Bonjour, mon pc se met a ramer inopinément! Je pense qu'il y a un virus mais avast ne trouve rien en scan minutieux, en scnanner standard il se bloque a 65%. Spybot a trouver des virus. J'aimerai savoir comment etre sure de ne pas avoir de virus. Egalement j'aimerai savoir comment arréter tous les service vista. Merci!

Bonjour Je post avec correction *************************** Voici pour le clef de registre à supprimer avec OTM : ▶ Télécharge OTM (de Old_Timer) sur ton Bureau ▶ Double-clique sur OTM.exe pour le lancer. ▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée. ▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved". ----------------------------------------------------------------------------- :reg [HKEY_LOCAL_MACHINE\Software] "SweetIM"=- :files C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Symantec C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared :Commands [purity] [emptytemp] [Reboot] ----------------------------------------------------------------------------- ▶ clique sur MoveIt! pour lancer la suppression. ▶ Le résultat apparaitra dans le cadre "Results". ▶ Clique sur Exit pour fermer. ▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. ▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

Virus ou erreur logiciel???

Réponse 21 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 14:59

il trouve encore des choses...

refaire List&Kill'em

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan (cette fois ci)

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu ici

ambrinet
7 nov. 2009 à 18:59

List'em by g3n-h@ckm@n 1.0.5.0

Thx to Chiquitine29.....

User : salut ma amour (Administrateurs) # NOUS
Update on 05/11/2009 by g3n-h@ckm@n ::::: 19.00
Start at: 18:56:55 | 07/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3500+
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local | 228,18 Go (105 Go free) [COMPAQ] | NTFS
D:\ -> Disque fixe local | 4,71 Go (4,66 Go free) [Recovery] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\Windows\System32\smss.exe 344
C:\Windows\system32\csrss.exe 404
C:\Windows\system32\csrss.exe 440
C:\Windows\system32\wininit.exe 448
C:\Windows\system32\winlogon.exe 476
C:\Windows\system32\services.exe 524
C:\Windows\system32\lsass.exe 536
C:\Windows\system32\lsm.exe 544
C:\Windows\system32\svchost.exe 700
C:\Windows\system32\svchost.exe 756
C:\Windows\System32\svchost.exe 848
C:\Windows\system32\svchost.exe 880
C:\Windows\System32\svchost.exe 920
C:\Windows\system32\svchost.exe 972
C:\Windows\system32\svchost.exe 992
C:\Windows\system32\svchost.exe 1064
C:\Windows\system32\svchost.exe 1252
C:\Windows\system32\rundll32.exe 1592
C:\Windows\Explorer.EXE 1608
C:\Windows\System32\rundll32.exe 1724
C:\Program Files\Windows Media Player\wmpnscfg.exe 1888
C:\Program Files\Internet Explorer\iexplore.exe 396
C:\Program Files\Internet Explorer\iexplore.exe 984
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1108
C:\Users\salut ma amour\Desktop\List_Killem.exe 436
C:\Windows\system32\cmd.exe 1128
C:\Windows\system32\wbem\wmiprvse.exe 1492
C:\Users\salut ma amour\AppData\Local\Temp\690E.tmp\pv.exe 1564

======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Neuf Media Center"="\"C:\\Program Files\\Neuf\\Media Center\\MediaCenter.exe\""
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxddmon.exe"="\"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe\""
"lxddamon"="\"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SetVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,\
00,68,00,65,00,6d,00,65,00,73,00,5c,00,43,00,72,00,79,00,73,00,74,00,61,00,\
6c,00,20,00,43,00,6c,00,65,00,61,00,72,00,20,00,41,00,65,00,72,00,6f,00,5c,\
00,43,00,72,00,79,00,73,00,74,00,61,00,6c,00,20,00,43,00,6c,00,65,00,61,00,\
72,00,20,00,41,00,65,00,72,00,6f,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,\
00,65,00,73,00,00,00

===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

===============
======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
@="Search Helper"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}]
@="SHOUTcast Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

==========================

===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\Program Files\VIRUSfighter\Npm\Bin;C:\Program Files\Common Files\DivX Shared\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\SOFTWARE\SweetIM

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

ADSLTV.EXE-0B223C8D.pf
AgAppLaunch.db
AgCx_S1_S-1-5-21-1336511848-175822680-266065135-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-500.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-500.db
AgRobust.db
APP4R.EXE-56F6AC6A.pf
ASHDISP.EXE-9B08CA5C.pf
ATBROKER.EXE-FF58B71D.pf
AVAST.SETUP-84A5483F.pf
CCLEANER.EXE-CC440CDB.pf
CHCP.COM-950EAF32.pf
CJR2500FR.EXE-73A814C2.pf
CMD.EXE-89305D47.pf
CONIME.EXE-B273009A.pf
CONSENT.EXE-65F6206D.pf
CSCRIPT.EXE-E4C98DEB.pf
CURL.EXE-10C7EDDF.pf
DLLHOST.EXE-71214090.pf
DLLHOST.EXE-893DDF55.pf
DLLHOST.EXE-C5C55E89.pf
DRVINST.EXE-5F8E77CD.pf
DWM.EXE-AEABE78B.pf
EXPLORER.EXE-7A3328DA.pf
FIND.EXE-162DFE58.pf
FINDSTR.EXE-4176B665.pf
FLASHUTIL10C.EXE-5DFF7861.pf
GENPROC.EXE-6FDEC53F.pf
GENPROC.EXE-B957200A.pf
GOOGLEUPDATE.EXE-2D090261.pf
GPLAY.EXE-19D6AFDA.pf
GREP.EXE-0EE3B3EF.pf
HTTPD.EXE-E7B3DF54.pf
IELOWUTIL.EXE-79D45B69.pf
IEXPLORE.EXE-1B894AFB.pf
INFOCARD.EXE-0C9B4CAB.pf
INSTGUI.EXE-3CB566C8.pf
IPCONFIG.EXE-62724FE6.pf
Layout.ini
LIMEWIRE.EXE-7CCD1B8D.pf
LOGON.SCR-7C80CA1C.pf
LOGONUI.EXE-1BEE4A84.pf
LVPRCSRV.EXE-E0306B6B.pf
LXDDAMON.EXE-1C45E332.pf
LXDDCOMS.EXE-34901019.pf
LXDDMON.EXE-01B0E97D.pf
MBR.EXE-492B7726.pf
MOBSYNC.EXE-D8BC6ED2.pf
MODE.COM-0F3F3F6D.pf
MPAS-D.EXE-C74E749D.pf
MPSIGSTUB.EXE-97CDFEFE.pf
MSFEEDSSYNC.EXE-1F01ED17.pf
NETSH.EXE-3DD790C5.pf
NOTEPAD.EXE-EB1B961A.pf
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
PING.EXE-B29F6629.pf
PPTVIEW.EXE-F8DF68B7.pf
PREVHOST.EXE-205F609A.pf
ReadyBoot
REG.EXE-26976709.pf
REGEDIT.EXE-4748FE01.pf
RUNDLL32.EXE-0044E6AE.pf
RUNDLL32.EXE-36995507.pf
RUNDLL32.EXE-3E6C7B7C.pf
RUNDLL32.EXE-55DD75AB.pf
RUNDLL32.EXE-7730422C.pf
RUNDLL32.EXE-905D47B9.pf
RUNDLL32.EXE-99EC8C5D.pf
RUNDLL32.EXE-CE557EE2.pf
RUNDLL32.EXE-E2F2CE53.pf
RUNDLL32.EXE-E447C111.pf
RUNDLL32.EXE-F4150D0C.pf
RUNDLL32.EXE-F452D79D.pf
RUNDLL32.EXE-FC6313FC.pf
RUNONCE.EXE-E33ED995.pf
SALUT MA AMOUR_CM.EXE-31283533.pf
SEARCHFILTERHOST.EXE-AA7A1FDD.pf
SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
SED.EXE-70CFF2D5.pf
SETUP.EXE-E267A8AD.pf
SHOUTCASTTBSERVER.EXE-F9AFE2A8.pf
SORT.EXE-CDAF7663.pf
SPYBOTSD.EXE-8CD4E785.pf
SSVAGENT.EXE-B025FA52.pf
SSVAGENT.EXE-C80F109D.pf
SVCHOST.EXE-18D06B2E.pf
SVCHOST.EXE-8FD92526.pf
SWREG.EXE-5107DE69.pf
TASKENG.EXE-5BAF290C.pf
TASKMGR.EXE-72398DC0.pf
THEENCHANTINGISLANDSDOWNLOAD[-70E4EEBD.pf
TRUSTEDINSTALLER.EXE-031B6478.pf
UNIQ.EXE-7108788A.pf
USERINIT.EXE-F39AB672.pf
VSSVC.EXE-04D079CC.pf
WERCON.EXE-FE5CD389.pf
WERFAULT.EXE-B7E27BE5.pf
WERMGR.EXE-2A1BCBC7.pf
WLCOMM.EXE-648065CA.pf
WLCSDK.EXE-82AA8359.pf
WLLOGINPROXY.EXE-E9051163.pf
WMIADAP.EXE-369DF1CD.pf
WMIPRVSE.EXE-43972D0F.pf
WMPNETWK.EXE-BD0344CA.pf
WMPNSCFG.EXE-DF1DD51A.pf
WMPRPH.EXE-158766CF.pf
WSCRIPT.EXE-65A9658F.pf
WUAUCLT.EXE-830BCC14.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 22 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 19:02

REDEMARRE EN MODE SANS ECHEC
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

▶ Relance List&Kill'em (clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal

ambrinet
7 nov. 2009 à 19:28

===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\Program Files\VIRUSfighter\Npm\Bin;C:\Program Files\Common Files\DivX Shared\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\SOFTWARE\SweetIM

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_S1_S-1-5-21-1336511848-175822680-266065135-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-500.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-500.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
THEENCHANTINGISLANDSDOWNLOAD[-70E4EEBD.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 23 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 19:31

désole le rapport est incomplet

récupère le Rapport C:\List'em.txt et poste son contenu dans ta prochaine reponse ici.

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
7 nov. 2009 à 20:28

espérant que ce soit ce rapport

===============

Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\Program Files\VIRUSfighter\Npm\Bin;C:\Program Files\Common Files\DivX Shared\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\SOFTWARE\SweetIM

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_S1_S-1-5-21-1336511848-175822680-266065135-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_P_S-1-5-21-1336511848-175822680-266065135-500.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-1000.db
AgGlUAD_S-1-5-21-1336511848-175822680-266065135-500.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
THEENCHANTINGISLANDSDOWNLOAD[-70E4EEBD.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 24 / 83

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
7 nov. 2009 à 19:36

Bonjour à vous 2

Moment de grace le rapport est complet

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 25 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 19:40

la fin du rapport oui
pas le debut....

Réponse 26 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 19:46

en attendant le rapport complet

peux tu te rendre ici:https://www.virustotal.com/gui/

et faire analyser chacun de ces fichiers

C:\Windows\system32\lxddrwrd.ini
C:\Windows\system32\LXDDinst.dll
C:\Windows\system32\LXDDhcp.dll
C:\Windows\system32\lxddcfg.exe
C:\Windows\system32\lxddcoin.dll
C:\ProgramData\App4rTemp

et poster les rapports

si tu ne trouves pas les fichiers alors

Affiche tous les fichiers et dossiers cachés :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
7 nov. 2009 à 20:21

Fichier 3 reçu le 2009.05.13 22:21:12 (UTC)
Situation actuelle: terminé

Résultat: 0/40 (0.00%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 44 bytes
MD5 : 803464c7f064192797be1531bb06bada
SHA1 : c4b58e6058049111a5b977e3c15173e5cb210dac
SHA256: ae1116fd9a03881108235362a23a3f2ae6b3bc5dce68eaecfa1399e6da780863
TrID : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:6NUmd+V:6NqV
PEiD : -
RDS : NSRL Reference Data Set
-

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 286720 bytes
MD5 : 9cc602cecf0a0f806192f1a22adab41f
SHA1 : 924c230a841b2d307bf3e622c1ec3de5cf0b00dd
SHA256: e4b63b5dcf3f16fcda59a538a7463e4087985dd0b74c66ebde09b28dab8ed944
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1DCD3
timedatestamp.....: 0x464C9A49 (Thu May 17 20:09:13 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2BC32 0x2C000 6.57 3bf9d7ba8a6e966e52fbbcac6ec4e7ff
.rdata 0x2D000 0xF1B7 0x10000 5.65 2d4fa8dd094bee4a8b636dd3763c1086
.data 0x3D000 0x3BE8 0x3000 3.77 7626a006266bdb335b42a4d9375b5e78
.reloc 0x41000 0x5AAE 0x6000 4.11 cc8753b8b297534edf6948ca4a9f1d1d

( 5 imports )

> advapi32.dll: GetSecurityDescriptorOwner, MakeAbsoluteSD, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, EqualSid, DeleteAce, AddAccessDeniedAce, GetAclInformation, AddAce, LookupAccountNameA, CopySid, RegSetValueExA, OpenProcessToken, GetTokenInformation, MakeSelfRelativeSD, GetSecurityDescriptorLength, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, InitializeSecurityDescriptor, FreeSid, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, GetSecurityDescriptorSacl, GetSecurityDescriptorGroup
> kernel32.dll: EnterCriticalSection, LeaveCriticalSection, WaitForSingleObject, SetThreadPriority, SetEvent, CreateEventA, InterlockedDecrement, InterlockedIncrement, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapFree, HeapAlloc, GetCPInfo, HeapReAlloc, LCMapStringA, LCMapStringW, DeleteCriticalSection, GetStringTypeA, GetStringTypeW, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, GetOEMCP, UnhandledExceptionFilter, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetLocaleInfoW, InitializeCriticalSection, FormatMessageA, GetVersionExA, GetCurrentProcess, GetModuleFileNameW, WideCharToMultiByte, SetLastError, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, CreateFileA, CloseHandle, GetSystemDirectoryA, GetModuleFileNameA, GetModuleHandleA, FreeLibrary, DisableThreadLibraryCalls, Sleep, GetLastError, LoadLibraryA, GetProcAddress, GetComputerNameA, GetACP
> ole32.dll: CoInitializeEx, CoInitialize, CoInitializeSecurity, CoCreateInstance, CoUninitialize
> oleaut32.dll: -, -, -, -, -
> winspool.drv: EnumPortsA, EnumPrintersA, SetPrinterA, ClosePrinter, OpenPrinterA, GetPrinterA, AddPortA

( 1 exports )

> AddPortLcs, AddProgramFirewallException, CreateP2PExceptions, CreateP2PPort, EnableFirewallExceptionsLcs, GetDeviceFriendlyNameLcs, GetINAInfoLcs, GetScannerHostInfoLcs, GetSupportedUnicodeLcs, GetWirelessMedallionStateLcs, Initialize, RemoveProgramFirewallException, SetDeviceFriendlyNameLcs, SetScannerHostInfoLcs, SharePrinter, SwitchAllPrintObjectPortsLcs, Uninitialize, VerifyPrinterConnectedLcs, VerifySharedPrinter
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 6144:VsPFAq9Gd0vyqKzHPTU9l7WIIYAO7lFazLwQRm:K9WlqKjqlKIIYZa
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1333 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 -
McAfee-GW-Edition 6.7.6 2009.06.15 -
Microsoft 1.4701 2009.06.15 -
NOD32 4156 2009.06.15 -
Norman 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
VirusBuster 4.6.5.0 2009.06.15 -
Information additionnelle
File size: 323584 bytes
MD5 : d145e03f897b9f9c0264ba69b2e300d5
SHA1 : 0cad307141807025f625ee29696e36595deba9e5
SHA256: 0aff019e564fdb25ff88848c43254052a49ca0cc6eb120448dca6f1081e492e0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21DF2
timedatestamp.....: 0x464C96CA (Thu May 17 19:54:18 2007)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2FC52 0x30000 6.55 fffa299fcec75196fc72aa5916b0a150
.rdata 0x31000 0xF115 0x10000 5.61 2163ad287d29da1c1ed002ef604aaaff
.data 0x41000 0x5EDC 0x5000 4.37 5a85c572503013120115608bbb932de5
.rsrc 0x47000 0x330 0x1000 0.85 6bd11b493c90e93e858826cd55af7453
.reloc 0x48000 0x7598 0x8000 4.27 a3504fa5c53daf35e186390cca26eacb

( 2 imports )

> advapi32.dll: IsValidSid, GetAce, AllocateAndInitializeSid, FreeSid, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, AddAccessAllowedAce, InitializeAcl, GetLengthSid
> kernel32.dll: InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, SetEvent, ResetEvent, CreateEventA, SetLastError, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, FormatMessageA, GetCurrentProcess, GetVersionExA, GetComputerNameA, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapAlloc, GetCPInfo, HeapFree, HeapReAlloc, LCMapStringA, LCMapStringW, GetStringTypeA, FreeLibrary, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, TerminateProcess, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, UnhandledExceptionFilter, GetACP, GetOEMCP, IsBadWritePtr, IsBadReadPtr, IsBadCodePtr, SetStdHandle, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, CreateProcessA, WaitForSingleObject, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, GetModuleFileNameA, GetSystemDirectoryA, CreateFileA, CloseHandle, DisableThreadLibraryCalls, GetLastError, GetStringTypeW, Sleep

( 1 exports )

> Configure, Discover, Enumerate, Initialize, RegisterRemoteSubnets, ResolveHostName, Uninitialize
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 3072:EaW3u8zyhGhxpaSdtOq9tPyb+CFahoww/oZwaay4VkTtoQo+L1Ag0Fu+bcNMycy5:kJxUSWwdGYtwmBay8kT3AOnMkCtvOI
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.18 -
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.18 -
Avast 4.8.1335.0 2009.05.18 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.18 -
eTrust-Vet 31.6.6509 2009.05.18 -
F-Prot 4.4.4.56 2009.05.18 -
F-Secure 8.0.14470.0 2009.05.18 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5619 2009.05.18 -
McAfee+Artemis 5619 2009.05.18 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 -
NOD32 4084 2009.05.18 -
Norman 6.01.05 2009.05.18 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.18 -
Prevx 3.0 2009.05.18 -
Rising 21.30.04.00 2009.05.18 -
Sophos 4.41.0 2009.05.18 -
Sunbelt 3.2.1858.2 2009.05.18 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1739 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Information additionnelle
File size: 394160 bytes
MD5 : e3d0ac2c5d297c914b508037f79cdf25
SHA1 : 56f81bbb521739afe10dae6199ca508bbe05f8ea
SHA256: e16d4eeac5610f73e0c796c982f4f4461f122327864d0825007756dfc1844d3e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x31AE0
timedatestamp.....: 0x464C9AD7 (Thu May 17 20:11:35 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x45B12 0x46000 6.59 b6aa3b3b669e3c3f0460d007a85ddcca
.rdata 0x47000 0x12476 0x13000 5.44 b0db3d7edfa6555214f6c2f6690d699d
.data 0x5A000 0x5804 0x4000 4.38 9583a34975b14fa6140b2bcc3a36ba0e
.rsrc 0x60000 0x330 0x1000 0.85 6c2883d22d0d9386afa4c6165b20fb89

( 4 imports )

> advapi32.dll: SetSecurityDescriptorDacl, RegCreateKeyExA, RegEnumKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, RegCloseKey, InitializeSecurityDescriptor, FreeSid, RegEnumValueA
> kernel32.dll: GetWindowsDirectoryA, GetCurrentThreadId, GetTickCount, WriteFile, SetFilePointer, GetFileSize, CloseHandle, CreateFileA, GetCurrentProcessId, GetLocalTime, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, GetVersionExA, WaitForSingleObject, CreateEventA, OpenEventA, ReleaseMutex, CreateMutexA, Sleep, GetComputerNameA, GetModuleFileNameA, GetSystemDirectoryA, lstrcpynA, lstrcatA, lstrcpyA, InterlockedIncrement, InterlockedDecrement, GetLocaleInfoA, RaiseException, RtlUnwind, ExitProcess, GetStartupInfoA, HeapAlloc, HeapFree, DeleteFileA, HeapReAlloc, LCMapStringA, LCMapStringW, GetTimeFormatA, GetDateFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, GetACP, GetOEMCP, FlushFileBuffers, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetTimeZoneInformation, SetStdHandle, ReadFile, GetLocaleInfoW, SetEndOfFile, SetEnvironmentVariableA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCommandLineA, WritePrivateProfileStringA, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetLastError, GetCPInfo, FreeLibrary
> user32.dll: PostMessageA, TranslateMessage, GetMessageA, PeekMessageA, DispatchMessageA
> winspool.drv: GetPrinterDriverDirectoryA

( 0 exports )

TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=e3d0ac2c5d297c914b508037f79cdf25
ssdeep: 6144:LBPAe5iOlF+igbmZS1Qcud9HTNBEDv4Jlh6QsvbwWZAObuh1C9r:LdplFayZS1od9HT7EbYhpsvbwQECx
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.07 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.07 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2875 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eSafe 7.0.17.0 2009.11.05 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.07 -
F-Secure 9.0.15370.0 2009.11.04 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.891 2009.11.07 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
NOD32 4582 2009.11.07 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.07 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.07 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.07 -
Information additionnelle
File size: 344064 bytes
MD5...: eba20beb8e1f46fcc0bcaef42520d2b3
SHA1..: 896a7d394661635305a1d1958d8f17a025394d34
SHA256: 26e9619d5bf6451e8c6692b3f23026cbed877fb59f32e7974feb37d6cfd60d65
ssdeep: 6144:fvOWOVcFLDC3rzEG1dohDy/Eg8oXHFcOzYLzj72T6BKVl:fWPQLDC3r9agO
zv2UEl

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27f6c
timedatestamp.....: 0x460abf17 (Wed Mar 28 19:16:39 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3dff0 0x3e000 6.64 4bd2cc1839bcddd9f3586efdeb3c971d
.rdata 0x3f000 0x9f0e 0xa000 5.04 5e2f20abf08dd7d21f037ec9374e5442
.data 0x49000 0x808c 0x4000 4.48 031d266134ed0cbf15da83b77a1acc3a
.reloc 0x52000 0x61d8 0x7000 5.05 ea55a85f60d821ae9266b2e94d3a7069

( 6 imports )
> KERNEL32.dll: CloseHandle, CreateFileA, GetCurrentDirectoryA, Process32Next, Process32First, CreateToolhelp32Snapshot, GetWindowsDirectoryA, GetModuleFileNameA, GetDriveTypeA, GetTempPathA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetComputerNameA, LocalAlloc, GetModuleHandleA, FindNextFileA, FindClose, FindFirstFileA, GlobalMemoryStatus, GetDiskFreeSpaceExA, GetUserDefaultLangID, HeapFree, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetVersionExA, LCMapStringA, LCMapStringW, GetCPInfo, HeapAlloc, HeapReAlloc, GetTimeFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, GetSystemTimeAsFileTime, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsFree, SetLastError, TlsGetValue, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WriteFile, VirtualProtect, VirtualQuery, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, FlushFileBuffers, SetFilePointer, ReadFile, GetLocaleInfoW, SetStdHandle, SetEnvironmentVariableA, SetEndOfFile, GetFileAttributesA, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemInfo, LocalFree, MultiByteToWideChar, GetLocaleInfoA, WideCharToMultiByte, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, LoadLibraryA, GetProcAddress, GetDateFormatA, FreeLibrary
> WINSPOOL.DRV: GetPrinterDriverDirectoryA, GetPrintProcessorDirectoryA
> ADVAPI32.dll: RegQueryValueExA, RegGetKeySecurity, RegSetKeySecurity, RegOpenKeyExA, RegOpenKeyA, RegConnectRegistryA, RegCloseKey, GetUserNameA, AllocateAndInitializeSid, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCreateKeyExA, RegSetValueExA
> SHELL32.dll: SHGetPathFromIDListA, SHGetSpecialFolderLocation
> ole32.dll: CoInitializeSecurity, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoInitialize
> OLEAUT32.dll: -, -, -

( 1 exports )
CoInstaller

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Le dernier je l'ai pas trouvé il se peut que je l'ai supprimer récement.

Réponse 27 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 20:33

il y a des trace de symantec
voici un lien pour desinstaller les logiciel, choisis le tiens et suis ce qu'est écrit

https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#norton-antivirus-et-norton-internet-security

refaire navilog
certaines choses n'ont pas été supprimé ( chez toi les outils ne fonctionnent qu'à moitié)

et enfin un nouveau RSIT de contrôle

* vois tu une amélioration de tes problèmes ?

Réponse 28 / 83

Utilisateur anonyme
7 nov. 2009 à 20:46

hello :

Fichier 3 reçu le 2009.05.13 22:21:12 (UTC)

Réponse 29 / 83

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
7 nov. 2009 à 21:01

Sinon j'ai fait une recherche panuelle pour symantec mais je n'ai rien trouvé.

Réponse 30 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 nov. 2009 à 21:24

gen-hackman, bonsoir mon ami

tu veux dire que le jour et l'l'heure sont inexacte ?
et que ce pourrait source d'instabilité ?

d'accord ambrinet
refais navilog stp pour être sûr et un nouveau rsit en suivant

merci

ambrinet
13 nov. 2009 à 09:10

Parlant d'heure, j'ai remarqué que sur facebook il y a effectivement un probleme sur l'heure. Car les heures a laquelle les posts sont indiqués décalent de plusieurs heures. Ou peut etre est ce erreur du au site?

Réponse 31 / 83

Utilisateur anonyme
8 nov. 2009 à 07:44

oui il faudrait voir de faire reanalyser le fichier je pense

Réponse 32 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 nov. 2009 à 07:54

ambrinet bonjour

comme tu l'as vu au dessus...encore du travail

refaire le post 40

puis navilog

puis rsit

merci

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
8 nov. 2009 à 15:13

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 44 bytes
MD5 : 803464c7f064192797be1531bb06bada
SHA1 : c4b58e6058049111a5b977e3c15173e5cb210dac
SHA256: ae1116fd9a03881108235362a23a3f2ae6b3bc5dce68eaecfa1399e6da780863
TrID : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:6NUmd+V:6NqV
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 286720 bytes
MD5 : 9cc602cecf0a0f806192f1a22adab41f
SHA1 : 924c230a841b2d307bf3e622c1ec3de5cf0b00dd
SHA256: e4b63b5dcf3f16fcda59a538a7463e4087985dd0b74c66ebde09b28dab8ed944
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1DCD3
timedatestamp.....: 0x464C9A49 (Thu May 17 20:09:13 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2BC32 0x2C000 6.57 3bf9d7ba8a6e966e52fbbcac6ec4e7ff
.rdata 0x2D000 0xF1B7 0x10000 5.65 2d4fa8dd094bee4a8b636dd3763c1086
.data 0x3D000 0x3BE8 0x3000 3.77 7626a006266bdb335b42a4d9375b5e78
.reloc 0x41000 0x5AAE 0x6000 4.11 cc8753b8b297534edf6948ca4a9f1d1d

( 5 imports )

> advapi32.dll: GetSecurityDescriptorOwner, MakeAbsoluteSD, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, EqualSid, DeleteAce, AddAccessDeniedAce, GetAclInformation, AddAce, LookupAccountNameA, CopySid, RegSetValueExA, OpenProcessToken, GetTokenInformation, MakeSelfRelativeSD, GetSecurityDescriptorLength, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, InitializeSecurityDescriptor, FreeSid, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, GetSecurityDescriptorSacl, GetSecurityDescriptorGroup
> kernel32.dll: EnterCriticalSection, LeaveCriticalSection, WaitForSingleObject, SetThreadPriority, SetEvent, CreateEventA, InterlockedDecrement, InterlockedIncrement, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapFree, HeapAlloc, GetCPInfo, HeapReAlloc, LCMapStringA, LCMapStringW, DeleteCriticalSection, GetStringTypeA, GetStringTypeW, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, GetOEMCP, UnhandledExceptionFilter, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetLocaleInfoW, InitializeCriticalSection, FormatMessageA, GetVersionExA, GetCurrentProcess, GetModuleFileNameW, WideCharToMultiByte, SetLastError, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, CreateFileA, CloseHandle, GetSystemDirectoryA, GetModuleFileNameA, GetModuleHandleA, FreeLibrary, DisableThreadLibraryCalls, Sleep, GetLastError, LoadLibraryA, GetProcAddress, GetComputerNameA, GetACP
> ole32.dll: CoInitializeEx, CoInitialize, CoInitializeSecurity, CoCreateInstance, CoUninitialize
> oleaut32.dll: -, -, -, -, -
> winspool.drv: EnumPortsA, EnumPrintersA, SetPrinterA, ClosePrinter, OpenPrinterA, GetPrinterA, AddPortA

( 1 exports )

> AddPortLcs, AddProgramFirewallException, CreateP2PExceptions, CreateP2PPort, EnableFirewallExceptionsLcs, GetDeviceFriendlyNameLcs, GetINAInfoLcs, GetScannerHostInfoLcs, GetSupportedUnicodeLcs, GetWirelessMedallionStateLcs, Initialize, RemoveProgramFirewallException, SetDeviceFriendlyNameLcs, SetScannerHostInfoLcs, SharePrinter, SwitchAllPrintObjectPortsLcs, Uninitialize, VerifyPrinterConnectedLcs, VerifySharedPrinter
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 6144:VsPFAq9Gd0vyqKzHPTU9l7WIIYAO7lFazLwQRm:K9WlqKjqlKIIYZa
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1333 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 -
McAfee-GW-Edition 6.7.6 2009.06.15 -
Microsoft 1.4701 2009.06.15 -
NOD32 4156 2009.06.15 -
Norman 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
VirusBuster 4.6.5.0 2009.06.15 -
Information additionnelle
File size: 323584 bytes
MD5 : d145e03f897b9f9c0264ba69b2e300d5
SHA1 : 0cad307141807025f625ee29696e36595deba9e5
SHA256: 0aff019e564fdb25ff88848c43254052a49ca0cc6eb120448dca6f1081e492e0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21DF2
timedatestamp.....: 0x464C96CA (Thu May 17 19:54:18 2007)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2FC52 0x30000 6.55 fffa299fcec75196fc72aa5916b0a150
.rdata 0x31000 0xF115 0x10000 5.61 2163ad287d29da1c1ed002ef604aaaff
.data 0x41000 0x5EDC 0x5000 4.37 5a85c572503013120115608bbb932de5
.rsrc 0x47000 0x330 0x1000 0.85 6bd11b493c90e93e858826cd55af7453
.reloc 0x48000 0x7598 0x8000 4.27 a3504fa5c53daf35e186390cca26eacb

( 2 imports )

> advapi32.dll: IsValidSid, GetAce, AllocateAndInitializeSid, FreeSid, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, AddAccessAllowedAce, InitializeAcl, GetLengthSid
> kernel32.dll: InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, SetEvent, ResetEvent, CreateEventA, SetLastError, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, FormatMessageA, GetCurrentProcess, GetVersionExA, GetComputerNameA, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapAlloc, GetCPInfo, HeapFree, HeapReAlloc, LCMapStringA, LCMapStringW, GetStringTypeA, FreeLibrary, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, TerminateProcess, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, UnhandledExceptionFilter, GetACP, GetOEMCP, IsBadWritePtr, IsBadReadPtr, IsBadCodePtr, SetStdHandle, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, CreateProcessA, WaitForSingleObject, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, GetModuleFileNameA, GetSystemDirectoryA, CreateFileA, CloseHandle, DisableThreadLibraryCalls, GetLastError, GetStringTypeW, Sleep

( 1 exports )

> Configure, Discover, Enumerate, Initialize, RegisterRemoteSubnets, ResolveHostName, Uninitialize
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 3072:EaW3u8zyhGhxpaSdtOq9tPyb+CFahoww/oZwaay4VkTtoQo+L1Ag0Fu+bcNMycy5:kJxUSWwdGYtwmBay8kT3AOnMkCtvOI
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.18 -
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.18 -
Avast 4.8.1335.0 2009.05.18 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.18 -
eTrust-Vet 31.6.6509 2009.05.18 -
F-Prot 4.4.4.56 2009.05.18 -
F-Secure 8.0.14470.0 2009.05.18 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5619 2009.05.18 -
McAfee+Artemis 5619 2009.05.18 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 -
NOD32 4084 2009.05.18 -
Norman 6.01.05 2009.05.18 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.18 -
Prevx 3.0 2009.05.18 -
Rising 21.30.04.00 2009.05.18 -
Sophos 4.41.0 2009.05.18 -
Sunbelt 3.2.1858.2 2009.05.18 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1739 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Information additionnelle
File size: 394160 bytes
MD5 : e3d0ac2c5d297c914b508037f79cdf25
SHA1 : 56f81bbb521739afe10dae6199ca508bbe05f8ea
SHA256: e16d4eeac5610f73e0c796c982f4f4461f122327864d0825007756dfc1844d3e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x31AE0
timedatestamp.....: 0x464C9AD7 (Thu May 17 20:11:35 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x45B12 0x46000 6.59 b6aa3b3b669e3c3f0460d007a85ddcca
.rdata 0x47000 0x12476 0x13000 5.44 b0db3d7edfa6555214f6c2f6690d699d
.data 0x5A000 0x5804 0x4000 4.38 9583a34975b14fa6140b2bcc3a36ba0e
.rsrc 0x60000 0x330 0x1000 0.85 6c2883d22d0d9386afa4c6165b20fb89

( 4 imports )

> advapi32.dll: SetSecurityDescriptorDacl, RegCreateKeyExA, RegEnumKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, RegCloseKey, InitializeSecurityDescriptor, FreeSid, RegEnumValueA
> kernel32.dll: GetWindowsDirectoryA, GetCurrentThreadId, GetTickCount, WriteFile, SetFilePointer, GetFileSize, CloseHandle, CreateFileA, GetCurrentProcessId, GetLocalTime, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, GetVersionExA, WaitForSingleObject, CreateEventA, OpenEventA, ReleaseMutex, CreateMutexA, Sleep, GetComputerNameA, GetModuleFileNameA, GetSystemDirectoryA, lstrcpynA, lstrcatA, lstrcpyA, InterlockedIncrement, InterlockedDecrement, GetLocaleInfoA, RaiseException, RtlUnwind, ExitProcess, GetStartupInfoA, HeapAlloc, HeapFree, DeleteFileA, HeapReAlloc, LCMapStringA, LCMapStringW, GetTimeFormatA, GetDateFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, GetACP, GetOEMCP, FlushFileBuffers, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetTimeZoneInformation, SetStdHandle, ReadFile, GetLocaleInfoW, SetEndOfFile, SetEnvironmentVariableA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCommandLineA, WritePrivateProfileStringA, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetLastError, GetCPInfo, FreeLibrary
> user32.dll: PostMessageA, TranslateMessage, GetMessageA, PeekMessageA, DispatchMessageA
> winspool.drv: GetPrinterDriverDirectoryA

( 0 exports )

TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=e3d0ac2c5d297c914b508037f79cdf25
ssdeep: 6144:LBPAe5iOlF+igbmZS1Qcud9HTNBEDv4Jlh6QsvbwWZAObuh1C9r:LdplFayZS1od9HT7EbYhpsvbwQECx
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.07 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.07 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2875 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eSafe 7.0.17.0 2009.11.05 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.07 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.07 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.891 2009.11.07 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
Microsoft 1.5202 2009.11.07 -
NOD32 4582 2009.11.07 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.07 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.07 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.07 -
Information additionnelle
File size: 344064 bytes
MD5 : eba20beb8e1f46fcc0bcaef42520d2b3
SHA1 : 896a7d394661635305a1d1958d8f17a025394d34
SHA256: 26e9619d5bf6451e8c6692b3f23026cbed877fb59f32e7974feb37d6cfd60d65
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27F6C
timedatestamp.....: 0x460ABF17 (Wed Mar 28 21:16:39 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3DFF0 0x3E000 6.64 4bd2cc1839bcddd9f3586efdeb3c971d
.rdata 0x3F000 0x9F0E 0xA000 5.04 5e2f20abf08dd7d21f037ec9374e5442
.data 0x49000 0x808C 0x4000 4.48 031d266134ed0cbf15da83b77a1acc3a
.reloc 0x52000 0x61D8 0x7000 5.05 ea55a85f60d821ae9266b2e94d3a7069

( 6 imports )

> advapi32.dll: RegQueryValueExA, RegGetKeySecurity, RegSetKeySecurity, RegOpenKeyExA, RegOpenKeyA, RegConnectRegistryA, RegCloseKey, GetUserNameA, AllocateAndInitializeSid, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCreateKeyExA, RegSetValueExA
> kernel32.dll: CloseHandle, CreateFileA, GetCurrentDirectoryA, Process32Next, Process32First, CreateToolhelp32Snapshot, GetWindowsDirectoryA, GetModuleFileNameA, GetDriveTypeA, GetTempPathA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetComputerNameA, LocalAlloc, GetModuleHandleA, FindNextFileA, FindClose, FindFirstFileA, GlobalMemoryStatus, GetDiskFreeSpaceExA, GetUserDefaultLangID, HeapFree, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetVersionExA, LCMapStringA, LCMapStringW, GetCPInfo, HeapAlloc, HeapReAlloc, GetTimeFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, GetSystemTimeAsFileTime, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsFree, SetLastError, TlsGetValue, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WriteFile, VirtualProtect, VirtualQuery, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, FlushFileBuffers, SetFilePointer, ReadFile, GetLocaleInfoW, SetStdHandle, SetEnvironmentVariableA, SetEndOfFile, GetFileAttributesA, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemInfo, LocalFree, MultiByteToWideChar, GetLocaleInfoA, WideCharToMultiByte, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, LoadLibraryA, GetProcAddress, GetDateFormatA, FreeLibrary
> ole32.dll: CoInitializeSecurity, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoInitialize
> oleaut32.dll: -, -, -
> shell32.dll: SHGetPathFromIDListA, SHGetSpecialFolderLocation
> winspool.drv: GetPrinterDriverDirectoryA, GetPrintProcessorDirectoryA

( 1 exports )

> CoInstaller
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 6144:fvOWOVcFLDC3rzEG1dohDy/Eg8oXHFcOzYLzj72T6BKVl:fWPQLDC3r9agOzv2UEl
PEiD : -
RDS : NSRL Reference Data Set

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
8 nov. 2009 à 15:18

bonjour

J'ai refait tous les scanne, par contre pour navilog j'ai entré un fichier du poste 40. Je pense que c'était une erreur. Je ne comprend pas pourquoi mon pc enregistre la moitié des infos.

Fix Navipromo version 4.0.4 commencé le 08/11/2009 14:48:23,96

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.11.2009 à 22h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : salut ma amour ( Administrator )
BOOT : Fail-safe with network boot

Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)

C:\ (Local Disk) - NTFS - Total:228 Go (Free:106 Go)
D:\ (Local Disk) - NTFS - Total:4 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Recherche executée en mode sans échec

Nettoyage executé en mode sans échec

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SALUTM~1\AppData\Local\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Egroup !!ERREUR SUPPRESSION!!
Certificat OOO-Favorit supprimé !
Certificat OOO-Favorit !!ERREUR SUPPRESSION!!

*** Scan terminé 08/11/2009 14:50:43,10 ***

Fix Navipromo version 4.0.4 commencé le 08/11/2009 14:51:35,87

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.11.2009 à 22h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : salut ma amour ( Administrator )
BOOT : Fail-safe with network boot

Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)

C:\ (Local Disk) - NTFS - Total:228 Go (Free:106 Go)
D:\ (Local Disk) - NTFS - Total:4 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Mode suppression par méthode manuelle

Nom du fichier saisi : C:\Windows\system32\lxddrwrd.ini

Nettoyage executé en mode sans échec

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SALUTM~1\AppData\Local\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Egroup !!ERREUR SUPPRESSION!!
Certificat OOO-Favorit supprimé !
Certificat OOO-Favorit !!ERREUR SUPPRESSION!!

*** Scan terminé 08/11/2009 14:55:13,51 ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:28, on 08/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Users\salut ma amour\Desktop\RSIT.exe
C:\Users\salut ma amour\Desktop\salut ma amour.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

Réponse 33 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 nov. 2009 à 16:03

bonjour

là je n'ai plus d'idée...as tu toujours tes soucis ou vois tu une amélioration ?

au niveau infection tout a l'air ok

ambrinet
8 nov. 2009 à 17:19

Oui j'ai toujours le probleme. En fait le logiciel de l'imprimante s'installe bien mais pas les pilotes apparement. la apparement l'editeur de registre ne s'est pas éteint, mais s'est printer communication systeme qui s'est éteint. Et toujours impossible de numériser ou d'imprimer une page. Egalement mon imprimante n'apparait plus dans le panneau de configuration il n'y a que le fax dont je ne sais meme pas me servir. C'est ine lexmark x2550. J'ai essayé de prendre les pilote sur le cd egalement sur le site lexmark.

Réponse 34 / 83

Utilisateur anonyme
8 nov. 2009 à 17:24

salut ca à virer :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\SOFTWARE\SweetIM

et les restes de norton qui pourraient faire conflit ^^

ambrinet
8 nov. 2009 à 18:26

J'ai essayé d'ouvrir regedit pour supprimer les programmes mais le programme ne s'ouvre pas et le pc rame. Y a t'il un autre moyen pour le supprimer??

Réponse 35 / 83

Utilisateur anonyme
8 nov. 2009 à 19:07

je pense qu'il faudrait retenter les tools qui n ont pas fonctionné en desactivant le tea timer de spybot

ca doit etre lui qui bloque les modifs ^^

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
8 nov. 2009 à 19:58

J'avais déja desativé le tea timer de spybot!

Réponse 36 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 nov. 2009 à 22:41

j'ai lu vos messages durant mon absence....et là je séche un peu !

ce que propose gen n'est pas idiot, car les outils n'ont jamais fonctionner parfaitement, mais en coupant tout, internet antivirus application etc,.....peut être

Réponse 37 / 83

Utilisateur anonyme
9 nov. 2009 à 08:22

desactivé spybot ???

Logfile of random's system information tool 1.06 (written by random/random)
Run by salut ma amour at 2009-11-02 14:16:31

Running processes:

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
__________________________

############################## | UsbFix V6.047 |

########### | Processus actifs |

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

____________________________

Logfile of random's system information tool 1.06 (written by random/random)
Run by salut ma amour at 2009-11-03 13:34:39

Running processes:

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

____________________________

List'em by g3n-h@ckm@n 1.0.5.0
Start at: 19:16:23 | 06/11/2009

¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2260

____________________________

Fix Navipromo version 4.0.4 commencé le 07/11/2009 20:50:16,60

Certificat Egroup supprimé !
Certificat Egroup !!ERREUR SUPPRESSION!!
Certificat OOO-Favorit supprimé !
Certificat OOO-Favorit !!ERREUR SUPPRESSION!!

_____________________________

Réponse 38 / 83

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
9 nov. 2009 à 08:26

quel oeil !!!

je ferai attention à l'avenir

et donc ambrinet, tu l'as compris

Désactiver le TeaTimer de Spybot (Merci à Nico et nathandre):
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé

Spybot va géner les outils

et on recommence les outils

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
9 nov. 2009 à 13:12

bonjour,

Je suis retourné voir sur spybot et le programme tea timer était effectivement décoché. J'ai décoché les deux cases afin d'effectuer le programme pour etre sure, mais ca me semble quand meme bizar.
Egalement il y a eu un bug durant la recherche ad remover. Le lien que vous m'aviez envoyé ne fonctionnait pas, je l'ai donc télécharger sur internet.

Voici les rapports:

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 08.11.2009 à 14:49
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:37:03, 09/11/2009 | Mode sans echec | Option: SCAN
Exécuté de: "C:\Program Files\Ad-Remover\"
Système d'exploitation: Microsoft® Windows Vista™ Home Basic Service Pack 2 v6.0.6002
Nom du PC: NOUS | Utilisateur actuel: salut ma amour
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\pacificpoker
HKCU\Software\pokerinstaller
HKCU\Software\SweetIM
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1336511848-175822680-266065135-1000\Software\Sweetim
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
.
C:\Users\SALUTM~1\AppData\Roaming\Mozilla\Firefox\Profiles\vvcy3nt1.default\searchplugins\askcom.xml
C:\Users\Public\MyWebTattoo.exe
C:\Users\salut ma amour\AppData\LocalLow\Hotbar
C:\log_lobby.txt
C:\log_lobby_dumper.txt
C:\Users\SALUTM~1\Desktop\Everest Poker.exe
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.11 [fr] *
.
Nom du profil: vvcy3nt1.default (salut ma amour)
.
(SALUTM~1, prefs.js) Browser.download.dir, C:\Users\salut ma amour\Desktop
(SALUTM~1, prefs.js) Browser.download.lastDir, C:\Users\salut ma amour\Desktop
(SALUTM~1, prefs.js) Browser.search.defaultenginename, Ask.com
(SALUTM~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(SALUTM~1, prefs.js) Browser.search.selectedEngine, Ask.com
(SALUTM~1, prefs.js) Browser.startup.homepage, hxxp://www.google
.
(SALUTM~1, prefs.js) TROUV+ - Browser.search.defaultengine, Ask.com
(SALUTM~1, prefs.js) TROUV+ - Browser.search.defaultenginename, Ask.com
(SALUTM~1, prefs.js) TROUV+ - Browser.search.order.1, Ask.com
(SALUTM~1, prefs.js) TROUV+ - Browser.search.selectedEngine, Ask.com
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.google.com/
SearchAssistant:
Default_Page_URL: hxxp://www.google.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.google.com
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\salut ma amour\Favorites\Documents\VistaTcpipUacPatch1.6.rar
C:\Users\salut ma amour\Favorites\Documents\VistaTcpipUacPatch1.6\Readme.url
C:\Users\salut ma amour\Favorites\Documents\VistaTcpipUacPatch1.6\Source.url
C:\Users\salut ma amour\Favorites\Documents\VistaTcpipUacPatch1.6\UAControl.exe
.
===================================
.
3699 Octet(s) - C:\Ad-Report-SCAN[1].log
.
8 Fichier(s) - C:\Users\SALUTM~1\AppData\Local\Temp
16 Fichier(s) - C:\Windows\Temp
.
3 Fichier(s) - "C:\Program Files\Ad-Remover\BACKUP"
0 Fichier(s) - "C:\Program Files\Ad-Remover\QUARANTINE"
.
Fin à: 11:59:14 | 09/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
Fix Navipromo version 4.0.4 commencé le 09/11/2009 12:57:43,91

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.11.2009 à 22h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : salut ma amour ( Administrator )
BOOT : Fail-safe with network boot

Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)

C:\ (Local Disk) - NTFS - Total:228 Go (Free:104 Go)
D:\ (Local Disk) - NTFS - Total:4 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Recherche executée en mode sans échec

Nettoyage executé en mode sans échec

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SALUTM~1\AppData\Local\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Egroup !!ERREUR SUPPRESSION!!
Certificat OOO-Favorit supprimé !
Certificat OOO-Favorit !!ERREUR SUPPRESSION!!

*** Scan terminé 09/11/2009 12:59:28,30 ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:47, on 09/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\salut ma amour\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-be/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

Réponse 39 / 83

Utilisateur anonyme
9 nov. 2009 à 08:34

les certificats sont des cles de registre suivant les infections donc.....

fais AD-Remover pour sweetIM

Réponse 40 / 83

ambrinet Messages postés 81 Date d'inscription dimanche 6 janvier 2008 Statut Membre Dernière intervention 5 janvier 2022
9 nov. 2009 à 13:15

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 286720 bytes
MD5 : 9cc602cecf0a0f806192f1a22adab41f
SHA1 : 924c230a841b2d307bf3e622c1ec3de5cf0b00dd
SHA256: e4b63b5dcf3f16fcda59a538a7463e4087985dd0b74c66ebde09b28dab8ed944
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1DCD3
timedatestamp.....: 0x464C9A49 (Thu May 17 20:09:13 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2BC32 0x2C000 6.57 3bf9d7ba8a6e966e52fbbcac6ec4e7ff
.rdata 0x2D000 0xF1B7 0x10000 5.65 2d4fa8dd094bee4a8b636dd3763c1086
.data 0x3D000 0x3BE8 0x3000 3.77 7626a006266bdb335b42a4d9375b5e78
.reloc 0x41000 0x5AAE 0x6000 4.11 cc8753b8b297534edf6948ca4a9f1d1d

( 5 imports )

> advapi32.dll: GetSecurityDescriptorOwner, MakeAbsoluteSD, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, EqualSid, DeleteAce, AddAccessDeniedAce, GetAclInformation, AddAce, LookupAccountNameA, CopySid, RegSetValueExA, OpenProcessToken, GetTokenInformation, MakeSelfRelativeSD, GetSecurityDescriptorLength, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, InitializeSecurityDescriptor, FreeSid, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, GetSecurityDescriptorSacl, GetSecurityDescriptorGroup
> kernel32.dll: EnterCriticalSection, LeaveCriticalSection, WaitForSingleObject, SetThreadPriority, SetEvent, CreateEventA, InterlockedDecrement, InterlockedIncrement, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapFree, HeapAlloc, GetCPInfo, HeapReAlloc, LCMapStringA, LCMapStringW, DeleteCriticalSection, GetStringTypeA, GetStringTypeW, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, GetOEMCP, UnhandledExceptionFilter, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetLocaleInfoW, InitializeCriticalSection, FormatMessageA, GetVersionExA, GetCurrentProcess, GetModuleFileNameW, WideCharToMultiByte, SetLastError, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, CreateFileA, CloseHandle, GetSystemDirectoryA, GetModuleFileNameA, GetModuleHandleA, FreeLibrary, DisableThreadLibraryCalls, Sleep, GetLastError, LoadLibraryA, GetProcAddress, GetComputerNameA, GetACP
> ole32.dll: CoInitializeEx, CoInitialize, CoInitializeSecurity, CoCreateInstance, CoUninitialize
> oleaut32.dll: -, -, -, -, -
> winspool.drv: EnumPortsA, EnumPrintersA, SetPrinterA, ClosePrinter, OpenPrinterA, GetPrinterA, AddPortA

( 1 exports )

> AddPortLcs, AddProgramFirewallException, CreateP2PExceptions, CreateP2PPort, EnableFirewallExceptionsLcs, GetDeviceFriendlyNameLcs, GetINAInfoLcs, GetScannerHostInfoLcs, GetSupportedUnicodeLcs, GetWirelessMedallionStateLcs, Initialize, RemoveProgramFirewallException, SetDeviceFriendlyNameLcs, SetScannerHostInfoLcs, SharePrinter, SwitchAllPrintObjectPortsLcs, Uninitialize, VerifyPrinterConnectedLcs, VerifySharedPrinter
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 6144:VsPFAq9Gd0vyqKzHPTU9l7WIIYAO7lFazLwQRm:K9WlqKjqlKIIYZa
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 44 bytes
MD5 : 803464c7f064192797be1531bb06bada
SHA1 : c4b58e6058049111a5b977e3c15173e5cb210dac
SHA256: ae1116fd9a03881108235362a23a3f2ae6b3bc5dce68eaecfa1399e6da780863
TrID : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:6NUmd+V:6NqV
PEiD : -
RDS : NSRL Reference Data Set
-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.07 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.07 -
Avast 4.8.1351.0 2009.11.07 -
AVG 8.5.0.423 2009.11.07 -
BitDefender 7.2 2009.11.07 -
CAT-QuickHeal 10.00 2009.11.07 -
ClamAV 0.94.1 2009.11.07 -
Comodo 2875 2009.11.07 -
DrWeb 5.0.0.12182 2009.11.07 -
eSafe 7.0.17.0 2009.11.05 -
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.07 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.07 -
GData 19 2009.11.07 -
Ikarus T3.1.1.74.0 2009.11.07 -
Jiangmin 11.0.800 2009.11.07 -
K7AntiVirus 7.10.891 2009.11.07 -
Kaspersky 7.0.0.125 2009.11.07 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.07 -
Microsoft 1.5202 2009.11.07 -
NOD32 4582 2009.11.07 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.07 -
Panda 10.0.2.2 2009.11.07 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.52.00 2009.11.07 -
Sophos 4.47.0 2009.11.07 -
Sunbelt 3.2.1858.2 2009.11.07 -
Symantec 1.4.4.12 2009.11.07 -
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.07 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.07 -
Information additionnelle
File size: 344064 bytes
MD5 : eba20beb8e1f46fcc0bcaef42520d2b3
SHA1 : 896a7d394661635305a1d1958d8f17a025394d34
SHA256: 26e9619d5bf6451e8c6692b3f23026cbed877fb59f32e7974feb37d6cfd60d65
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27F6C
timedatestamp.....: 0x460ABF17 (Wed Mar 28 21:16:39 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3DFF0 0x3E000 6.64 4bd2cc1839bcddd9f3586efdeb3c971d
.rdata 0x3F000 0x9F0E 0xA000 5.04 5e2f20abf08dd7d21f037ec9374e5442
.data 0x49000 0x808C 0x4000 4.48 031d266134ed0cbf15da83b77a1acc3a
.reloc 0x52000 0x61D8 0x7000 5.05 ea55a85f60d821ae9266b2e94d3a7069

( 6 imports )

> advapi32.dll: RegQueryValueExA, RegGetKeySecurity, RegSetKeySecurity, RegOpenKeyExA, RegOpenKeyA, RegConnectRegistryA, RegCloseKey, GetUserNameA, AllocateAndInitializeSid, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCreateKeyExA, RegSetValueExA
> kernel32.dll: CloseHandle, CreateFileA, GetCurrentDirectoryA, Process32Next, Process32First, CreateToolhelp32Snapshot, GetWindowsDirectoryA, GetModuleFileNameA, GetDriveTypeA, GetTempPathA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetComputerNameA, LocalAlloc, GetModuleHandleA, FindNextFileA, FindClose, FindFirstFileA, GlobalMemoryStatus, GetDiskFreeSpaceExA, GetUserDefaultLangID, HeapFree, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetVersionExA, LCMapStringA, LCMapStringW, GetCPInfo, HeapAlloc, HeapReAlloc, GetTimeFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, GetSystemTimeAsFileTime, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsFree, SetLastError, TlsGetValue, TlsAlloc, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WriteFile, VirtualProtect, VirtualQuery, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, FlushFileBuffers, SetFilePointer, ReadFile, GetLocaleInfoW, SetStdHandle, SetEnvironmentVariableA, SetEndOfFile, GetFileAttributesA, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemInfo, LocalFree, MultiByteToWideChar, GetLocaleInfoA, WideCharToMultiByte, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, LoadLibraryA, GetProcAddress, GetDateFormatA, FreeLibrary
> ole32.dll: CoInitializeSecurity, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoInitialize
> oleaut32.dll: -, -, -
> shell32.dll: SHGetPathFromIDListA, SHGetSpecialFolderLocation
> winspool.drv: GetPrinterDriverDirectoryA, GetPrintProcessorDirectoryA

( 1 exports )

> CoInstaller
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 6144:fvOWOVcFLDC3rzEG1dohDy/Eg8oXHFcOzYLzj72T6BKVl:fWPQLDC3r9agOzv2UEl
PEiD : -
RDS : NSRL Reference Data Set

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1333 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 -
McAfee-GW-Edition 6.7.6 2009.06.15 -
Microsoft 1.4701 2009.06.15 -
NOD32 4156 2009.06.15 -
Norman 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
VirusBuster 4.6.5.0 2009.06.15 -
Information additionnelle
File size: 323584 bytes
MD5 : d145e03f897b9f9c0264ba69b2e300d5
SHA1 : 0cad307141807025f625ee29696e36595deba9e5
SHA256: 0aff019e564fdb25ff88848c43254052a49ca0cc6eb120448dca6f1081e492e0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21DF2
timedatestamp.....: 0x464C96CA (Thu May 17 19:54:18 2007)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2FC52 0x30000 6.55 fffa299fcec75196fc72aa5916b0a150
.rdata 0x31000 0xF115 0x10000 5.61 2163ad287d29da1c1ed002ef604aaaff
.data 0x41000 0x5EDC 0x5000 4.37 5a85c572503013120115608bbb932de5
.rsrc 0x47000 0x330 0x1000 0.85 6bd11b493c90e93e858826cd55af7453
.reloc 0x48000 0x7598 0x8000 4.27 a3504fa5c53daf35e186390cca26eacb

( 2 imports )

> advapi32.dll: IsValidSid, GetAce, AllocateAndInitializeSid, FreeSid, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, RegEnumValueA, RegCreateKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, AddAccessAllowedAce, InitializeAcl, GetLengthSid
> kernel32.dll: InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, SetEvent, ResetEvent, CreateEventA, SetLastError, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, FormatMessageA, GetCurrentProcess, GetVersionExA, GetComputerNameA, GetLocaleInfoA, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, TlsSetValue, GetCommandLineA, ExitThread, TlsGetValue, CreateThread, HeapAlloc, GetCPInfo, HeapFree, HeapReAlloc, LCMapStringA, LCMapStringW, GetStringTypeA, FreeLibrary, TlsFree, TlsAlloc, SetUnhandledExceptionFilter, TerminateProcess, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, FlushFileBuffers, SetFilePointer, UnhandledExceptionFilter, GetACP, GetOEMCP, IsBadWritePtr, IsBadReadPtr, IsBadCodePtr, SetStdHandle, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, CreateProcessA, WaitForSingleObject, lstrcpyA, lstrcatA, MultiByteToWideChar, lstrcpynA, GetModuleFileNameA, GetSystemDirectoryA, CreateFileA, CloseHandle, DisableThreadLibraryCalls, GetLastError, GetStringTypeW, Sleep

( 1 exports )

> Configure, Discover, Enumerate, Initialize, RegisterRemoteSubnets, ResolveHostName, Uninitialize
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 3072:EaW3u8zyhGhxpaSdtOq9tPyb+CFahoww/oZwaay4VkTtoQo+L1Ag0Fu+bcNMycy5:kJxUSWwdGYtwmBay8kT3AOnMkCtvOI
PEiD : -
RDS : NSRL Reference Data Set
-

Fichier lxddcfg.exe reçu le 2009.05.18 20:25:49 (UTC)
Situation actuelle: terminé

Résultat: 0/40 (0.00%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.18 -
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.18 -
Avast 4.8.1335.0 2009.05.18 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.18 -
eTrust-Vet 31.6.6509 2009.05.18 -
F-Prot 4.4.4.56 2009.05.18 -
F-Secure 8.0.14470.0 2009.05.18 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5619 2009.05.18 -
McAfee+Artemis 5619 2009.05.18 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 -
NOD32 4084 2009.05.18 -
Norman 6.01.05 2009.05.18 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.18 -
Prevx 3.0 2009.05.18 -
Rising 21.30.04.00 2009.05.18 -
Sophos 4.41.0 2009.05.18 -
Sunbelt 3.2.1858.2 2009.05.18 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1739 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Information additionnelle
File size: 394160 bytes
MD5 : e3d0ac2c5d297c914b508037f79cdf25
SHA1 : 56f81bbb521739afe10dae6199ca508bbe05f8ea
SHA256: e16d4eeac5610f73e0c796c982f4f4461f122327864d0825007756dfc1844d3e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x31AE0
timedatestamp.....: 0x464C9AD7 (Thu May 17 20:11:35 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x45B12 0x46000 6.59 b6aa3b3b669e3c3f0460d007a85ddcca
.rdata 0x47000 0x12476 0x13000 5.44 b0db3d7edfa6555214f6c2f6690d699d
.data 0x5A000 0x5804 0x4000 4.38 9583a34975b14fa6140b2bcc3a36ba0e
.rsrc 0x60000 0x330 0x1000 0.85 6c2883d22d0d9386afa4c6165b20fb89

( 4 imports )

> advapi32.dll: SetSecurityDescriptorDacl, RegCreateKeyExA, RegEnumKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, SetKernelObjectSecurity, GetSecurityDescriptorDacl, SetSecurityInfo, InitializeAcl, AddAccessAllowedAce, IsValidSid, GetLengthSid, GetAce, AllocateAndInitializeSid, RegCloseKey, InitializeSecurityDescriptor, FreeSid, RegEnumValueA
> kernel32.dll: GetWindowsDirectoryA, GetCurrentThreadId, GetTickCount, WriteFile, SetFilePointer, GetFileSize, CloseHandle, CreateFileA, GetCurrentProcessId, GetLocalTime, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, GetVersionExA, WaitForSingleObject, CreateEventA, OpenEventA, ReleaseMutex, CreateMutexA, Sleep, GetComputerNameA, GetModuleFileNameA, GetSystemDirectoryA, lstrcpynA, lstrcatA, lstrcpyA, InterlockedIncrement, InterlockedDecrement, GetLocaleInfoA, RaiseException, RtlUnwind, ExitProcess, GetStartupInfoA, HeapAlloc, HeapFree, DeleteFileA, HeapReAlloc, LCMapStringA, LCMapStringW, GetTimeFormatA, GetDateFormatA, CompareStringA, CompareStringW, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, GetACP, GetOEMCP, FlushFileBuffers, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, IsBadWritePtr, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetTimeZoneInformation, SetStdHandle, ReadFile, GetLocaleInfoW, SetEndOfFile, SetEnvironmentVariableA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCommandLineA, WritePrivateProfileStringA, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetLastError, GetCPInfo, FreeLibrary
> user32.dll: PostMessageA, TranslateMessage, GetMessageA, PeekMessageA, DispatchMessageA
> winspool.drv: GetPrinterDriverDirectoryA

( 0 exports )

TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: https://www.symantec.com?md5=e3d0ac2c5d297c914b508037f79cdf25
ssdeep: 6144:LBPAe5iOlF+igbmZS1Qcud9HTNBEDv4Jlh6QsvbwWZAObuh1C9r:LdplFayZS1od9HT7EbYhpsvbwQECx
PEiD : -
RDS : NSRL Reference Data Set
-

Fichier 3 reçu le 2009.05.13 22:21:12 (UTC)
Situation actuelle: terminé

Résultat: 0/40 (0.00%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.14 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6504 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.14 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.13 -
Prevx 3.0 2009.05.14 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.14 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.13 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.14 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -
Information additionnelle
File size: 44 bytes
MD5 : 803464c7f064192797be1531bb06bada
SHA1 : c4b58e6058049111a5b977e3c15173e5cb210dac
SHA256: ae1116fd9a03881108235362a23a3f2ae6b3bc5dce68eaecfa1399e6da780863
TrID : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:6NUmd+V:6NqV
PEiD : -
RDS : NSRL Reference Data Set
-

Virus ou erreur logiciel???

83 réponses

Discussions similaires