Msn photo virus
Résolu/Fermé
A voir également:
- Msn photo virus
- Traduction photo gratuit - Guide
- Photo de profil - Guide
- Partage photo - Guide
- Msn - Télécharger - Messagerie
- Photo aérienne de ma maison - Guide
46 réponses
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
1 oct. 2009 à 20:19
1 oct. 2009 à 20:19
Salut,
MSNcleaner ------>
[x] Téléchargez MSNcleaner à cette adresse : http://dl.commentcamarche.net/www.commentcamarche.net/download/files/MsnCleaner.zip
[x] Décompressez l'archive sur le bureau.
[x] Double cliquez sur " MSNCleaner.exe "
[x] Dans " Language " à gauche, choissisez " French "
[x] Cliquez ensuite sur " Analyse " puis " Supprimer " si des fichiers ont été détéctés.
[x] Cliquez enfin sur " Repor " et copier/coller le rapport dans votre prochain message.
MSNcleaner ------>
[x] Téléchargez MSNcleaner à cette adresse : http://dl.commentcamarche.net/www.commentcamarche.net/download/files/MsnCleaner.zip
[x] Décompressez l'archive sur le bureau.
[x] Double cliquez sur " MSNCleaner.exe "
[x] Dans " Language " à gauche, choissisez " French "
[x] Cliquez ensuite sur " Analyse " puis " Supprimer " si des fichiers ont été détéctés.
[x] Cliquez enfin sur " Repor " et copier/coller le rapport dans votre prochain message.
Je viens de le faire et il n'a détecté aucun virus. Je ne me souviens plus exactement du message sur lequel j'ai cliqué mais c'était en rapport avec facebook sur l'adresse je crois ;)
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
1 oct. 2009 à 20:37
1 oct. 2009 à 20:37
Ok, fais ceci pour un diagnostic complet de ton PC :
RSIT ----->
[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe
[x] Double clique sur " RSIT.exe ".
[x] Clique sur " Continue ".
[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.
[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.
[x] Copie colle le contenu des deux rapports dans ton prochain message
-------> Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit
RSIT ----->
[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe
[x] Double clique sur " RSIT.exe ".
[x] Clique sur " Continue ".
[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.
[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.
[x] Copie colle le contenu des deux rapports dans ton prochain message
-------> Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bastien at 2009-10-01 20:44:56
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (7%) free of 76 GB
Total RAM: 1014 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:24, on 01/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Documents and Settings\Bastien\Bureau\RSIT.exe
C:\Program Files\trend micro\Bastien.exe
C:\Documents and Settings\Bastien\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.exe
C:\DOCUME~1\Bastien\LOCALS~1\Temp\is-61VFB.tmp\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.tmp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O1 - Hosts: ;Tag&rename
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Run by Bastien at 2009-10-01 20:44:56
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (7%) free of 76 GB
Total RAM: 1014 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:24, on 01/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Documents and Settings\Bastien\Bureau\RSIT.exe
C:\Program Files\trend micro\Bastien.exe
C:\Documents and Settings\Bastien\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.exe
C:\DOCUME~1\Bastien\LOCALS~1\Temp\is-61VFB.tmp\malwarebytes-anti-malware_malwarebytes_anti-malware_1.41_francais_215092.tmp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O1 - Hosts: ;Tag&rename
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
1 oct. 2009 à 20:58
1 oct. 2009 à 20:58
Ok, fais ceci :
Toolbar S&D ----->
Télécharge Toolbar S&D Ici : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
Suis le tutorial disponible à cette adresse : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
Lance l'option 1 ( Recherche )
Puis copie/colle le rapport dans ton prochain message ( Il se trouve sous C:\TB.txt )
----------
ESET Nod32 Scan en ligne ----->
[x] Rends toi sur ce site : https://www.eset.com/
/!\ Il faut que tu utilises internet explorer pour faire l'analyse en ligne /!\
[x] Coche " Oui, j'accepte.... " puis cliques sur " Start ".
[x] Attend un peu le chargement de la page, puis clique sur le bandeau jaune en haut de
l'écran " Ce site nécessite.... OnlineScanner.cab... "
-> Clique sur " Installer le contrôle ActiveX "
-> Confirme ensuite en cliquant sur " Installer " dans la petite fenêtre qui s'ouvre.
[x] Clique sur paramètre avancé, puis coche " Rechercher les applications potentiellement dangereuses " , vérifie que les deux premieres cases sont elles aussi cochées.
[x] Le scanner se mettra à jour, celà peut prendre un certain temps
[x] L'analyse va ensuite s'effectuer.
[x] Copie/Colle le rapport dans ton prochain message. ( C:\ESET\...\log.txt )
Toolbar S&D ----->
Télécharge Toolbar S&D Ici : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
Suis le tutorial disponible à cette adresse : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
Lance l'option 1 ( Recherche )
Puis copie/colle le rapport dans ton prochain message ( Il se trouve sous C:\TB.txt )
----------
ESET Nod32 Scan en ligne ----->
[x] Rends toi sur ce site : https://www.eset.com/
/!\ Il faut que tu utilises internet explorer pour faire l'analyse en ligne /!\
[x] Coche " Oui, j'accepte.... " puis cliques sur " Start ".
[x] Attend un peu le chargement de la page, puis clique sur le bandeau jaune en haut de
l'écran " Ce site nécessite.... OnlineScanner.cab... "
-> Clique sur " Installer le contrôle ActiveX "
-> Confirme ensuite en cliquant sur " Installer " dans la petite fenêtre qui s'ouvre.
[x] Clique sur paramètre avancé, puis coche " Rechercher les applications potentiellement dangereuses " , vérifie que les deux premieres cases sont elles aussi cochées.
[x] Le scanner se mettra à jour, celà peut prendre un certain temps
[x] L'analyse va ensuite s'effectuer.
[x] Copie/Colle le rapport dans ton prochain message. ( C:\ESET\...\log.txt )
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Bastien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090930-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 01/10/2009|21:05 )
-----------\\ Recherche de Fichiers / Dossiers ...
[Service] ASKService
[Service] ASKUpgrade
C:\DOCUME~1\Bastien\LOCALS~1\Temp\NERO14688\Toolbar.exe
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\0103FB2D
C:\Program Files\AskBarDis\bar\Cache\01040435.bin
C:\Program Files\AskBarDis\bar\Cache\01040BA7.bin
C:\Program Files\AskBarDis\bar\Cache\01040DE9.bin
C:\Program Files\AskBarDis\bar\Cache\0104129D.bin
C:\Program Files\AskBarDis\bar\Cache\01041471.bin
C:\Program Files\AskBarDis\bar\Cache\01041721.bin
C:\Program Files\AskBarDis\bar\Cache\010419C1.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\00BC0750
C:\Program Files\AskTBar\bar\Cache\028260DA.bin
C:\Program Files\AskTBar\bar\Cache\028263C8.bin
C:\Program Files\AskTBar\bar\Cache\0282652F.bin
C:\Program Files\AskTBar\bar\Cache\02826752.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
-----------\\ Extensions
(Bastien) - {1c491116-c175-45e1-a570-6fb14fea8b7b} => phpnukefr
(Bastien) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Bastien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ww12.cherche.us"
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2102473"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Page_URL"="http://ww12.cherche.us"
"Search Bar"="http://ww12.cherche.us"
"Default_Search_URL"="http://www.cherche.us/keyword/%s"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page_bak"="http://ww12.cherche.us"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
C:\DOCUME~1\Bastien\Mes documents\CD\Vol. 3\8. Neil Diamond - Cracklin' Rosie.mp3
C:\DOCUME~1\Bastien\Mes documents\Ma musique\The Moldy Peaches\Moldy Peaches_The Moldy Peaches_13_Who's Got the Crack.mp3
C:\DOCUME~1\Bastien\Mes documents\Stars\Shannyn Sossamon - Life Is Hot In Cracktown by DeepAtSea.avi
1 - "C:\ToolBar SD\TB_1.txt" - 01/10/2009|21:06 - Option : [1]
-----------\\ Fin du rapport a 21:06:54,48
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Bastien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090930-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 01/10/2009|21:05 )
-----------\\ Recherche de Fichiers / Dossiers ...
[Service] ASKService
[Service] ASKUpgrade
C:\DOCUME~1\Bastien\LOCALS~1\Temp\NERO14688\Toolbar.exe
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\0103FB2D
C:\Program Files\AskBarDis\bar\Cache\01040435.bin
C:\Program Files\AskBarDis\bar\Cache\01040BA7.bin
C:\Program Files\AskBarDis\bar\Cache\01040DE9.bin
C:\Program Files\AskBarDis\bar\Cache\0104129D.bin
C:\Program Files\AskBarDis\bar\Cache\01041471.bin
C:\Program Files\AskBarDis\bar\Cache\01041721.bin
C:\Program Files\AskBarDis\bar\Cache\010419C1.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\00BC0750
C:\Program Files\AskTBar\bar\Cache\028260DA.bin
C:\Program Files\AskTBar\bar\Cache\028263C8.bin
C:\Program Files\AskTBar\bar\Cache\0282652F.bin
C:\Program Files\AskTBar\bar\Cache\02826752.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
-----------\\ Extensions
(Bastien) - {1c491116-c175-45e1-a570-6fb14fea8b7b} => phpnukefr
(Bastien) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Bastien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ww12.cherche.us"
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2102473"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Page_URL"="http://ww12.cherche.us"
"Search Bar"="http://ww12.cherche.us"
"Default_Search_URL"="http://www.cherche.us/keyword/%s"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page_bak"="http://ww12.cherche.us"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
C:\DOCUME~1\Bastien\Mes documents\CD\Vol. 3\8. Neil Diamond - Cracklin' Rosie.mp3
C:\DOCUME~1\Bastien\Mes documents\Ma musique\The Moldy Peaches\Moldy Peaches_The Moldy Peaches_13_Who's Got the Crack.mp3
C:\DOCUME~1\Bastien\Mes documents\Stars\Shannyn Sossamon - Life Is Hot In Cracktown by DeepAtSea.avi
1 - "C:\ToolBar SD\TB_1.txt" - 01/10/2009|21:06 - Option : [1]
-----------\\ Fin du rapport a 21:06:54,48
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
1 oct. 2009 à 21:09
1 oct. 2009 à 21:09
--- Suppression ---
[x] Relance Toolbar S&D et choisi l'option 2 ( Suppression ).
[x] Ne fait rien pendant la procédure.
[x] Copie/Colle le rapport dans ton prochain message.
------------>
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
-> Tout ceci n'est justement pas à garder, les cracks/keygens sont une grande source d'infection pour ton PC.
------------------
J'attend aussi le rapport du scan en ligne de nod32.
[x] Relance Toolbar S&D et choisi l'option 2 ( Suppression ).
[x] Ne fait rien pendant la procédure.
[x] Copie/Colle le rapport dans ton prochain message.
------------>
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
-> Tout ceci n'est justement pas à garder, les cracks/keygens sont une grande source d'infection pour ton PC.
------------------
J'attend aussi le rapport du scan en ligne de nod32.
Bah j'ai passé ESET Nod32 Scan, il a trouvé 8 trucs déféctueux que j'ai demandé de supprimer. Ainsi, je ne sais pas si le virus est toujours là, il y a t-il un moyen de savoir ?
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
1 oct. 2009 à 22:15
1 oct. 2009 à 22:15
Poste le rapport qui se trouve sous C:\ESET\...\log.txt
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=3205de0071307c48a8e510c152d429ac
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-01 07:55:45
# local_time=2009-10-01 09:55:45 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 49552343750
# scanned=60133
# found=8
# cleaned=8
# scan_time=2400
C:\Documents and Settings\Bastien\Local Settings\Temp\NERO1004560\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temp\NERO14688\Toolbar.exe Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temporary Internet Files\Content.IE5\BZQ6VWH7\IMG00068714911567251832-JPG[1].EXE IRC/SdBot cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temporary Internet Files\Content.IE5\UHO2NZUU\IMG00068714911567251832-JPG[1].EXE IRC/SdBot cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Win32/Toolbar.MyWebSearch application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\Piratrax\uninstall.exe NewHeur_PE virus probablement inconnu (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=3205de0071307c48a8e510c152d429ac
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-01 08:54:42
# local_time=2009-10-01 10:54:42 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 28747031250
# scanned=360
# found=0
# cleaned=0
# scan_time=20
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=3205de0071307c48a8e510c152d429ac
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-01 07:55:45
# local_time=2009-10-01 09:55:45 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 49552343750
# scanned=60133
# found=8
# cleaned=8
# scan_time=2400
C:\Documents and Settings\Bastien\Local Settings\Temp\NERO1004560\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temp\NERO14688\Toolbar.exe Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temporary Internet Files\Content.IE5\BZQ6VWH7\IMG00068714911567251832-JPG[1].EXE IRC/SdBot cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\Bastien\Local Settings\Temporary Internet Files\Content.IE5\UHO2NZUU\IMG00068714911567251832-JPG[1].EXE IRC/SdBot cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Win32/Toolbar.MyWebSearch application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\Piratrax\uninstall.exe NewHeur_PE virus probablement inconnu (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=3205de0071307c48a8e510c152d429ac
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-01 08:54:42
# local_time=2009-10-01 10:54:42 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 28747031250
# scanned=360
# found=0
# cleaned=0
# scan_time=20
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Bastien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 091001-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 02/10/2009|10:56 )
-----------\\ SUPPRESSION
Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Bastien) - {1c491116-c175-45e1-a570-6fb14fea8b7b} => phpnukefr
(Bastien) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Bastien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ww12.cherche.us"
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2102473"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Page_URL"="http://ww12.cherche.us"
"Search Bar"="http://ww12.cherche.us"
"Default_Search_URL"="http://www.cherche.us/keyword/%s"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page_bak"="http://ww12.cherche.us"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
C:\DOCUME~1\Bastien\Mes documents\CD\Vol. 3\8. Neil Diamond - Cracklin' Rosie.mp3
C:\DOCUME~1\Bastien\Mes documents\Ma musique\The Moldy Peaches\Moldy Peaches_The Moldy Peaches_13_Who's Got the Crack.mp3
C:\DOCUME~1\Bastien\Mes documents\Stars\Shannyn Sossamon - Life Is Hot In Cracktown by DeepAtSea.avi
1 - "C:\ToolBar SD\TB_1.txt" - 01/10/2009|21:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/10/2009|10:58 - Option : [2]
-----------\\ Fin du rapport a 10:58:32,68
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Bastien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 091001-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 02/10/2009|10:56 )
-----------\\ SUPPRESSION
Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Bastien) - {1c491116-c175-45e1-a570-6fb14fea8b7b} => phpnukefr
(Bastien) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Bastien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ww12.cherche.us"
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2102473"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Page_URL"="http://ww12.cherche.us"
"Search Bar"="http://ww12.cherche.us"
"Default_Search_URL"="http://www.cherche.us/keyword/%s"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page_bak"="http://ww12.cherche.us"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Bastien\Application Data\Azureus\torrents\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack [mininova].torrent
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Sony Vegas Movie Studio Platinum Professional Pack 2008 v9.0b (build 92) - Mr1000 + Crack.rar
C:\DOCUME~1\Bastien\Mes documents\A garder\Vegas movie studio\Crack\VegasMovieStudioPE90.exe
C:\DOCUME~1\Bastien\Mes documents\CD\Vol. 3\8. Neil Diamond - Cracklin' Rosie.mp3
C:\DOCUME~1\Bastien\Mes documents\Ma musique\The Moldy Peaches\Moldy Peaches_The Moldy Peaches_13_Who's Got the Crack.mp3
C:\DOCUME~1\Bastien\Mes documents\Stars\Shannyn Sossamon - Life Is Hot In Cracktown by DeepAtSea.avi
1 - "C:\ToolBar SD\TB_1.txt" - 01/10/2009|21:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/10/2009|10:58 - Option : [2]
-----------\\ Fin du rapport a 10:58:32,68
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
2 oct. 2009 à 16:25
2 oct. 2009 à 16:25
Ok, refais maintenant un log RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bastien at 2009-10-02 17:06:06
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (6%) free of 76 GB
Total RAM: 1014 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:16, on 02/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Bastien\Mes documents\A garder\RSIT.exe
C:\Program Files\trend micro\Bastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O1 - Hosts: ;Tag&rename
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Run by Bastien at 2009-10-02 17:06:06
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (6%) free of 76 GB
Total RAM: 1014 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:16, on 02/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Bastien\Mes documents\A garder\RSIT.exe
C:\Program Files\trend micro\Bastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O1 - Hosts: ;Tag&rename
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
2 oct. 2009 à 20:26
2 oct. 2009 à 20:26
VirusTotal :
Rend toi sur https://www.virustotal.com/gui/
Clique sur " Parcourir " puis séléctionne le fichier suivant : C:\WINDOWS\tsnp325.exe
Poste le contenu du rapport de scan dans ton prochain message.
Fais la même chose pour ce fichier : C:\WINDOWS\vsnp325.exe
j'attend donc les 2 rapports.
Rend toi sur https://www.virustotal.com/gui/
Clique sur " Parcourir " puis séléctionne le fichier suivant : C:\WINDOWS\tsnp325.exe
Poste le contenu du rapport de scan dans ton prochain message.
Fais la même chose pour ce fichier : C:\WINDOWS\vsnp325.exe
j'attend donc les 2 rapports.
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
2 oct. 2009 à 22:50
2 oct. 2009 à 22:50
Normalement le rapport est affiché sur la page web, avec une liste de plusieurs antivirus , copie/colle les
Rapport 1 :
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.10.02 -
AhnLab-V3 5.0.0.2 2009.10.02 -
AntiVir 7.9.1.27 2009.10.02 -
Antiy-AVL 2.0.3.7 2009.10.02 -
Authentium 5.1.2.4 2009.10.02 -
Avast 4.8.1351.0 2009.10.02 -
AVG 8.5.0.412 2009.10.02 -
BitDefender 7.2 2009.10.02 -
CAT-QuickHeal 10.00 2009.10.01 -
ClamAV 0.94.1 2009.10.02 -
Comodo 2493 2009.10.02 -
DrWeb 5.0.0.12182 2009.10.02 -
eSafe 7.0.17.0 2009.10.01 -
eTrust-Vet 31.6.6773 2009.10.02 -
F-Prot 4.5.1.85 2009.10.02 -
F-Secure 8.0.14470.0 2009.10.02 -
Fortinet 3.120.0.0 2009.10.02 -
GData 19 2009.10.02 -
Ikarus T3.1.1.72.0 2009.10.02 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.858 2009.10.01 -
Kaspersky 7.0.0.125 2009.10.02 -
McAfee 5759 2009.10.02 -
McAfee+Artemis 5759 2009.10.02 -
McAfee-GW-Edition 6.8.5 2009.10.02 -
Microsoft 1.5101 2009.10.02 -
NOD32 4477 2009.10.02 -
Norman 6.01.09 2009.10.02 -
nProtect 2009.1.8.0 2009.10.02 -
Panda 10.0.2.2 2009.10.02 -
PCTools 4.4.2.0 2009.10.02 -
Prevx 3.0 2009.10.02 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.02 -
Sunbelt 3.2.1858.2 2009.10.02 -
Symantec 1.4.4.12 2009.10.02 -
TheHacker 6.5.0.2.026 2009.10.02 -
TrendMicro 8.950.0.1094 2009.10.02 -
VBA32 3.12.10.11 2009.09.30 -
ViRobot 2009.10.2.1968 2009.10.02 -
VirusBuster 4.6.5.0 2009.10.02 -
Information additionnelle
File size: 270336 bytes
MD5 : 8110408ff2b1ff2f823d0f752a9bfff3
SHA1 : 1174d3dda91b6658528bd00f60e4182a38f054c8
SHA256: 4b551a6f6887032bbb539ef65e88a1082c24028da3d8e4847ddc3d9bd02a04fc
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40CA50
timedatestamp.....: 0x46296AB1 (Sat Apr 21 03:36:49 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24F9B 0x25000 6.60 ad7a3e54cb12903946ebff58634e1887
.rdata 0x26000 0x96FE 0xA000 4.61 67db8d10b868d3419fd4df22d5309d7b
.data 0x30000 0x8528 0x5000 2.25 97bd6be012afde0462947e4b0e686a63
.rsrc 0x39000 0xCE60 0xD000 5.33 0e22d65feeea550c1670c39b8f19018f
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ThreatExpert: https://www.symantec.com?md5=8110408ff2b1ff2f823d0f752a9bfff3
ssdeep: 3072:zuGcN2OQz2d5/e7iWeeKfI2xQZEqUgq4YsBrx4ena4vQp9g+Q0/tocDJSKr6Kz+d:LKH7eKfgEL4YsBr3ip9ZUKuX
PEiD : Armadillo v1.71
PDFiD : ['-', None, None]
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.10.02 -
AhnLab-V3 5.0.0.2 2009.10.02 -
AntiVir 7.9.1.27 2009.10.02 -
Antiy-AVL 2.0.3.7 2009.10.02 -
Authentium 5.1.2.4 2009.10.02 -
Avast 4.8.1351.0 2009.10.02 -
AVG 8.5.0.412 2009.10.02 -
BitDefender 7.2 2009.10.02 -
CAT-QuickHeal 10.00 2009.10.01 -
ClamAV 0.94.1 2009.10.02 -
Comodo 2493 2009.10.02 -
DrWeb 5.0.0.12182 2009.10.02 -
eSafe 7.0.17.0 2009.10.01 -
eTrust-Vet 31.6.6773 2009.10.02 -
F-Prot 4.5.1.85 2009.10.02 -
F-Secure 8.0.14470.0 2009.10.02 -
Fortinet 3.120.0.0 2009.10.02 -
GData 19 2009.10.02 -
Ikarus T3.1.1.72.0 2009.10.02 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.858 2009.10.01 -
Kaspersky 7.0.0.125 2009.10.02 -
McAfee 5759 2009.10.02 -
McAfee+Artemis 5759 2009.10.02 -
McAfee-GW-Edition 6.8.5 2009.10.02 -
Microsoft 1.5101 2009.10.02 -
NOD32 4477 2009.10.02 -
Norman 6.01.09 2009.10.02 -
nProtect 2009.1.8.0 2009.10.02 -
Panda 10.0.2.2 2009.10.02 -
PCTools 4.4.2.0 2009.10.02 -
Prevx 3.0 2009.10.02 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.02 -
Sunbelt 3.2.1858.2 2009.10.02 -
Symantec 1.4.4.12 2009.10.02 -
TheHacker 6.5.0.2.026 2009.10.02 -
TrendMicro 8.950.0.1094 2009.10.02 -
VBA32 3.12.10.11 2009.09.30 -
ViRobot 2009.10.2.1968 2009.10.02 -
VirusBuster 4.6.5.0 2009.10.02 -
Information additionnelle
File size: 270336 bytes
MD5 : 8110408ff2b1ff2f823d0f752a9bfff3
SHA1 : 1174d3dda91b6658528bd00f60e4182a38f054c8
SHA256: 4b551a6f6887032bbb539ef65e88a1082c24028da3d8e4847ddc3d9bd02a04fc
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40CA50
timedatestamp.....: 0x46296AB1 (Sat Apr 21 03:36:49 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x24F9B 0x25000 6.60 ad7a3e54cb12903946ebff58634e1887
.rdata 0x26000 0x96FE 0xA000 4.61 67db8d10b868d3419fd4df22d5309d7b
.data 0x30000 0x8528 0x5000 2.25 97bd6be012afde0462947e4b0e686a63
.rsrc 0x39000 0xCE60 0xD000 5.33 0e22d65feeea550c1670c39b8f19018f
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ThreatExpert: https://www.symantec.com?md5=8110408ff2b1ff2f823d0f752a9bfff3
ssdeep: 3072:zuGcN2OQz2d5/e7iWeeKfI2xQZEqUgq4YsBrx4ena4vQp9g+Q0/tocDJSKr6Kz+d:LKH7eKfgEL4YsBr3ip9ZUKuX
PEiD : Armadillo v1.71
PDFiD : ['-', None, None]
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.09.25 -
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.24 -
AVG 8.5.0.412 2009.09.25 -
BitDefender 7.2 2009.09.25 -
CAT-QuickHeal 10.00 2009.09.25 -
ClamAV 0.94.1 2009.09.25 -
Comodo 2432 2009.09.25 -
DrWeb 5.0.0.12182 2009.09.25 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6760 2009.09.25 -
F-Prot 4.5.1.85 2009.09.24 -
F-Secure 8.0.14470.0 2009.09.25 -
Fortinet 3.120.0.0 2009.09.25 -
GData 19 2009.09.25 -
Ikarus T3.1.1.72.0 2009.09.25 -
Jiangmin 11.0.800 2009.09.25 -
K7AntiVirus 7.10.853 2009.09.24 -
Kaspersky 7.0.0.125 2009.09.25 -
McAfee 5751 2009.09.24 -
McAfee+Artemis 5751 2009.09.24 -
McAfee-GW-Edition 6.8.5 2009.09.25 -
Microsoft 1.5005 2009.09.23 -
NOD32 4456 2009.09.25 -
Norman 6.01.09 2009.09.24 -
nProtect 2009.1.8.0 2009.09.25 -
Panda 10.0.2.2 2009.09.24 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.25 -
Rising 21.48.43.00 2009.09.25 -
Sophos 4.45.0 2009.09.25 -
Sunbelt 3.2.1858.2 2009.09.24 -
Symantec 1.4.4.12 2009.09.25 -
TheHacker 6.5.0.2.017 2009.09.24 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.25.1956 2009.09.25 -
VirusBuster 4.6.5.0 2009.09.24 -
Information additionnelle
File size: 835584 bytes
MD5 : e5bed85422379c2f2d689a4ec16c4110
SHA1 : 338d2e456b27235ba0953fa387a2a56bf4d90a69
SHA256: 8f56b4048cab1afa4c812d8cc6b55f94baa9c59b19b67881a399c36bdc95d8c6
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x8AF2F
timedatestamp.....: 0x4642AB11 (Thu May 10 07:18:09 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8B14A 0x8C000 6.62 36f43b42f2d00747b5b9d3f3b292d365
.rdata 0x8D000 0x25E56 0x26000 4.13 51b018fe515852fac2ab147123c97781
.data 0xB3000 0x118AC 0xC000 5.37 4dee50aa97ee7278a7b0119f5371e725
.rsrc 0xC5000 0xCA28 0xD000 4.68 62641e0575fb605583ccfdeab852fe81
( 8 imports )
> advapi32.dll: QueryServiceStatus, RegQueryValueExA, RegOpenKeyExA, CloseServiceHandle, StartServiceA, ControlService, OpenServiceA, OpenSCManagerA, RegSetValueExA, RegEnumValueA, RegCloseKey
> gdi32.dll: SetBkColor, StretchBlt, GetClipBox, CreateRectRgnIndirect, ExtSelectClipRgn, SetStretchBltMode, GetObjectA, RealizePalette, GetDIBits, CreateDIBSection, BitBlt, CreateBitmap, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, SetDIBitsToDevice, GetEnhMetaFilePaletteEntries, ExtTextOutA, DeleteEnhMetaFile, GetDeviceCaps, CreateCompatibleBitmap, RectVisible, StretchDIBits, SetBkMode, SetTextColor, CreatePalette, CreateFontIndirectA, CombineRgn, CreateRectRgn, PlayEnhMetaFile, SelectPalette, DeleteDC, SetEnhMetaFileBits, GetEnhMetaFileHeader, SetWinMetaFileBits, GetStockObject
> kernel32.dll: GetStartupInfoA, GlobalFree, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, SizeofResource, LockResource, GetSystemDirectoryA, WinExec, LoadLibraryExA, FindResourceA, LoadResource, GetVersionExA, SetEvent, Sleep, WaitForSingleObject, ResumeThread, CreateEventA, LoadLibraryA, FreeLibrary, CreateMutexA, GetLastError, GetCurrentProcess, GetModuleHandleA, GetProcAddress, CloseHandle, GetModuleFileNameA
> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _acmdln, _XcptFilter, _exit, _terminate@@YAXXZ, _except_handler3, __1type_info@@UAE@XZ, _onexit, __dllonexit, strtok, vfprintf, atof, atoi, ceil, __mb_cur_max, _isctype, _pctype, vsprintf, tmpnam, strtod, abort, atan2, fabs, sqrt, log, rand, exp, qsort, _read, _setmode, _unlink, _open, pow, memmove, memset, memcpy, strlen, strcpy, getenv, sscanf, _iob, fprintf, exit, _CIfmod, strncmp, isprint, printf, __CxxLongjmpUnwind, _setjmp3, longjmp, _CIpow, _mbslen, calloc, _mbsnbcpy, _CxxThrowException, _CIacos, div, floor, realloc, malloc, free, _ftol, getc, fputc, fflush, ftell, fseek, fwrite, fread, fopen, fclose, _purecall, strchr, sprintf, strstr, strncpy, __CxxFrameHandler, _write, _lseek, _close, _strdup, _setmbcp, __getmainargs
> user32.dll: GetSysColor, DrawTextA, GetIconInfo, ReleaseDC, SetWindowTextA, LoadCursorA, GetWindowRect, SetRect, AdjustWindowRect, InvalidateRect, GetMenu, CheckMenuRadioItem, GetDC, SetForegroundWindow, IsWindow, PostMessageA, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, EnableWindow
> version.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> winmm.dll: PlaySoundA
( 1 exports )
> __0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z, __0CxFile@@QAE@ABV0@@Z, __0CxFile@@QAE@XZ, __0CxIOFile@@QAE@ABV0@@Z, __0CxIOFile@@QAE@PAU_iobuf@@@Z, __0CxImage@@QAE@ABV0@_N11@Z, __0CxImage@@QAE@K@Z, __0CxImage@@QAE@KKKK@Z, __0CxImage@@QAE@PAEKK@Z, __0CxImage@@QAE@PAU_iobuf@@K@Z, __0CxImage@@QAE@PAVCxFile@@K@Z, __0CxImage@@QAE@PBDK@Z, __0CxImageGIF@@QAE@ABV0@@Z, __0CxImageGIF@@QAE@XZ, __0CxImageJPG@@QAE@ABV0@@Z, __0CxImageJPG@@QAE@XZ, __0CxImageTIF@@QAE@ABV0@@Z, __0CxImageTIF@@QAE@XZ, __0CxMemFile@@QAE@ABV0@@Z, __0CxMemFile@@QAE@PAEK@Z, __0CxPoint2@@QAE@ABV0@@Z, __0CxPoint2@@QAE@MM@Z, __0CxPoint2@@QAE@XZ, __0CxRect2@@QAE@ABV0@@Z, __0CxRect2@@QAE@MMMM@Z, __0CxRect2@@QAE@XZ, __1CxExifInfo@CxImageJPG@@QAE@XZ, __1CxFile@@UAE@XZ, __1CxIOFile@@UAE@XZ, __1CxImage@@UAE@XZ, __1CxImageGIF@@UAE@XZ, __1CxImageJPG@@UAE@XZ, __1CxImageTIF@@UAE@XZ, __1CxMemFile@@UAE@XZ, __4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z, __4CxFile@@QAEAAV0@ABV0@@Z, __4CxIOFile@@QAEAAV0@ABV0@@Z, __4CxImage@@QAEAAV0@ABV0@@Z, __4CxImageGIF@@QAEAAV0@ABV0@@Z, __4CxImageJPG@@QAEAAV0@ABV0@@Z, __4CxImageTIF@@QAEAAV0@ABV0@@Z, __4CxMemFile@@QAEAAV0@ABV0@@Z, __4CxPoint2@@QAEAAV0@ABV0@@Z, __4CxRect2@@QAEAAV0@ABV0@@Z, ___7CxFile@@6B@, ___7CxIOFile@@6B@, ___7CxImage@@6B@, ___7CxImageGIF@@6B@, ___7CxImageJPG@@6B@, ___7CxImageTIF@@6B@, ___7CxMemFile@@6B@, ___FCxExifInfo@CxImageJPG@@QAEXXZ, ___FCxIOFile@@QAEXXZ, ___FCxImage@@QAEXXZ, ___FCxMemFile@@QAEXXZ, ___OCxImage@@QAEXABV0@@Z, _AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z, _Alloc@CxMemFile@@IAEXK@Z, _AlphaClear@CxImage@@QAEXXZ, _AlphaCopy@CxImage@@QAE_NAAV1@@Z, _AlphaCreate@CxImage@@QAEXXZ, _AlphaDelete@CxImage@@QAEXXZ, _AlphaFlip@CxImage@@QAE_NXZ, _AlphaGet@CxImage@@QAEEJJ@Z, _AlphaGetMax@CxImage@@QBEEXZ, _AlphaGetPointer@CxImage@@QAEPAEJJ@Z, _AlphaInvert@CxImage@@QAEXXZ, _AlphaIsValid@CxImage@@QAE_NXZ, _AlphaMirror@CxImage@@QAE_NXZ, _AlphaPaletteClear@CxImage@@QAEXXZ, _AlphaPaletteEnable@CxImage@@QAEX_N@Z, _AlphaPaletteIsEnabled@CxImage@@QAE_NXZ, _AlphaPaletteIsValid@CxImage@@QAE_NXZ, _AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z, _AlphaSet@CxImage@@QAEXE@Z, _AlphaSet@CxImage@@QAEXJJE@Z, _AlphaSet@CxImage@@QAE_NAAV1@@Z, _AlphaSetMax@CxImage@@QAEXE@Z, _AlphaSplit@CxImage@@QAE_NPAV1@@Z, _AlphaStrip@CxImage@@QAEXXZ, _Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z, _BlendPalette@CxImage@@QAEXKJ@Z, _BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z, _BlindAlphaGet@CxImage@@IAEEJJ@Z, _BlindGetPixelColor@CxImage@@IAE_AUtagRGBQUAD@@JJ@Z, _BlindGetPixelIndex@CxImage@@IAEEJJ@Z, _BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z, _Center@CxRect2@@QBE_AVCxPoint2@@XZ, _CircleTransform@CxImage@@QAE_NHJM@Z, _Clear@CxImage@@QAEXE@Z, _Close@CxIOFile@@UAE_NXZ, _Close@CxMemFile@@UAE_NXZ, _CompareColors@CxImage@@KAHPBX0@Z, _ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z, _Copy@CxImage@@QAEXABV1@_N11@Z, _CopyInfo@CxImage@@IAEXABV1@@Z, _CopyToHandle@CxImage@@QAEPAXXZ, _Create@CxImage@@QAEPAXKKKK@Z, _CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z, _CreateFromHANDLE@CxImage@@QAE_NPAX@Z, _CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z, _CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z, _CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z, _Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z, _Crop@CxImage@@QAE_NJJJJPAV1@@Z, _CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z, _CrossSection@CxRect2@@QBE_AV1@ABV1@@Z, _Decode@CxImage@@QAE_NPAEKK@Z, _Decode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Decode@CxImage@@QAE_NPAVCxFile@@K@Z, _Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageTIF@@QAE_NPAVCxFile@@@Z, _DecodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@H@Z, _DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z, _DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z, _DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z, _Destroy@CxImage@@QAE_NXZ, _DiscardAllButExif@CxExifInfo@CxImageJPG@@QAEXXZ, _Distance@CxPoint2@@QAEMMM@Z, _Distance@CxPoint2@@QAEMV1@@Z, _Dither@CxImage@@QAE_NJ@Z, _Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z, _Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z, _Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z, _Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z, _DrawLine@CxImage@@QAEXHHHHK@Z, _DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z, _DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z, _DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z, _Enable@CxImage@@QAEX_N@Z, _Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z, _Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z, _Encode@CxImage@@QAE_NAAPAEAAJK@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z, _Encode@CxImage@@QAE_NPAVCxFile@@K@Z, _Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z, _Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@_N@Z, _EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z, _EncodeBody@CxImageTIF@@IAE_NPAUtiff@@_NHH@Z, _EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@@Z, _EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z, _EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z, _Eof@CxIOFile@@UAE_NXZ, _Eof@CxMemFile@@UAE_NXZ, _Error@CxIOFile@@UAEJXZ, _Error@CxMemFile@@UAEJXZ, _Expand@CxImage@@QAE_NJJJJUtagRGBQUAD@@PAV1@@Z, _Expand@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _FindSection@CxExifInfo@CxImageJPG@@IAEPAXH@Z, _Flip@CxImage@@QAE_NXZ, _Flush@CxIOFile@@UAE_NXZ, _Flush@CxMemFile@@UAE_NXZ, _Free@CxMemFile@@IAEXXZ, _FreeMemory@CxImage@@QAEXPAX@Z, _Get16m@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get16u@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get32s@CxExifInfo@CxImageJPG@@IAEJPAX@Z, _Get32u@CxExifInfo@CxImageJPG@@IAEKPAX@Z, _GetAreaColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMMMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetBits@CxImage@@QAEPAEK@Z, _GetBpp@CxImage@@QBEGXZ, _GetBuffer@CxMemFile@@QAEPAE_N@Z, _GetC@CxIOFile@@UAEJXZ, _GetC@CxMemFile@@UAEJXZ, _GetClrImportant@CxImage@@QBEKXZ, _GetCodecOption@CxImage@@QAEKK@Z, _GetColorType@CxImage@@QAEEXZ, _GetComment@CxImageGIF@@QAEXPAD@Z, _GetDIB@CxImage@@QBEPAXXZ, _GetDisposalMethod@CxImageGIF@@QAEJXZ, _GetEffWidth@CxImage@@QBEKXZ, _GetEscape@CxImage@@QBEJXZ, _GetFlags@CxImage@@QBEKXZ, _GetFrame@CxImage@@QBEJXZ, _GetFrameDelay@CxImage@@QBEKXZ, _GetHeight@CxImage@@QBEKXZ, _GetJpegQuality@CxImage@@QBEEXZ, _GetJpegScale@CxImage@@QBEEXZ, _GetLastError@CxImage@@QAEPBDXZ, _GetLoops@CxImageGIF@@QAEJXZ, _GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z, _GetNumColors@CxImage@@QBEKXZ, _GetNumFrames@CxImage@@QBEJXZ, _GetOffset@CxImage@@QAEXPAJ0@Z, _GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ, _GetPaletteColor@CxImage@@QAE_AUtagRGBQUAD@@E@Z, _GetPaletteColor@CxImage@@QAE_NEPAE00@Z, _GetPaletteSize@CxImage@@QAEKXZ, _GetPixelColor@CxImage@@QAE_AUtagRGBQUAD@@JJ_N@Z, _GetPixelColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetPixelColorWithOverflow@CxImage@@QAE_AUtagRGBQUAD@@JJW4OverflowMethod@1@QAU2@@Z, _GetPixelGray@CxImage@@QAEEJJ@Z, _GetPixelIndex@CxImage@@QAEEJJ@Z, _GetProgress@CxImage@@QBEJXZ, _GetSize@CxImage@@QAEJXZ, _GetTransColor@CxImage@@QAE_AUtagRGBQUAD@@XZ, _GetTransIndex@CxImage@@QBEJXZ, _GetType@CxImage@@QBEKXZ, _GetVersion@CxImage@@QAEPBDXZ, _GetVersionNumber@CxImage@@QAE_BMXZ, _GetWidth@CxImage@@QBEKXZ, _GetXDPI@CxImage@@QBEJXZ, _GetYDPI@CxImage@@QBEJXZ, _Ghost@CxImage@@IAEXPAV1@@Z, _GifMix@CxImageGIF@@IAEXAAVCxImage@@AAUtag_image@1@@Z, _GifNextPixel@CxImageGIF@@IAEHXZ, _GrayScale@CxImage@@QAE_NXZ, _Height@CxRect2@@QBEMXZ, _IncreaseBpp@CxImage@@QAE_NK@Z, _InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z, _IsEnabled@CxImage@@QBE_NXZ, _IsGrayScale@CxImage@@QAE_NXZ, _IsIndexed@CxImage@@QBE_NXZ, _IsInside@CxImage@@QAE_NJJ@Z, _IsSamePalette@CxImage@@QAE_NAAV1@_N@Z, _IsTransparent@CxImage@@QAE_NJJ@Z, _IsTransparent@CxImage@@QBE_NXZ, _IsValid@CxImage@@QBE_NXZ, _KernelBSpline@CxImage@@SAMM@Z, _KernelBessel@CxImage@@SAMM@Z, _KernelBessel_J1@CxImage@@SAMM@Z, _KernelBessel_Order1@CxImage@@SAMM@Z, _KernelBessel_P1@CxImage@@SAMM@Z, _KernelBessel_Q1@CxImage@@SAMM@Z, _KernelBlackman@CxImage@@SAMM@Z, _KernelBox@CxImage@@SAMM@Z, _KernelCatrom@CxImage@@SAMM@Z, _KernelCubic@CxImage@@SAMM@Z, _KernelGaussian@CxImage@@SAMM@Z, _KernelGeneralizedCubic@CxImage@@SAMMM@Z, _KernelHamming@CxImage@@SAMM@Z, _KernelHermite@CxImage@@SAMM@Z, _KernelLanczosSinc@CxImage@@SAMMM@Z, _KernelLinear@CxImage@@SAMM@Z, _KernelMitchell@CxImage@@SAMM@Z, _KernelQuadratic@CxImage@@SAMM@Z, _KernelSinc@CxImage@@SAMM@Z, _Load@CxImage@@QAE_NPBDK@Z, _LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z, _MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z, _Mirror@CxImage@@QAE_NXZ, _Negative@CxImage@@QAE_NXZ, _Open@CxIOFile@@QAE_NPBD0@Z, _Open@CxMemFile@@QAE_NXZ, _OverflowCoordinates@CxImage@@QAEXAAJ0W4OverflowMethod@1@@Z, _OverflowCoordinates@CxImage@@QAEXAAM0W4OverflowMethod@1@@Z, _ProcessExifDir@CxExifInfo@CxImageJPG@@IAE_NPAE0IQAUtag_ExifInfo@2@QAPAE@Z, _PutC@CxFile@@UAE_NE@Z, _PutC@CxIOFile@@UAE_NE@Z, _PutC@CxMemFile@@UAE_NE@Z, _Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z, _QIShrink@CxImage@@QAE_NJJQAV1@@Z, _RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z, _RGBtoBGR@CxImage@@IAEXPAEH@Z, _RGBtoRGBQUAD@CxImage@@SA_AUtagRGBQUAD@@K@Z, _Read@CxIOFile@@UAEIPAXII@Z, _Read@CxMemFile@@UAEIPAXII@Z, _Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z, _Resample@CxImage@@QAE_NJJHPAV1@@Z, _Rotate180@CxImage@@QAE_NPAV1@@Z, _Rotate2@CxImage@@QAE_NMPAV1@W4InterpolationMethod@1@W4OverflowMethod@1@PAUtagRGBQUAD@@_N4@Z, _Rotate@CxImage@@QAE_NMPAV1@@Z, _RotateLeft@CxImage@@QAE_NPAV1@@Z, _RotateRight@CxImage@@QAE_NPAV1@@Z, _Save@CxImage@@QAE_NPBDK@Z, _Seek@CxIOFile@@UAE_NJH@Z, _Seek@CxMemFile@@UAE_NJH@Z, _SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z, _SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z, _SelectionAddPixel@CxImage@@QAE_NHH@Z, _SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z, _SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z, _SelectionClear@CxImage@@QAE_NXZ, _SelectionCopy@CxImage@@QAE_NAAV1@@Z, _SelectionCreate@CxImage@@QAE_NXZ, _SelectionDelete@CxImage@@QAE_NXZ, _SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z, _SelectionInvert@CxImage@@QAE_NXZ, _SelectionIsInside@CxImage@@QAE_NJJ@Z, _SelectionIsValid@CxImage@@QAE_NXZ, _SelectionSplit@CxImage@@QAE_NPAV1@@Z, _SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z, _SetClrImportant@CxImage@@QAEXK@Z, _SetCodecOption@CxImage@@QAE_NKK@Z, _SetComment@CxImageGIF@@QAEXPBD@Z, _SetDisposalMethod@CxImageGIF@@QAEXH@Z, _SetEscape@CxImage@@QAEXJ@Z, _SetFlags@CxImage@@QAEXK_N@Z, _SetFrame@CxImage@@QAEXJ@Z, _SetFrameDelay@CxImage@@QAEXK@Z, _SetGrayPalette@CxImage@@QAEXXZ, _SetJpegQuality@CxImage@@QAEXE@Z, _SetJpegScale@CxImage@@QAEXE@Z, _SetLoops@CxImageGIF@@QAEXH@Z, _SetOffset@CxImage@@QAEXJJ@Z, _SetPalette@CxImage@@QAEXKPAE00@Z, _SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z, _SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z, _SetPaletteColor@CxImage@@QAEXEEEEE@Z, _SetPaletteColor@CxImage@@QAEXEK@Z, _SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z, _SetPixelColor@CxImage@@QAEXJJK@Z, _SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z, _SetPixelIndex@CxImage@@QAEXJJE@Z, _SetProgress@CxImage@@QAEXJ@Z, _SetStdPalette@CxImage@@QAEXXZ, _SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z, _SetTransIndex@CxImage@@QAEXJ@Z, _SetXDPI@CxImage@@QAEXJ@Z, _SetYDPI@CxImage@@QAEXJ@Z, _Size@CxIOFile@@UAEJXZ, _Size@CxMemFile@@UAEJXZ, _Skew@CxImage@@QAE_NMMJJ_N@Z, _Startup@CxImage@@IAEXK@Z, _Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z, _Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z, _Surface@CxRect2@@QBEMXZ, _SwapIndex@CxImage@@QAEXEE@Z, _TIFFCloseEx@CxImageTIF@@QAEXPAUtiff@@@Z, _TIFFOpenEx@CxImageTIF@@QAEPAUtiff@@PAVCxFile@@@Z, _Tell@CxIOFile@@UAEJXZ, _Tell@CxMemFile@@UAEJXZ, _Thumbnail@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z, _TileToStrip@CxImageTIF@@IAEXPAE0KKHH@Z, _Transfer@CxImage@@QAE_NAAV1@@Z, _Width@CxRect2@@QBEMXZ, _Write@CxIOFile@@UAEIPBXII@Z, _Write@CxMemFile@@UAEIPBXII@Z, _char_out@CxImageGIF@@IAEXH@Z, _cl_hash@CxImageGIF@@IAEXJ@Z, _compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z, _flush_char@CxImageGIF@@IAEXXZ, _get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z, _get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z, _get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@PAUtag_dscgif@1@@Z, _init_exp@CxImageGIF@@IAEFF@Z, _out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z, _output@CxImageGIF@@IAEXF@Z, _process_COM@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _process_EXIF@CxExifInfo@CxImageJPG@@IAE_NPAEI@Z, _process_SOFn@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z, _rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_compute_triangle_count@CxImageGIF@@IAEIII@Z, _rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_isqrt@CxImageGIF@@IAEII@Z, _rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_write_block@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _seek_next_image@CxImageGIF@@IAEJPAVCxFile@@J@Z
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=e5bed85422379c2f2d689a4ec16c4110
ssdeep: 24576:a6d/qszQ82f4RtYreH5ln64Hrcw98T28p:bzQ8OnrcLL98TT
PEiD : Armadillo v1.71
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
a-squared 4.5.0.24 2009.09.25 -
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.24 -
AVG 8.5.0.412 2009.09.25 -
BitDefender 7.2 2009.09.25 -
CAT-QuickHeal 10.00 2009.09.25 -
ClamAV 0.94.1 2009.09.25 -
Comodo 2432 2009.09.25 -
DrWeb 5.0.0.12182 2009.09.25 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6760 2009.09.25 -
F-Prot 4.5.1.85 2009.09.24 -
F-Secure 8.0.14470.0 2009.09.25 -
Fortinet 3.120.0.0 2009.09.25 -
GData 19 2009.09.25 -
Ikarus T3.1.1.72.0 2009.09.25 -
Jiangmin 11.0.800 2009.09.25 -
K7AntiVirus 7.10.853 2009.09.24 -
Kaspersky 7.0.0.125 2009.09.25 -
McAfee 5751 2009.09.24 -
McAfee+Artemis 5751 2009.09.24 -
McAfee-GW-Edition 6.8.5 2009.09.25 -
Microsoft 1.5005 2009.09.23 -
NOD32 4456 2009.09.25 -
Norman 6.01.09 2009.09.24 -
nProtect 2009.1.8.0 2009.09.25 -
Panda 10.0.2.2 2009.09.24 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.25 -
Rising 21.48.43.00 2009.09.25 -
Sophos 4.45.0 2009.09.25 -
Sunbelt 3.2.1858.2 2009.09.24 -
Symantec 1.4.4.12 2009.09.25 -
TheHacker 6.5.0.2.017 2009.09.24 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.25.1956 2009.09.25 -
VirusBuster 4.6.5.0 2009.09.24 -
Information additionnelle
File size: 835584 bytes
MD5 : e5bed85422379c2f2d689a4ec16c4110
SHA1 : 338d2e456b27235ba0953fa387a2a56bf4d90a69
SHA256: 8f56b4048cab1afa4c812d8cc6b55f94baa9c59b19b67881a399c36bdc95d8c6
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x8AF2F
timedatestamp.....: 0x4642AB11 (Thu May 10 07:18:09 2007)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8B14A 0x8C000 6.62 36f43b42f2d00747b5b9d3f3b292d365
.rdata 0x8D000 0x25E56 0x26000 4.13 51b018fe515852fac2ab147123c97781
.data 0xB3000 0x118AC 0xC000 5.37 4dee50aa97ee7278a7b0119f5371e725
.rsrc 0xC5000 0xCA28 0xD000 4.68 62641e0575fb605583ccfdeab852fe81
( 8 imports )
> advapi32.dll: QueryServiceStatus, RegQueryValueExA, RegOpenKeyExA, CloseServiceHandle, StartServiceA, ControlService, OpenServiceA, OpenSCManagerA, RegSetValueExA, RegEnumValueA, RegCloseKey
> gdi32.dll: SetBkColor, StretchBlt, GetClipBox, CreateRectRgnIndirect, ExtSelectClipRgn, SetStretchBltMode, GetObjectA, RealizePalette, GetDIBits, CreateDIBSection, BitBlt, CreateBitmap, CreateCompatibleDC, GetObjectType, CreateDIBitmap, SelectObject, DeleteObject, SetDIBitsToDevice, GetEnhMetaFilePaletteEntries, ExtTextOutA, DeleteEnhMetaFile, GetDeviceCaps, CreateCompatibleBitmap, RectVisible, StretchDIBits, SetBkMode, SetTextColor, CreatePalette, CreateFontIndirectA, CombineRgn, CreateRectRgn, PlayEnhMetaFile, SelectPalette, DeleteDC, SetEnhMetaFileBits, GetEnhMetaFileHeader, SetWinMetaFileBits, GetStockObject
> kernel32.dll: GetStartupInfoA, GlobalFree, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, SizeofResource, LockResource, GetSystemDirectoryA, WinExec, LoadLibraryExA, FindResourceA, LoadResource, GetVersionExA, SetEvent, Sleep, WaitForSingleObject, ResumeThread, CreateEventA, LoadLibraryA, FreeLibrary, CreateMutexA, GetLastError, GetCurrentProcess, GetModuleHandleA, GetProcAddress, CloseHandle, GetModuleFileNameA
> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msvcrt.dll: _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _acmdln, _XcptFilter, _exit, _terminate@@YAXXZ, _except_handler3, __1type_info@@UAE@XZ, _onexit, __dllonexit, strtok, vfprintf, atof, atoi, ceil, __mb_cur_max, _isctype, _pctype, vsprintf, tmpnam, strtod, abort, atan2, fabs, sqrt, log, rand, exp, qsort, _read, _setmode, _unlink, _open, pow, memmove, memset, memcpy, strlen, strcpy, getenv, sscanf, _iob, fprintf, exit, _CIfmod, strncmp, isprint, printf, __CxxLongjmpUnwind, _setjmp3, longjmp, _CIpow, _mbslen, calloc, _mbsnbcpy, _CxxThrowException, _CIacos, div, floor, realloc, malloc, free, _ftol, getc, fputc, fflush, ftell, fseek, fwrite, fread, fopen, fclose, _purecall, strchr, sprintf, strstr, strncpy, __CxxFrameHandler, _write, _lseek, _close, _strdup, _setmbcp, __getmainargs
> user32.dll: GetSysColor, DrawTextA, GetIconInfo, ReleaseDC, SetWindowTextA, LoadCursorA, GetWindowRect, SetRect, AdjustWindowRect, InvalidateRect, GetMenu, CheckMenuRadioItem, GetDC, SetForegroundWindow, IsWindow, PostMessageA, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, EnableWindow
> version.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> winmm.dll: PlaySoundA
( 1 exports )
> __0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z, __0CxFile@@QAE@ABV0@@Z, __0CxFile@@QAE@XZ, __0CxIOFile@@QAE@ABV0@@Z, __0CxIOFile@@QAE@PAU_iobuf@@@Z, __0CxImage@@QAE@ABV0@_N11@Z, __0CxImage@@QAE@K@Z, __0CxImage@@QAE@KKKK@Z, __0CxImage@@QAE@PAEKK@Z, __0CxImage@@QAE@PAU_iobuf@@K@Z, __0CxImage@@QAE@PAVCxFile@@K@Z, __0CxImage@@QAE@PBDK@Z, __0CxImageGIF@@QAE@ABV0@@Z, __0CxImageGIF@@QAE@XZ, __0CxImageJPG@@QAE@ABV0@@Z, __0CxImageJPG@@QAE@XZ, __0CxImageTIF@@QAE@ABV0@@Z, __0CxImageTIF@@QAE@XZ, __0CxMemFile@@QAE@ABV0@@Z, __0CxMemFile@@QAE@PAEK@Z, __0CxPoint2@@QAE@ABV0@@Z, __0CxPoint2@@QAE@MM@Z, __0CxPoint2@@QAE@XZ, __0CxRect2@@QAE@ABV0@@Z, __0CxRect2@@QAE@MMMM@Z, __0CxRect2@@QAE@XZ, __1CxExifInfo@CxImageJPG@@QAE@XZ, __1CxFile@@UAE@XZ, __1CxIOFile@@UAE@XZ, __1CxImage@@UAE@XZ, __1CxImageGIF@@UAE@XZ, __1CxImageJPG@@UAE@XZ, __1CxImageTIF@@UAE@XZ, __1CxMemFile@@UAE@XZ, __4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z, __4CxFile@@QAEAAV0@ABV0@@Z, __4CxIOFile@@QAEAAV0@ABV0@@Z, __4CxImage@@QAEAAV0@ABV0@@Z, __4CxImageGIF@@QAEAAV0@ABV0@@Z, __4CxImageJPG@@QAEAAV0@ABV0@@Z, __4CxImageTIF@@QAEAAV0@ABV0@@Z, __4CxMemFile@@QAEAAV0@ABV0@@Z, __4CxPoint2@@QAEAAV0@ABV0@@Z, __4CxRect2@@QAEAAV0@ABV0@@Z, ___7CxFile@@6B@, ___7CxIOFile@@6B@, ___7CxImage@@6B@, ___7CxImageGIF@@6B@, ___7CxImageJPG@@6B@, ___7CxImageTIF@@6B@, ___7CxMemFile@@6B@, ___FCxExifInfo@CxImageJPG@@QAEXXZ, ___FCxIOFile@@QAEXXZ, ___FCxImage@@QAEXXZ, ___FCxMemFile@@QAEXXZ, ___OCxImage@@QAEXABV0@@Z, _AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z, _Alloc@CxMemFile@@IAEXK@Z, _AlphaClear@CxImage@@QAEXXZ, _AlphaCopy@CxImage@@QAE_NAAV1@@Z, _AlphaCreate@CxImage@@QAEXXZ, _AlphaDelete@CxImage@@QAEXXZ, _AlphaFlip@CxImage@@QAE_NXZ, _AlphaGet@CxImage@@QAEEJJ@Z, _AlphaGetMax@CxImage@@QBEEXZ, _AlphaGetPointer@CxImage@@QAEPAEJJ@Z, _AlphaInvert@CxImage@@QAEXXZ, _AlphaIsValid@CxImage@@QAE_NXZ, _AlphaMirror@CxImage@@QAE_NXZ, _AlphaPaletteClear@CxImage@@QAEXXZ, _AlphaPaletteEnable@CxImage@@QAEX_N@Z, _AlphaPaletteIsEnabled@CxImage@@QAE_NXZ, _AlphaPaletteIsValid@CxImage@@QAE_NXZ, _AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z, _AlphaSet@CxImage@@QAEXE@Z, _AlphaSet@CxImage@@QAEXJJE@Z, _AlphaSet@CxImage@@QAE_NAAV1@@Z, _AlphaSetMax@CxImage@@QAEXE@Z, _AlphaSplit@CxImage@@QAE_NPAV1@@Z, _AlphaStrip@CxImage@@QAEXXZ, _Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z, _BlendPalette@CxImage@@QAEXKJ@Z, _BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z, _BlindAlphaGet@CxImage@@IAEEJJ@Z, _BlindGetPixelColor@CxImage@@IAE_AUtagRGBQUAD@@JJ@Z, _BlindGetPixelIndex@CxImage@@IAEEJJ@Z, _BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z, _Center@CxRect2@@QBE_AVCxPoint2@@XZ, _CircleTransform@CxImage@@QAE_NHJM@Z, _Clear@CxImage@@QAEXE@Z, _Close@CxIOFile@@UAE_NXZ, _Close@CxMemFile@@UAE_NXZ, _CompareColors@CxImage@@KAHPBX0@Z, _ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z, _Copy@CxImage@@QAEXABV1@_N11@Z, _CopyInfo@CxImage@@IAEXABV1@@Z, _CopyToHandle@CxImage@@QAEPAXXZ, _Create@CxImage@@QAEPAXKKKK@Z, _CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z, _CreateFromHANDLE@CxImage@@QAE_NPAX@Z, _CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z, _CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z, _CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z, _Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z, _Crop@CxImage@@QAE_NJJJJPAV1@@Z, _CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z, _CrossSection@CxRect2@@QBE_AV1@ABV1@@Z, _Decode@CxImage@@QAE_NPAEKK@Z, _Decode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Decode@CxImage@@QAE_NPAVCxFile@@K@Z, _Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z, _Decode@CxImageTIF@@QAE_NPAVCxFile@@@Z, _DecodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@H@Z, _DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z, _DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z, _DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z, _Destroy@CxImage@@QAE_NXZ, _DiscardAllButExif@CxExifInfo@CxImageJPG@@QAEXXZ, _Distance@CxPoint2@@QAEMMM@Z, _Distance@CxPoint2@@QAEMV1@@Z, _Dither@CxImage@@QAE_NJ@Z, _Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z, _Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z, _Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z, _Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z, _DrawLine@CxImage@@QAEXHHHHK@Z, _DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z, _DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z, _DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z, _Enable@CxImage@@QAEX_N@Z, _Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z, _Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z, _Encode@CxImage@@QAE_NAAPAEAAJK@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@K@Z, _Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z, _Encode@CxImage@@QAE_NPAVCxFile@@K@Z, _Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z, _Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z, _Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z, _Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H@Z, _Encode@CxImageTIF@@QAE_NPAVCxFile@@_N@Z, _EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z, _EncodeBody@CxImageTIF@@IAE_NPAUtiff@@_NHH@Z, _EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@@Z, _EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z, _EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z, _EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z, _Eof@CxIOFile@@UAE_NXZ, _Eof@CxMemFile@@UAE_NXZ, _Error@CxIOFile@@UAEJXZ, _Error@CxMemFile@@UAEJXZ, _Expand@CxImage@@QAE_NJJJJUtagRGBQUAD@@PAV1@@Z, _Expand@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _FindSection@CxExifInfo@CxImageJPG@@IAEPAXH@Z, _Flip@CxImage@@QAE_NXZ, _Flush@CxIOFile@@UAE_NXZ, _Flush@CxMemFile@@UAE_NXZ, _Free@CxMemFile@@IAEXXZ, _FreeMemory@CxImage@@QAEXPAX@Z, _Get16m@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get16u@CxExifInfo@CxImageJPG@@IAEHPAX@Z, _Get32s@CxExifInfo@CxImageJPG@@IAEJPAX@Z, _Get32u@CxExifInfo@CxImageJPG@@IAEKPAX@Z, _GetAreaColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMMMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetBits@CxImage@@QAEPAEK@Z, _GetBpp@CxImage@@QBEGXZ, _GetBuffer@CxMemFile@@QAEPAE_N@Z, _GetC@CxIOFile@@UAEJXZ, _GetC@CxMemFile@@UAEJXZ, _GetClrImportant@CxImage@@QBEKXZ, _GetCodecOption@CxImage@@QAEKK@Z, _GetColorType@CxImage@@QAEEXZ, _GetComment@CxImageGIF@@QAEXPAD@Z, _GetDIB@CxImage@@QBEPAXXZ, _GetDisposalMethod@CxImageGIF@@QAEJXZ, _GetEffWidth@CxImage@@QBEKXZ, _GetEscape@CxImage@@QBEJXZ, _GetFlags@CxImage@@QBEKXZ, _GetFrame@CxImage@@QBEJXZ, _GetFrameDelay@CxImage@@QBEKXZ, _GetHeight@CxImage@@QBEKXZ, _GetJpegQuality@CxImage@@QBEEXZ, _GetJpegScale@CxImage@@QBEEXZ, _GetLastError@CxImage@@QAEPBDXZ, _GetLoops@CxImageGIF@@QAEJXZ, _GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z, _GetNumColors@CxImage@@QBEKXZ, _GetNumFrames@CxImage@@QBEJXZ, _GetOffset@CxImage@@QAEXPAJ0@Z, _GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ, _GetPaletteColor@CxImage@@QAE_AUtagRGBQUAD@@E@Z, _GetPaletteColor@CxImage@@QAE_NEPAE00@Z, _GetPaletteSize@CxImage@@QAEKXZ, _GetPixelColor@CxImage@@QAE_AUtagRGBQUAD@@JJ_N@Z, _GetPixelColorInterpolated@CxImage@@QAE_AUtagRGBQUAD@@MMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z, _GetPixelColorWithOverflow@CxImage@@QAE_AUtagRGBQUAD@@JJW4OverflowMethod@1@QAU2@@Z, _GetPixelGray@CxImage@@QAEEJJ@Z, _GetPixelIndex@CxImage@@QAEEJJ@Z, _GetProgress@CxImage@@QBEJXZ, _GetSize@CxImage@@QAEJXZ, _GetTransColor@CxImage@@QAE_AUtagRGBQUAD@@XZ, _GetTransIndex@CxImage@@QBEJXZ, _GetType@CxImage@@QBEKXZ, _GetVersion@CxImage@@QAEPBDXZ, _GetVersionNumber@CxImage@@QAE_BMXZ, _GetWidth@CxImage@@QBEKXZ, _GetXDPI@CxImage@@QBEJXZ, _GetYDPI@CxImage@@QBEJXZ, _Ghost@CxImage@@IAEXPAV1@@Z, _GifMix@CxImageGIF@@IAEXAAVCxImage@@AAUtag_image@1@@Z, _GifNextPixel@CxImageGIF@@IAEHXZ, _GrayScale@CxImage@@QAE_NXZ, _Height@CxRect2@@QBEMXZ, _IncreaseBpp@CxImage@@QAE_NK@Z, _InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z, _IsEnabled@CxImage@@QBE_NXZ, _IsGrayScale@CxImage@@QAE_NXZ, _IsIndexed@CxImage@@QBE_NXZ, _IsInside@CxImage@@QAE_NJJ@Z, _IsSamePalette@CxImage@@QAE_NAAV1@_N@Z, _IsTransparent@CxImage@@QAE_NJJ@Z, _IsTransparent@CxImage@@QBE_NXZ, _IsValid@CxImage@@QBE_NXZ, _KernelBSpline@CxImage@@SAMM@Z, _KernelBessel@CxImage@@SAMM@Z, _KernelBessel_J1@CxImage@@SAMM@Z, _KernelBessel_Order1@CxImage@@SAMM@Z, _KernelBessel_P1@CxImage@@SAMM@Z, _KernelBessel_Q1@CxImage@@SAMM@Z, _KernelBlackman@CxImage@@SAMM@Z, _KernelBox@CxImage@@SAMM@Z, _KernelCatrom@CxImage@@SAMM@Z, _KernelCubic@CxImage@@SAMM@Z, _KernelGaussian@CxImage@@SAMM@Z, _KernelGeneralizedCubic@CxImage@@SAMMM@Z, _KernelHamming@CxImage@@SAMM@Z, _KernelHermite@CxImage@@SAMM@Z, _KernelLanczosSinc@CxImage@@SAMMM@Z, _KernelLinear@CxImage@@SAMM@Z, _KernelMitchell@CxImage@@SAMM@Z, _KernelQuadratic@CxImage@@SAMM@Z, _KernelSinc@CxImage@@SAMM@Z, _Load@CxImage@@QAE_NPBDK@Z, _LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z, _MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z, _Mirror@CxImage@@QAE_NXZ, _Negative@CxImage@@QAE_NXZ, _Open@CxIOFile@@QAE_NPBD0@Z, _Open@CxMemFile@@QAE_NXZ, _OverflowCoordinates@CxImage@@QAEXAAJ0W4OverflowMethod@1@@Z, _OverflowCoordinates@CxImage@@QAEXAAM0W4OverflowMethod@1@@Z, _ProcessExifDir@CxExifInfo@CxImageJPG@@IAE_NPAE0IQAUtag_ExifInfo@2@QAPAE@Z, _PutC@CxFile@@UAE_NE@Z, _PutC@CxIOFile@@UAE_NE@Z, _PutC@CxMemFile@@UAE_NE@Z, _Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z, _QIShrink@CxImage@@QAE_NJJQAV1@@Z, _RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z, _RGBtoBGR@CxImage@@IAEXPAEH@Z, _RGBtoRGBQUAD@CxImage@@SA_AUtagRGBQUAD@@K@Z, _Read@CxIOFile@@UAEIPAXII@Z, _Read@CxMemFile@@UAEIPAXII@Z, _Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z, _Resample@CxImage@@QAE_NJJHPAV1@@Z, _Rotate180@CxImage@@QAE_NPAV1@@Z, _Rotate2@CxImage@@QAE_NMPAV1@W4InterpolationMethod@1@W4OverflowMethod@1@PAUtagRGBQUAD@@_N4@Z, _Rotate@CxImage@@QAE_NMPAV1@@Z, _RotateLeft@CxImage@@QAE_NPAV1@@Z, _RotateRight@CxImage@@QAE_NPAV1@@Z, _Save@CxImage@@QAE_NPBDK@Z, _Seek@CxIOFile@@UAE_NJH@Z, _Seek@CxMemFile@@UAE_NJH@Z, _SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z, _SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z, _SelectionAddPixel@CxImage@@QAE_NHH@Z, _SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z, _SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z, _SelectionClear@CxImage@@QAE_NXZ, _SelectionCopy@CxImage@@QAE_NAAV1@@Z, _SelectionCreate@CxImage@@QAE_NXZ, _SelectionDelete@CxImage@@QAE_NXZ, _SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z, _SelectionInvert@CxImage@@QAE_NXZ, _SelectionIsInside@CxImage@@QAE_NJJ@Z, _SelectionIsValid@CxImage@@QAE_NXZ, _SelectionSplit@CxImage@@QAE_NPAV1@@Z, _SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z, _SetClrImportant@CxImage@@QAEXK@Z, _SetCodecOption@CxImage@@QAE_NKK@Z, _SetComment@CxImageGIF@@QAEXPBD@Z, _SetDisposalMethod@CxImageGIF@@QAEXH@Z, _SetEscape@CxImage@@QAEXJ@Z, _SetFlags@CxImage@@QAEXK_N@Z, _SetFrame@CxImage@@QAEXJ@Z, _SetFrameDelay@CxImage@@QAEXK@Z, _SetGrayPalette@CxImage@@QAEXXZ, _SetJpegQuality@CxImage@@QAEXE@Z, _SetJpegScale@CxImage@@QAEXE@Z, _SetLoops@CxImageGIF@@QAEXH@Z, _SetOffset@CxImage@@QAEXJJ@Z, _SetPalette@CxImage@@QAEXKPAE00@Z, _SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z, _SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z, _SetPaletteColor@CxImage@@QAEXEEEEE@Z, _SetPaletteColor@CxImage@@QAEXEK@Z, _SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z, _SetPixelColor@CxImage@@QAEXJJK@Z, _SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z, _SetPixelIndex@CxImage@@QAEXJJE@Z, _SetProgress@CxImage@@QAEXJ@Z, _SetStdPalette@CxImage@@QAEXXZ, _SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z, _SetTransIndex@CxImage@@QAEXJ@Z, _SetXDPI@CxImage@@QAEXJ@Z, _SetYDPI@CxImage@@QAEXJ@Z, _Size@CxIOFile@@UAEJXZ, _Size@CxMemFile@@UAEJXZ, _Skew@CxImage@@QAE_NMMJJ_N@Z, _Startup@CxImage@@IAEXK@Z, _Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z, _Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z, _Surface@CxRect2@@QBEMXZ, _SwapIndex@CxImage@@QAEXEE@Z, _TIFFCloseEx@CxImageTIF@@QAEXPAUtiff@@@Z, _TIFFOpenEx@CxImageTIF@@QAEPAUtiff@@PAVCxFile@@@Z, _Tell@CxIOFile@@UAEJXZ, _Tell@CxMemFile@@UAEJXZ, _Thumbnail@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z, _Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z, _TileToStrip@CxImageTIF@@IAEXPAE0KKHH@Z, _Transfer@CxImage@@QAE_NAAV1@@Z, _Width@CxRect2@@QBEMXZ, _Write@CxIOFile@@UAEIPBXII@Z, _Write@CxMemFile@@UAEIPBXII@Z, _char_out@CxImageGIF@@IAEXH@Z, _cl_hash@CxImageGIF@@IAEXJ@Z, _compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z, _decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z, _flush_char@CxImageGIF@@IAEXXZ, _get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z, _get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z, _get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@PAUtag_dscgif@1@@Z, _init_exp@CxImageGIF@@IAEFF@Z, _out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z, _output@CxImageGIF@@IAEXF@Z, _process_COM@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _process_EXIF@CxExifInfo@CxImageJPG@@IAE_NPAEI@Z, _process_SOFn@CxExifInfo@CxImageJPG@@IAEXPBEH@Z, _rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z, _rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_compute_triangle_count@CxImageGIF@@IAEIII@Z, _rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_isqrt@CxImageGIF@@IAEII@Z, _rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z, _rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _rle_write_block@CxImageGIF@@IAEXPAUtag_RLE@1@@Z, _seek_next_image@CxImageGIF@@IAEJPAVCxFile@@J@Z
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=e5bed85422379c2f2d689a4ec16c4110
ssdeep: 24576:a6d/qszQ82f4RtYreH5ln64Hrcw98T28p:bzQ8OnrcLL98TT
PEiD : Armadillo v1.71
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
c'est le deuxième rapport qui veut pas s'afficher ici en fait. Je copie/colle mais rien à faire il n'apparait pas sur le forum.
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
2 oct. 2009 à 23:00
2 oct. 2009 à 23:00
Heberge le sur Cijoint
