce4b0b6cfe18162599e6fac</a>
Fichier ezsidmv.dat reçu le 2009.08.05 16:06:12 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4308 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 56 bytes
MD5...: e83e91e5ff79a33fbdb056a8cb3d4a86
SHA1..: ec3b666cdc47f24c9df7d163474d27caaea80dd2
SHA256: 5baf6a986f79563e077493e7ddb4a5402759d2cab89be0854c71102166cdfc68
ssdeep: 3:APZLFnAibodt/nuQwljo:ALx/ofPuQwlM<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4308 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 56 bytes
MD5...: e83e91e5ff79a33fbdb056a8cb3d4a86
SHA1..: ec3b666cdc47f24c9df7d163474d27caaea80dd2
SHA256: 5baf6a986f79563e077493e7ddb4a5402759d2cab89be0854c71102166cdfc68
ssdeep: 3:APZLFnAibodt/nuQwljo:ALx/ofPuQwlM<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_________________________________
Fichier arh.exe reçu le 2009.08.05 16:16:22 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin None 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 86016 bytes
MD5...: 8c27e380661ecbe327203f3b1456dd2c
SHA1..: 56e3abca71e56065fb1e91be7a070ddb8fe6f132
SHA256: 2bcfbfc72d442e492faa9e28aa18ccb7c2cee9a5ebfc6620bd164d2052886fe8
ssdeep: 1536:VYa5KvS+L6oSmpzovmSqbGSS3i8BkIk+asaMq5eZw:GS+Lhvb8KnH5eu<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2cd8<br>timedatestamp.....: 0x496aec51 (Mon Jan 12 07:08:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcf7a 0xd000 6.63 c602b5c4bc59e54d595f400e5a6aaf04<br>.rdata 0xe000 0x35f8 0x4000 4.79 14f76102f0e85272ccdb209a7d35e625<br>.data 0x12000 0x2ca4 0x2000 1.42 0ab3f9067a051cc346b8ae016e9a4d62<br>.rsrc 0x15000 0xb0 0x1000 3.05 77ce695c811789dde0a61350084b87ab<br><br>( 4 imports ) <br>> msi.dll: -, -, -<br>> SHLWAPI.dll: StrDupW, PathAppendW, PathRemoveFileSpecW, StrChrA<br>> KERNEL32.dll: HeapFree, GetExitCodeProcess, WaitForSingleObject, CloseHandle, LocalFree, MultiByteToWideChar, GetProcessHeap, CreateProcessW, WideCharToMultiByte, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, WriteConsoleW, GetFileType, GetStdHandle, GetModuleFileNameW, GetCommandLineA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetStartupInfoA, DeleteCriticalSection, Sleep, GetLastError, GetProcAddress, GetModuleHandleA, ExitProcess, LoadLibraryW, GetModuleFileNameA, RaiseException, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSection, HeapReAlloc, VirtualAlloc, LoadLibraryA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, HeapSize, SetFilePointer, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA<br>> ADVAPI32.dll: CryptReleaseContext, CryptCreateHash, CryptAcquireContextW, CryptHashData, CryptDestroyHash, CryptGetHashParam<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1875 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin None 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 86016 bytes
MD5...: 8c27e380661ecbe327203f3b1456dd2c
SHA1..: 56e3abca71e56065fb1e91be7a070ddb8fe6f132
SHA256: 2bcfbfc72d442e492faa9e28aa18ccb7c2cee9a5ebfc6620bd164d2052886fe8
ssdeep: 1536:VYa5KvS+L6oSmpzovmSqbGSS3i8BkIk+asaMq5eZw:GS+Lhvb8KnH5eu<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2cd8<br>timedatestamp.....: 0x496aec51 (Mon Jan 12 07:08:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcf7a 0xd000 6.63 c602b5c4bc59e54d595f400e5a6aaf04<br>.rdata 0xe000 0x35f8 0x4000 4.79 14f76102f0e85272ccdb209a7d35e625<br>.data 0x12000 0x2ca4 0x2000 1.42 0ab3f9067a051cc346b8ae016e9a4d62<br>.rsrc 0x15000 0xb0 0x1000 3.05 77ce695c811789dde0a61350084b87ab<br><br>( 4 imports ) <br>> msi.dll: -, -, -<br>> SHLWAPI.dll: StrDupW, PathAppendW, PathRemoveFileSpecW, StrChrA<br>> KERNEL32.dll: HeapFree, GetExitCodeProcess, WaitForSingleObject, CloseHandle, LocalFree, MultiByteToWideChar, GetProcessHeap, CreateProcessW, WideCharToMultiByte, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, WriteConsoleW, GetFileType, GetStdHandle, GetModuleFileNameW, GetCommandLineA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetStartupInfoA, DeleteCriticalSection, Sleep, GetLastError, GetProcAddress, GetModuleHandleA, ExitProcess, LoadLibraryW, GetModuleFileNameA, RaiseException, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSection, HeapReAlloc, VirtualAlloc, LoadLibraryA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, HeapSize, SetFilePointer, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA<br>> ADVAPI32.dll: CryptReleaseContext, CryptCreateHash, CryptAcquireContextW, CryptHashData, CryptDestroyHash, CryptGetHashParam<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_________________________________________________
Pour C:\sertup.exe :
Bigger than max permited size / Mayor del tamaño máximo permitido<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The answer to your request is located <a href="/fr/analisis/f644a0d2a6ab3d7dcf17445fcc0bfd6467769fa0cee61b85d8eee599b142c4ec-1249490706">here</a>.</p>
</body></html>
__________________________________________________
Fichier Atelier.exe reçu le 2009.08.05 16:53:39 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1876 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 647168 bytes
MD5...: 903bfdf4f69caba4f4de1e7fa3169c16
SHA1..: 3f174b652c6682c9e6532d3ad732c56c26310701
SHA256: bfee0c1c59baa7a01f93a9fd522c1622175d3bedff79f8dde6ad1b80bf094b1e
ssdeep: 6144:LJ2BlphwsnYI/Rt3iIhkPP+03IGUrGUU+KbNlPjWdChBNzrAsl6GCduPqZo<br>NdKfX:N4gbX+xqSIfP6splbYq7D64BQ9OaYg<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (90.9%)<br>Win32 Executable Generic (6.1%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3f7c<br>timedatestamp.....: 0x3cad7810 (Fri Apr 05 10:10:24 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9ad44 0x9b000 6.57 ea342d50d55846a2ad65281e656bc0dc<br>.data 0x9c000 0x7a20 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa4000 0x618 0x1000 1.69 c1453fabdaed8a9e230c4ebfdd4e794d<br><br>( 1 imports ) <br>> MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaStrAryToUnicode, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaStrAryToAnsi, __vbaFreeVar, __vbaLineInputStr, __vbaLateIdCall, __vbaStrVarMove, -, __vbaLenBstr, __vbaGosubReturn, __vbaPut3, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, -, __vbaCopyBytes, __vbaResume, __vbaVarCmpNe, __vbaStrCat, __vbaCyInt, -, __vbaLsetFixstr, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, -, _adj_fdiv_m32, -, __vbaVarXor, __vbaAryDestruct, __vbaLateMemSt, __vbaBoolStr, __vbaStrBool, __vbaExitProc, __vbaVarForInit, __vbaI4Abs, __vbaFileCloseAll, __vbaStrLike, __vbaObjSet, __vbaOnError, -, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, __vbaBoolVar, __vbaStrFixstr, -, __vbaVarTstLt, -, __vbaEraseKeepData, __vbaVargVar, __vbaFpR8, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, -, -, -, __vbaChkstk, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaGet4, __vbaCyI4, __vbaObjVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCySub, __vbaCastObjVar, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, -, __vbaLateIdCallLd, __vbaR8Cy, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, __vbaLateIdCallSt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, __vbaVarDiv, __vbaGosub, -, -, __vbaFPException, -, __vbaInStrVar, __vbaGetOwner3, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaGetOwner4, -, __vbaI2Var, -, __vbaFileSeek, __vbaStopExe, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, __vbaVarLateMemCallLdRf, -, __vbaNew2, __vbaInStr, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaI4Str, __vbaVarNot, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarLateMemStAd, __vbaVarCmpEq, __vbaFpCy, __vbaVarAdd, __vbaLateMemCall, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI2, __vbaVarMod, __vbaVarCopy, __vbaFpI4, __vbaVarLateMemCallLd, -, -, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaCastObj, __vbaStrMove, __vbaI4Cy, __vbaR8IntI4, -, _allmul, __vbaVarLateMemCallSt, __vbaLateIdSt, __vbaLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaFreeObj, __vbaFreeStr, -<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1876 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6659 2009.08.05 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 647168 bytes
MD5...: 903bfdf4f69caba4f4de1e7fa3169c16
SHA1..: 3f174b652c6682c9e6532d3ad732c56c26310701
SHA256: bfee0c1c59baa7a01f93a9fd522c1622175d3bedff79f8dde6ad1b80bf094b1e
ssdeep: 6144:LJ2BlphwsnYI/Rt3iIhkPP+03IGUrGUU+KbNlPjWdChBNzrAsl6GCduPqZo<br>NdKfX:N4gbX+xqSIfP6splbYq7D64BQ9OaYg<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (90.9%)<br>Win32 Executable Generic (6.1%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3f7c<br>timedatestamp.....: 0x3cad7810 (Fri Apr 05 10:10:24 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9ad44 0x9b000 6.57 ea342d50d55846a2ad65281e656bc0dc<br>.data 0x9c000 0x7a20 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa4000 0x618 0x1000 1.69 c1453fabdaed8a9e230c4ebfdd4e794d<br><br>( 1 imports ) <br>> MSVBVM60.DLL: __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaStrAryToUnicode, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaStrAryToAnsi, __vbaFreeVar, __vbaLineInputStr, __vbaLateIdCall, __vbaStrVarMove, -, __vbaLenBstr, __vbaGosubReturn, __vbaPut3, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, -, __vbaCopyBytes, __vbaResume, __vbaVarCmpNe, __vbaStrCat, __vbaCyInt, -, __vbaLsetFixstr, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, -, _adj_fdiv_m32, -, __vbaVarXor, __vbaAryDestruct, __vbaLateMemSt, __vbaBoolStr, __vbaStrBool, __vbaExitProc, __vbaVarForInit, __vbaI4Abs, __vbaFileCloseAll, __vbaStrLike, __vbaObjSet, __vbaOnError, -, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, __vbaBoolVar, __vbaStrFixstr, -, __vbaVarTstLt, -, __vbaEraseKeepData, __vbaVargVar, __vbaFpR8, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, -, -, -, __vbaChkstk, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaGet4, __vbaCyI4, __vbaObjVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCySub, __vbaCastObjVar, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, -, __vbaLateIdCallLd, __vbaR8Cy, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, __vbaLateIdCallSt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, __vbaVarDiv, __vbaGosub, -, -, __vbaFPException, -, __vbaInStrVar, __vbaGetOwner3, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaGetOwner4, -, __vbaI2Var, -, __vbaFileSeek, __vbaStopExe, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, __vbaVarLateMemCallLdRf, -, __vbaNew2, __vbaInStr, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaI4Str, __vbaVarNot, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarLateMemStAd, __vbaVarCmpEq, __vbaFpCy, __vbaVarAdd, __vbaLateMemCall, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI2, __vbaVarMod, __vbaVarCopy, __vbaFpI4, __vbaVarLateMemCallLd, -, -, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaCastObj, __vbaStrMove, __vbaI4Cy, __vbaR8IntI4, -, _allmul, __vbaVarLateMemCallSt, __vbaLateIdSt, __vbaLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaFreeObj, __vbaFreeStr, -<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
_____________________________________________________
Fichier DECCHECK.exe reçu le 2009.08.05 20:35:38 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1878 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 75264 bytes
MD5...: 1c59f1f2dce4b0b6cfe18162599e6fac
SHA1..: 5b39ed201d2ac22386a94745cb1e48d0c9f1fefb
SHA256: 4bf40e1e94fd7267cb4e81f4cabb76bd6f9383f08e71a7fcff0ff92a1074c762
ssdeep: 1536:o7c8INjxp2j+BRMBZ6WyZdAngjj4IoxS00sQHD533a5MQxO7LeRiAfLiJaK<br>QpdnH:oNj+BRMBxyjrjj4IPsQN336MdMfLirGp<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x95f9<br>timedatestamp.....: 0x41420ec8 (Fri Sep 10 20:30:00 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x99e8 0x9a00 6.35 6af91bcf0034dc4898aeb8a76b056b9b<br>.data 0xb000 0x21c 0x200 0.86 803d6443a13bee3aa507991a3fb8ac7a<br>.rsrc 0xc000 0x8590 0x8600 5.65 e756bebad93146465ebe06cbdcfeaa3e<br><br>( 11 imports ) <br>> KERNEL32.dll: SetUnhandledExceptionFilter, VirtualFree, UnhandledExceptionFilter, GetProcAddress, GetStartupInfoW, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, lstrlenW, GlobalHandle, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, SetLastError, lstrcmpW, GlobalAlloc, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentThread, GetLastError, CloseHandle, GetVersionExW, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, RaiseException, GetCurrentProcess, FlushInstructionCache, LoadLibraryA, VirtualAlloc<br>> msvcrt.dll: _cexit, exit, _wcmdln, __wgetmainargs, __3@YAXPAX@Z, free, _XcptFilter, _vsnwprintf, wcscmp, wcsstr, realloc, __2@YAPAXI@Z, _exit, _c_exit, _except_handler3, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsrchr<br>> ADVAPI32.dll: SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AccessCheck, FreeSid, OpenThreadToken, OpenProcessToken, DuplicateTokenEx, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, SetSecurityDescriptorOwner, AllocateAndInitializeSid, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid<br>> GDI32.dll: BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleBitmap, GetDeviceCaps, CreateCompatibleDC<br>> USER32.dll: GetActiveWindow, DialogBoxIndirectParamW, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, CharLowerW, SetDlgItemTextW, GetDlgItem, MessageBoxW, SendMessageW, LoadStringW, SetFocus, EnableWindow, EndDialog, DefWindowProcW, SetWindowLongW, GetSysColor, ReleaseCapture, SetCapture, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, GetDesktopWindow, CallWindowProcW, GetWindowLongW, GetWindow, IsChild, GetFocus, EndPaint, FillRect, GetClientRect, BeginPaint, SetWindowPos, IsWindow, RedrawWindow, GetClassNameW, GetParent, DestroyWindow, CreateAcceleratorTableW, RegisterClassExW, wsprintfW, LoadCursorW, GetClassInfoExW, CreateWindowExW, LoadIconW, SetWindowTextW<br>> SHELL32.dll: ShellExecuteW<br>> ole32.dll: CoInitialize, CoUninitialize, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CLSIDFromString, CLSIDFromProgID, OleLockRunning, CoTaskMemAlloc, CoCreateInstance, StringFromCLSID, CoTaskMemFree<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> COMCTL32.dll: ImageList_LoadImageW, ImageList_Destroy, -<br>> SHLWAPI.dll: SHDeleteEmptyKeyW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1c59f1f2dce4b0b6cfe18162599e6fac' target='_blank'>https://www.symantec.com?md5=1c59f1f2dce4b0b6cfe18162599e6fac</a>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.05 -
AhnLab-V3 5.0.0.2 2009.08.05 -
AntiVir 7.9.0.240 2009.08.05 -
Antiy-AVL 2.0.3.7 2009.08.05 -
Authentium 5.1.2.4 2009.08.05 -
Avast 4.8.1335.0 2009.08.05 -
AVG 8.5.0.406 2009.08.05 -
BitDefender 7.2 2009.08.05 -
CAT-QuickHeal 10.00 2009.08.05 -
ClamAV 0.94.1 2009.08.05 -
Comodo 1878 2009.08.05 -
DrWeb 5.0.0.12182 2009.08.05 -
eSafe 7.0.17.0 2009.08.05 -
eTrust-Vet 31.6.6660 2009.08.05 -
F-Prot 4.4.4.56 2009.08.05 -
F-Secure 8.0.14470.0 2009.08.05 -
Fortinet 3.120.0.0 2009.08.05 -
GData 19 2009.08.05 -
Ikarus T3.1.1.64.0 2009.08.05 -
Jiangmin 11.0.800 2009.08.05 -
K7AntiVirus 7.10.811 2009.08.05 -
Kaspersky 7.0.0.125 2009.08.05 -
McAfee 5699 2009.08.05 -
McAfee+Artemis 5699 2009.08.05 -
McAfee-GW-Edition 6.8.5 2009.08.05 -
Microsoft 1.4903 2009.08.04 -
NOD32 4309 2009.08.05 -
Norman 6.01.09 2009.08.05 -
nProtect 2009.1.8.0 2009.08.05 -
Panda 10.0.0.14 2009.08.05 -
PCTools 4.4.2.0 2009.08.05 -
Prevx 3.0 2009.08.05 -
Rising 21.41.24.00 2009.08.05 -
Sophos 4.44.0 2009.08.05 -
Sunbelt 3.2.1858.2 2009.08.05 -
Symantec 1.4.4.12 2009.08.05 -
TheHacker 6.3.4.3.377 2009.08.05 -
TrendMicro 8.950.0.1094 2009.08.05 -
VBA32 3.12.10.9 2009.08.05 -
ViRobot 2009.8.5.1869 2009.08.05 -
VirusBuster 4.6.5.0 2009.08.05 -
Information additionnelle
File size: 75264 bytes
MD5...: 1c59f1f2dce4b0b6cfe18162599e6fac
SHA1..: 5b39ed201d2ac22386a94745cb1e48d0c9f1fefb
SHA256: 4bf40e1e94fd7267cb4e81f4cabb76bd6f9383f08e71a7fcff0ff92a1074c762
ssdeep: 1536:o7c8INjxp2j+BRMBZ6WyZdAngjj4IoxS00sQHD533a5MQxO7LeRiAfLiJaK<br>QpdnH:oNj+BRMBxyjrjj4IPsQN336MdMfLirGp<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x95f9<br>timedatestamp.....: 0x41420ec8 (Fri Sep 10 20:30:00 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x99e8 0x9a00 6.35 6af91bcf0034dc4898aeb8a76b056b9b<br>.data 0xb000 0x21c 0x200 0.86 803d6443a13bee3aa507991a3fb8ac7a<br>.rsrc 0xc000 0x8590 0x8600 5.65 e756bebad93146465ebe06cbdcfeaa3e<br><br>( 11 imports ) <br>> KERNEL32.dll: SetUnhandledExceptionFilter, VirtualFree, UnhandledExceptionFilter, GetProcAddress, GetStartupInfoW, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, lstrlenW, GlobalHandle, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, SetLastError, lstrcmpW, GlobalAlloc, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentThread, GetLastError, CloseHandle, GetVersionExW, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, RaiseException, GetCurrentProcess, FlushInstructionCache, LoadLibraryA, VirtualAlloc<br>> msvcrt.dll: _cexit, exit, _wcmdln, __wgetmainargs, __3@YAXPAX@Z, free, _XcptFilter, _vsnwprintf, wcscmp, wcsstr, realloc, __2@YAPAXI@Z, _exit, _c_exit, _except_handler3, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsrchr<br>> ADVAPI32.dll: SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AccessCheck, FreeSid, OpenThreadToken, OpenProcessToken, DuplicateTokenEx, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, SetSecurityDescriptorOwner, AllocateAndInitializeSid, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid<br>> GDI32.dll: BitBlt, SelectObject, DeleteDC, DeleteObject, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleBitmap, GetDeviceCaps, CreateCompatibleDC<br>> USER32.dll: GetActiveWindow, DialogBoxIndirectParamW, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, CharLowerW, SetDlgItemTextW, GetDlgItem, MessageBoxW, SendMessageW, LoadStringW, SetFocus, EnableWindow, EndDialog, DefWindowProcW, SetWindowLongW, GetSysColor, ReleaseCapture, SetCapture, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, GetDesktopWindow, CallWindowProcW, GetWindowLongW, GetWindow, IsChild, GetFocus, EndPaint, FillRect, GetClientRect, BeginPaint, SetWindowPos, IsWindow, RedrawWindow, GetClassNameW, GetParent, DestroyWindow, CreateAcceleratorTableW, RegisterClassExW, wsprintfW, LoadCursorW, GetClassInfoExW, CreateWindowExW, LoadIconW, SetWindowTextW<br>> SHELL32.dll: ShellExecuteW<br>> ole32.dll: CoInitialize, CoUninitialize, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CLSIDFromString, CLSIDFromProgID, OleLockRunning, CoTaskMemAlloc, CoCreateInstance, StringFromCLSID, CoTaskMemFree<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> COMCTL32.dll: ImageList_LoadImageW, ImageList_Destroy, -<br>> SHLWAPI.dll: SHDeleteEmptyKeyW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1c59f1f2dce4b0b6cfe18162599e6fac' target='_blank'>https://www.symantec.com?md5=1c59f1f2dce4b0b6cfe18162599e6fac</a>
Bonjour,
jeannotlapin31, sai s tu à quoi corresponde ces 2 fichiers détecté par usb fix. Merci.
C:\ATELIER\Atelier.exe
C:\DECCHECK\DECCHECK.exe
jeannotlapin31, sai s tu à quoi corresponde ces 2 fichiers détecté par usb fix. Merci.
C:\ATELIER\Atelier.exe
C:\DECCHECK\DECCHECK.exe
Pimprenelle27,
Le fichier ATELIER.exe correspond au logiciel "Atelier de la langue francaise", mon dico que j'utilise tt le temps ; et le fichier DECCHECK correspond au "Windows XP video decoder check-up utility" que je me souvient avoir installe' mais que j'utilise jamais... Sinon pour ce qui est de mon pc je recois bcp moins souvent les alertes de trojans ce qui ne veut ps dire que j'en suis debarasse'. P ex j'ai recu aujourd'hui encore le TR/PSW.Magania.bexj [trojan].
Le fichier ATELIER.exe correspond au logiciel "Atelier de la langue francaise", mon dico que j'utilise tt le temps ; et le fichier DECCHECK correspond au "Windows XP video decoder check-up utility" que je me souvient avoir installe' mais que j'utilise jamais... Sinon pour ce qui est de mon pc je recois bcp moins souvent les alertes de trojans ce qui ne veut ps dire que j'en suis debarasse'. P ex j'ai recu aujourd'hui encore le TR/PSW.Magania.bexj [trojan].
bonjour, Me faire ceci STP :
▶ Télécharge Random's System Information Tool (RSIT).
▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur 'Continue' à l'écran Disclaimer.
▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
▶ Télécharge Random's System Information Tool (RSIT).
▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur 'Continue' à l'écran Disclaimer.
▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
