Service.exe
kei
-
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Salut, je tourne sur Winows 7 et depuis quelques jours mon pc se voit apparaitre un message "Echec à la définition des données pour 'service' "et laisse place à un autre message "Service Pack 2 a cessé de fonctionner". De plus à chaque fois que j'ouvre live messenger je perds (dans les 2 minutes qui suivent) ma connection internet et je suis bon pour un redémarrage du modem. Je pense que c'est dut à un certain service.exe que je n'arrive pas à enlevé. Si quelqu'un as des informations.
Merci
Merci
A voir également:
- Service.exe
- Widget service.exe - Guide
11 réponses
Salut kei
-Télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Mets le à jour
---
- Redémarre en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK
- Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK
Tutoriel pour MalwareByte's ici :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
@++ :)
-Télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Mets le à jour
---
- Redémarre en mode sans échec :
Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK
- Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK
Tutoriel pour MalwareByte's ici :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
@++ :)
Salut kei
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
(Sous Vista/7, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
(Sous Vista/7, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
en ce qui concerne Rsit, après avoir cliqué sur continué je tombe sur Error:Variable used without being declared :/ Par contre j'ai fait mon rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:26, on 11/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\Documents\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [NMB] "C:\windows\SysWOW64\Service.exe" "Ghost"
O4 - HKLM\..\Run: [Service] C:\windows\SysWOW64\UPSERV~1.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\µ_ice\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:26, on 11/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\AppData\Local\Chromium\Application\chrome.exe
C:\Users\µ_ice\Documents\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [NMB] "C:\windows\SysWOW64\Service.exe" "Ghost"
O4 - HKLM\..\Run: [Service] C:\windows\SysWOW64\UPSERV~1.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\µ_ice\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Merci beaucoup je n'ai plus eu de message au démarrage après ce second scan :) en ce qui concerne la déconnections je ne me suis pas reconnecté sur winds live. Je poste tout de même le rapport au cas ou mais merci encore
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3729
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
12/02/2010 19:49:51
mbam-log-2010-02-12 (19-49-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 307586
Temps écoulé: 56 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\$Recycle.Bin\S-1-5-21-1951271959-1319083240-1666305940-1000\$RZZED89.exe (Adware.MediaPass) -> No action taken.
C:\Users\µ_ice\Documents\Bureau\ \pcsx2\plugins\PadSSSPSX-PM.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\µ_ice\Documents\Call of Duty 4\Installation\Keygen\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.
C:\Users\µ_ice\Downloads\Adobe Creative Suite 4 Master Collection KeyGen.exe (Trojan.Downloader) -> No action taken.
C:\Users\µ_ice\Downloads\Call of Duty 4\Installation\Keygen\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3729
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
12/02/2010 19:49:51
mbam-log-2010-02-12 (19-49-46).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 307586
Temps écoulé: 56 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\$Recycle.Bin\S-1-5-21-1951271959-1319083240-1666305940-1000\$RZZED89.exe (Adware.MediaPass) -> No action taken.
C:\Users\µ_ice\Documents\Bureau\ \pcsx2\plugins\PadSSSPSX-PM.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\µ_ice\Documents\Call of Duty 4\Installation\Keygen\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.
C:\Users\µ_ice\Downloads\Adobe Creative Suite 4 Master Collection KeyGen.exe (Trojan.Downloader) -> No action taken.
C:\Users\µ_ice\Downloads\Call of Duty 4\Installation\Keygen\Call.Of.Duty.4.Modern.Warfare_KEYGEN-FFF.exe (HackTool.Keygen) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut kei
Refais un scan avec RSIT et poste le rapport log.txt seulement à la fin de l’analyse
Le rapport est dans le dossier ici C:\rsit
@++ :)
Refais un scan avec RSIT et poste le rapport log.txt seulement à la fin de l’analyse
Le rapport est dans le dossier ici C:\rsit
@++ :)
Salut dédétraqué
En ce qui concerne RSIT j'ai toujours le même problème, quand je veux commencer le scan je tombe sur l'AutoIt error. J'ai trouvé plusieurs solutions sur la toile mais rien y fait :x
En ce qui concerne RSIT j'ai toujours le même problème, quand je veux commencer le scan je tombe sur l'AutoIt error. J'ai trouvé plusieurs solutions sur la toile mais rien y fait :x
Salut kei
Faire un clique droit sur RSIT qui est sur le bureau et dans la liste clique sur Propriétés.
Dans la fenêtre des Propriétés clique sur l’onglet Compatibilité, coche la case devant Exécuter ce programme en mode de compatibilité pour : et choisir Windows XP dans la liste, clique sur Appliquer.
Tente de nouveau avec RSIT
@++ :)
Faire un clique droit sur RSIT qui est sur le bureau et dans la liste clique sur Propriétés.
Dans la fenêtre des Propriétés clique sur l’onglet Compatibilité, coche la case devant Exécuter ce programme en mode de compatibilité pour : et choisir Windows XP dans la liste, clique sur Appliquer.
Tente de nouveau avec RSIT
@++ :)
Salut dédétraqué
+1 j'aurais peut être dut y penser...'(°<.....voilà le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by µ_ice at 2010-02-13 21:33:27
Microsoft Windows 7 Édition Intégrale Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:31, on 13/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\µ_ice\Documents\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\µ_ice.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files (x86)\Common Files\justDo\Jd2002.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
+1 j'aurais peut être dut y penser...'(°<.....voilà le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by µ_ice at 2010-02-13 21:33:27
Microsoft Windows 7 Édition Intégrale Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 4095 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:31, on 13/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\µ_ice\Documents\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\µ_ice.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files (x86)\Common Files\justDo\Jd2002.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files (x86)\Common Files\justDo\IECatcher.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Salut kei
Faire un scan de ce fichier SetupX32.EXE ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
C:\Windows\SetupX32.EXE
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ces fichiers :
C:\Windows\system32\explorer.exe
C:\Windows\system32\ST~7DDC.tmp
@++ :)
Faire un scan de ce fichier SetupX32.EXE ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
C:\Windows\SetupX32.EXE
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ces fichiers :
C:\Windows\system32\explorer.exe
C:\Windows\system32\ST~7DDC.tmp
@++ :)
Salut dédé (en fait c'est plus cour :p)
Merci et voilà pour SetupX32.EXE:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3932 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 335872 bytes
MD5...: 420ef079fb0f24042ac42485c4a66acd
SHA1..: d8e72c2c15b6af3aac643b325e6250fee671c773
SHA256: e012c5c3e7040bddc73d14bcbc4511f8c67f58c6e7b03cd4ca674f187ec8ff11
ssdeep: 6144:k2OdTvL+rk0LjqQiT3iWC92P2L7k8wMMMMMMMMMMMMh:kLTUVjiziF92usM
MMMMMMMMMMM
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x19f79
timedatestamp.....: 0x4a7aa6ec (Thu Aug 06 09:48:28 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2253a 0x23000 6.37 be4142f89e5d7cf748dd60d04738cbd3
.rdata 0x24000 0x460b 0x5000 4.35 a5e2729460a981cbbb81f08ec41fb222
.data 0x29000 0x3a58 0x3000 3.81 da3d9ba7485936d4b303e361df8d141d
.rsrc 0x2d000 0x25070 0x26000 4.62 518fa3f110c66343d4431dc785cf4d7b
( 9 imports )
> KERNEL32.dll: MultiByteToWideChar, lstrcpyA, RemoveDirectoryA, OutputDebugStringA, VerLanguageNameA, lstrcatA, CopyFileA, lstrcmpA, GetPrivateProfileStringA, GetWindowsDirectoryA, WaitForSingleObject, CreateProcessA, GetShortPathNameA, GetSystemDirectoryA, GetCurrentDirectoryA, GetTempFileNameA, WritePrivateProfileStringA, MoveFileExA, CompareStringW, CompareStringA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, GetTimeZoneInformation, LCMapStringW, LCMapStringA, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapFree, SetFilePointer, SetEndOfFile, GetStdHandle, SetHandleCount, SetStdHandle, HeapSize, TerminateProcess, HeapAlloc, HeapReAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, FlushFileBuffers, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindNextFileA, FindFirstFileA, MoveFileA, GetFileType, RtlUnwind, _llseek, _hread, SetErrorMode, SetCommMask, SetupComm, PurgeComm, SetCommTimeouts, GetCommState, SetCommState, GetTickCount, ReadFile, WriteFile, WinExec, Sleep, SetEnvironmentVariableA, UnmapViewOfFile, CreateFileMappingA, MapViewOfFile, LoadLibraryA, FreeLibrary, GetCurrentProcess, _lread, _lclose, MulDiv, GetModuleFileNameA, lstrcmpiA, CreateDirectoryA, GetLastError, SetCurrentDirectoryA, CreateFileA, CloseHandle, SetFileAttributesA, DeleteFileA, OpenFile, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetVersionExA, GetModuleHandleA, GetProcAddress, GetDiskFreeSpaceA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, IsBadWritePtr, lstrlenA
> USER32.dll: MapDialogRect, GetScrollPos, SetScrollPos, EnableWindow, GetDlgItemTextA, LoadStringA, EndDialog, MessageBeep, CreateWindowExA, GetWindowTextLengthA, CallWindowProcA, GetWindowTextA, GetClassLongA, GetDlgCtrlID, GetForegroundWindow, wvsprintfA, SetScrollRange, RegisterClassA, LoadCursorA, LoadIconA, ReleaseDC, GetDC, InvalidateRect, DefWindowProcA, RegisterWindowMessageA, LoadBitmapA, CharLowerA, CharUpperA, GetSysColor, GetWindowWord, SetWindowWord, GetClassInfoA, UnregisterClassA, GetCursorPos, ScreenToClient, SetForegroundWindow, CreateDialogParamA, UpdateWindow, DialogBoxParamA, DestroyWindow, PeekMessageA, DispatchMessageA, TranslateMessage, IsWindowEnabled, CheckDlgButton, GetDlgItem, ShowWindow, SetDlgItemTextA, SendMessageA, IsDlgButtonChecked, PostMessageA, SetWindowLongA, SetCursor, wsprintfA, ExitWindowsEx, GetParent, GetWindowRect, GetSystemMetrics, SetWindowPos, SendDlgItemMessageA, GetActiveWindow, MessageBoxA, CopyRect, FillRect, SetRectEmpty, IsRectEmpty, SetRect, OffsetRect, InflateRect, BeginPaint, EndPaint, SetWindowTextA, GetClientRect, CheckRadioButton
> GDI32.dll: BitBlt, PatBlt, DeleteDC, IntersectClipRect, SelectObject, SetTextAlign, GetBkColor, SetBkColor, CreateCompatibleDC, GetObjectA, RealizePalette, SelectPalette, CreateFontA, DeleteObject, StretchBlt, GetTextExtentPointA, TextOutA, SetTextColor, SetBkMode, CreatePalette, CreateSolidBrush, GetDeviceCaps, GetTextFaceA, CreateDIBitmap, SaveDC, ExtTextOutA, RestoreDC
> ADVAPI32.dll: RegSetValueA, LookupPrivilegeValueA, OpenProcessToken, RegDeleteKeyA, RegQueryValueA, RegDeleteValueA, RegCreateKeyA, RegSetValueExA, AdjustTokenPrivileges, RegQueryValueExA, RegOpenKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey
> SHELL32.dll: SHGetSpecialFolderLocation, SHBrowseForFolderA, SHGetDesktopFolder, SHChangeNotify, SHGetMalloc, SHGetPathFromIDListA
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA, VerInstallFileA
> LZ32.dll: LZCopy, LZClose, LZOpenFileA
> COMCTL32.dll: PropertySheetA, ImageList_Add, -, ImageList_Create
( 2 exports )
_BkgndWndProc@@YGJPAUHWND__@@IIJ@Z, _MeterWndFn@16
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: InstallShield setup (42.6%)
Win32 Executable MS Visual C++ (generic) (37.3%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.5%)
Generic Win/DOS Executable (1.9%)
sigcheck:
publisher....:
copyright....: Copyright 2009
product......: Windows Application Installer Program
description..: Setupx32: Application Installer Program
original name: SETUPX32.EXE
internal name: SETUPX32.EXE
file version.: 8, 6, 2009, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
Ca c'est pour explorer.exe:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3931 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 2614272 bytes
MD5...: 2626fc9755be22f805d3cfa0ce3ee727
SHA1..: d76db4dcd710be9c3314cff94824933847565372
SHA256: c82149baca8d91b3ff1a189ca5dc814701e79bbb14798cd5766593b1206a1baa
ssdeep: 49152:bwPz1ubtHXPUvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xno4c
v:EPcbtcvYYYYYYYYYYYRYYYYYYYYYYE3h
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2a8cb
timedatestamp.....: 0x4aeba271 (Sat Oct 31 02:35:29 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaf135 0xaf200 6.39 8180f5d3d4d7f8265dc0f08e1bb154a8
.data 0xb1000 0x2fcc 0x2800 0.95 1408cc5d5952a7ece5e6486fb4c726d9
.rsrc 0xb4000 0x1c2e80 0x1c3000 5.52 b19a7eab21e8dad3fa5ade7705bb1828
.reloc 0x277000 0x9304 0x9400 6.75 b898429771fe2fa8fbedd7bd42575852
( 19 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus
> KERNEL32.dll: LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, QueueUserWorkItem, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, OpenProcess, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA
> GDI32.dll: GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend
> USER32.dll: PtInRect, GetWindowRect, GetWindow, SendMessageW, EnumChildWindows, GetWindowLongW, CharPrevW, CharNextW, GetSystemMetrics, CreateWindowExW, DialogBoxParamW, GetClassInfoW, GetClassInfoExW, GetMenuItemInfoW, GetMenuItemCount, GetClassNameW, GetKeyboardLayout, ActivateKeyboardLayout, IsChild, InsertMenuW, GetMenuStringW, SetMenuItemInfoW, InsertMenuItemW, IsWinEventHookInstalled, IsProcessDPIAware, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, MoveWindow, IsRectEmpty, UnionRect, ChildWindowFromPointEx, GetGUIThreadInfo, SetClassLongW, GetClassLongW, WindowFromDC, CharUpperW, UnregisterClassW, FrameRect, GetWindowDC, SendMessageCallbackW, UpdateLayeredWindow, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation, GetIconInfo, ShowWindowAsync, FlashWindowEx, EndTask, SetThreadDesktop, GetMenuState, SetScrollInfo, GetScrollInfo, SetScrollPos, BringWindowToTop, DeregisterShellHookWindow, IsZoomed, CloseDesktop, OpenInputDesktop, RegisterShellHookWindow, InternalGetWindowText, GetWindowInfo, GetLayeredWindowAttributes, SetLayeredWindowAttributes, GetCaretBlinkTime, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExW, GetUpdateRect, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DispatchMessageW, TranslateMessage, GetMessageW, DestroyMenu, GetMenuDefaultItem, CreatePopupMenu, PostMessageW, MsgWaitForMultipleObjectsEx, PeekMessageW, SetWindowLongW, ShutdownBlockReasonCreate, LoadStringW, DestroyWindow, PostQuitMessage, SetWindowPos, KillTimer, SetTimer, SetPropW, ShowWindow, MapWindowPoints, RegisterClassW, LoadCursorW, SetActiveWindow, UpdateLayeredWindowIndirect, GetLastInputInfo, SendDlgItemMessageW, EndDialog, GetDesktopWindow, GetShellWindow, DestroyIcon, GetMonitorInfoW, CopyRect, ModifyMenuW, CheckMenuItem, EnableMenuItem, GhostWindowFromHungWindow, DeleteMenu, ReleaseCapture, GetCursorPos, DefWindowProcW, TrackMouseEvent, GetDoubleClickTime, InvalidateRect, LockWorkStation, TileWindows, UpdateWindow, CascadeWindows, GetWindowTextW, TrackPopupMenu, ClientToScreen, WindowFromPoint, AppendMenuW, EndPaint, DrawEdge, FillRect, LockSetForegroundWindow, InflateRect, IsWindowVisible, GetForegroundWindow, GetParent, WaitMessage, RegisterWindowMessageW, TrackPopupMenuEx, GetClientRect, MonitorFromRect, EqualRect, SubtractRect, RedrawWindow, EnumDisplayMonitors, SetWindowTextW, IntersectRect, GetWindowPlacement, SendNotifyMessageW, RemovePropW, SetWindowCompositionAttribute, HungWindowFromGhostWindow, SetFocus, SendMessageTimeoutW, EnumWindows, UnregisterHotKey, RegisterHotKey, MonitorFromWindow, IsWindow, SetCursor, GetAsyncKeyState, SetForegroundWindow, ChildWindowFromPoint, SetCursorPos, GetMessagePos, IsIconic, LoadIconW, DeferWindowPos, OffsetRect, GetWindowThreadProcessId, ScreenToClient, GetAncestor, MonitorFromPoint, SetRectEmpty, ChangeWindowMessageFilterEx, LoadAcceleratorsW, TranslateAcceleratorW, GetKeyState, SetWindowRgn, GetWindowRgnBox, LoadImageW, GetFocus, GetActiveWindow, MessageBeep, BeginPaint, SwitchToThisWindow, GetLastActivePopup, EndDeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, IsHungAppWindow, RegisterClipboardFormatW, SetRect, GetSysColorBrush, GetPropW, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetMenuDefaultItem, GetCapture, DrawIconEx, GetMessageExtraInfo, SetGestureConfig, AdjustWindowRect, CalculatePopupWindowPosition, DrawTextW, SetCapture, CallWindowProcW, CheckDlgButton, IsDlgButtonChecked, IsWindowEnabled, GetDlgItemInt, SetDlgItemInt, GetDlgItem, EnableWindow, SetWinEventHook, MsgWaitForMultipleObjects, RegisterClassExW, CopyIcon, AdjustWindowRectEx, GetSysColor, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, GetSystemMenu
> msvcrt.dll: _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, memcpy, memmove, _CIsin, _ftol2, _CIcos, _wtoi, wcsncmp, _wcsnicmp, _wcsicmp, bsearch, __p__commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _ftol2_sse, malloc, _CIsqrt, ceil, realloc, wcschr, iswalpha, wcsstr, free, _vsnwprintf, memset
> ntdll.dll: WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo
> SHLWAPI.dll: SHStrDupA, StrCmpW, -, -, PathCommonPrefixW, PathRemoveExtensionW, -, PathIsFileSpecW, -, -, -, StrRetToStrW, -, AssocCreate, -, StrRetToBufW, AssocQueryStringW, -, PathQuoteSpacesW, -, -, SHDeleteKeyW, -, SHRegGetUSValueW, -, -, PathIsNetworkPathW, -, -, -, -, SHOpenRegStream2W, -, -, -, -, -, -, PathRemoveFileSpecW, -, -, -, -, SHRegGetBoolUSValueW, -, -, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, -, -, PathFindExtensionW, StrChrIW, -, -, PathAppendW, SHDeleteValueW, -, SHSetValueW, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, -, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, -, -, -, -, StrToIntW, -, StrChrW, -, -, -, -, -, -, SHStrDupW, PathStripToRootW, -, -, -, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, -, -, -, -, -, -, PathIsPrefixW, -, StrCmpIW, PathParseIconLocationW, PathIsRootW, -, -, -, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, -
> SHELL32.dll: -, -, -, SHGetPropertyStoreForWindow, -, -, SHGetStockIconInfo, -, -, -, -, -, -, -, -, -, Shell_GetCachedImageIndexW, -, -, -, SHGetLocalizedName, SHCreateDataObject, -, -, -, -, -, -, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, -, -, SHBindToFolderIDListParentEx, SHGetFileInfoW, -, SHCreateItemWithParent, -, -, -, -, -, SHGetFolderLocation, -, SHParseDisplayName, SHGetSpecialFolderPathW, -, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, -, -, -, -, -, -, -, -, -, -, -, SHGetNameFromIDList, SHCreateShellItem, -, -, -, -, -, -, -, -, -, -, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, -, SHGetIDListFromObject, -, SHChangeNotifyRegisterThread, -, -, -, -, SHUpdateRecycleBinIcon, -, -, SHCreateItemFromIDList, -, -, SHFileOperationW, SHGetFolderPathEx, -, -, -, -, -, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, -, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, -, DragQueryFileW, -, -, SHGetSpecialFolderLocation, SHBindToFolderIDListParent
> ole32.dll: OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries
> OLEAUT32.dll: -, -, -, -, -, -
> EXPLORERFRAME.dll: -, -
> UxTheme.dll: DrawThemeTextEx, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, BeginBufferedPaint, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, -, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent
> POWRPROF.dll: CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
> dwmapi.dll: -, -, DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, -, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, -, -
> slc.dll: SLGetWindowsInformationDWORD
> gdiplus.dll: GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage
> Secur32.dll: GetUserNameExW
> RPCRT4.dll: RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
> PROPSYS.dll: PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.1.7600.16450 (win7_gdr.091030-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Et enfin ST~7DDC.tmp:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3932 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 462848 bytes
MD5...: b6e1df8e85d5c76a322eaa5fce2a65c3
SHA1..: 496c896cc7dfbfe3f28c9a3184777ea3023db8fb
SHA256: fab8af1f8fe46cb8a5cda44e420723b7305a665cc8736bf07aad02171908f196
ssdeep: 6144:LruHI9NHttYp2yiY07xqbAkK/jqSd+ezkHim414hJgSbZGrGD0Oz/Hynt6c
XNlw7:Lruk9ttYPCSujqS0QrGhJbqV
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16a90
timedatestamp.....: 0x4abc5e05 (Fri Sep 25 06:07:01 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1bfa5 0x1c000 6.52 45412d17cfa6e502d465be7343d4d748
.rdata 0x1d000 0x1a42 0x2000 4.99 b101091927242619c03d05756bc93a9d
.data 0x1f000 0x4d8c 0x2000 4.04 966e1fe4e9671f6c1ed70b6987de791b
.rsrc 0x24000 0x4ff08 0x50000 6.20 26446f72c42e6cbe1eaddca0ce92c40f
( 6 imports )
> KERNEL32.dll: HeapReAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, TerminateProcess, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, RtlUnwind, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, SetStdHandle, FlushFileBuffers, GetModuleHandleA, GetTickCount, GetCurrentProcess, GetLastError, GetVersionExA, MulDiv, lstrcpynA, lstrcmpiA, GetModuleFileNameA, GetFileAttributesA, GetWindowsDirectoryA, DeleteFileA, WritePrivateProfileStringA, FreeLibrary, LoadLibraryA, GetProcAddress, lstrcatA, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcpyA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, lstrlenA, HeapFree, CloseHandle
> USER32.dll: LoadCursorA, SetCursor, ReleaseCapture, SetCapture, GetDoubleClickTime, CreateDialogParamA, IntersectRect, GetSystemMetrics, FindWindowA, SetFocus, GetCursorPos, SendMessageA, InvalidateRect, UpdateWindow, GetClientRect, MapWindowPoints, ClientToScreen, PeekMessageA, SetDlgItemInt, ExitWindowsEx, MessageBoxA, CheckRadioButton, IsIconic, ShowCursor, EndDialog, PtInRect, DialogBoxParamA, GetDlgItemInt, MoveWindow, SetWindowTextA, GetWindowTextLengthA, GetDlgItemTextA, DestroyWindow, SetDlgItemTextA, GetWindowTextA, RedrawWindow, LoadImageA, SetWindowPos, CreateWindowExA, GetDC, DrawTextA, ReleaseDC, FillRect, InflateRect, EqualRect, SetRect, IsRectEmpty, OffsetRect, CopyRect, SetRectEmpty, wsprintfA, LoadStringA, SetWindowLongA, SendDlgItemMessageA, SystemParametersInfoA, BeginPaint, GetWindow, ShowWindow, GetDlgItem, GetWindowRect, ScreenToClient, EndPaint, KillTimer, SetTimer, CheckDlgButton, GetParent, EnableWindow, IsDlgButtonChecked, GetForegroundWindow, PostMessageA, GetKeyState
> GDI32.dll: SelectObject, DeleteObject, EndDoc, EndPage, RoundRect, GetDeviceCaps, StartPage, ExtTextOutA, IntersectClipRect, GetDCOrgEx, GetClipBox, SetPixel, GetPixel, SetROP2, SetTextColor, SetBkMode, GetTextExtentPoint32A, Rectangle, GetStockObject, CreateSolidBrush, ExcludeClipRect, CreateHatchBrush, SetBkColor, DeleteDC, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, GetObjectA, CreatePen, LineTo, MoveToEx, RestoreDC, StartDocA, CreateFontA, SaveDC
> comdlg32.dll: GetOpenFileNameA, PrintDlgA
> ADVAPI32.dll: RegEnumKeyExA, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegEnumKeyA, RegQueryInfoKeyA, RegQueryValueExA, RegCreateKeyExA, RegEnumValueA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyA
> COMCTL32.dll: PropertySheetA, CreatePropertySheetPageA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Pen Tablet
copyright....: Copyright (c) 2009
product......: Tablet Control Panel
description..: Control Panel for Tablet Settings
original name: TabCfg.exe
internal name: TabCfg.exe
file version.: 9, 23, 2009, 1
comments.....: Tablet Control Panel
signers......: -
signing date.: -
verified.....: Unsigned
Merci et voilà pour SetupX32.EXE:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3932 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 335872 bytes
MD5...: 420ef079fb0f24042ac42485c4a66acd
SHA1..: d8e72c2c15b6af3aac643b325e6250fee671c773
SHA256: e012c5c3e7040bddc73d14bcbc4511f8c67f58c6e7b03cd4ca674f187ec8ff11
ssdeep: 6144:k2OdTvL+rk0LjqQiT3iWC92P2L7k8wMMMMMMMMMMMMh:kLTUVjiziF92usM
MMMMMMMMMMM
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x19f79
timedatestamp.....: 0x4a7aa6ec (Thu Aug 06 09:48:28 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2253a 0x23000 6.37 be4142f89e5d7cf748dd60d04738cbd3
.rdata 0x24000 0x460b 0x5000 4.35 a5e2729460a981cbbb81f08ec41fb222
.data 0x29000 0x3a58 0x3000 3.81 da3d9ba7485936d4b303e361df8d141d
.rsrc 0x2d000 0x25070 0x26000 4.62 518fa3f110c66343d4431dc785cf4d7b
( 9 imports )
> KERNEL32.dll: MultiByteToWideChar, lstrcpyA, RemoveDirectoryA, OutputDebugStringA, VerLanguageNameA, lstrcatA, CopyFileA, lstrcmpA, GetPrivateProfileStringA, GetWindowsDirectoryA, WaitForSingleObject, CreateProcessA, GetShortPathNameA, GetSystemDirectoryA, GetCurrentDirectoryA, GetTempFileNameA, WritePrivateProfileStringA, MoveFileExA, CompareStringW, CompareStringA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, GetTimeZoneInformation, LCMapStringW, LCMapStringA, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapFree, SetFilePointer, SetEndOfFile, GetStdHandle, SetHandleCount, SetStdHandle, HeapSize, TerminateProcess, HeapAlloc, HeapReAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, FlushFileBuffers, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindNextFileA, FindFirstFileA, MoveFileA, GetFileType, RtlUnwind, _llseek, _hread, SetErrorMode, SetCommMask, SetupComm, PurgeComm, SetCommTimeouts, GetCommState, SetCommState, GetTickCount, ReadFile, WriteFile, WinExec, Sleep, SetEnvironmentVariableA, UnmapViewOfFile, CreateFileMappingA, MapViewOfFile, LoadLibraryA, FreeLibrary, GetCurrentProcess, _lread, _lclose, MulDiv, GetModuleFileNameA, lstrcmpiA, CreateDirectoryA, GetLastError, SetCurrentDirectoryA, CreateFileA, CloseHandle, SetFileAttributesA, DeleteFileA, OpenFile, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetVersionExA, GetModuleHandleA, GetProcAddress, GetDiskFreeSpaceA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, IsBadWritePtr, lstrlenA
> USER32.dll: MapDialogRect, GetScrollPos, SetScrollPos, EnableWindow, GetDlgItemTextA, LoadStringA, EndDialog, MessageBeep, CreateWindowExA, GetWindowTextLengthA, CallWindowProcA, GetWindowTextA, GetClassLongA, GetDlgCtrlID, GetForegroundWindow, wvsprintfA, SetScrollRange, RegisterClassA, LoadCursorA, LoadIconA, ReleaseDC, GetDC, InvalidateRect, DefWindowProcA, RegisterWindowMessageA, LoadBitmapA, CharLowerA, CharUpperA, GetSysColor, GetWindowWord, SetWindowWord, GetClassInfoA, UnregisterClassA, GetCursorPos, ScreenToClient, SetForegroundWindow, CreateDialogParamA, UpdateWindow, DialogBoxParamA, DestroyWindow, PeekMessageA, DispatchMessageA, TranslateMessage, IsWindowEnabled, CheckDlgButton, GetDlgItem, ShowWindow, SetDlgItemTextA, SendMessageA, IsDlgButtonChecked, PostMessageA, SetWindowLongA, SetCursor, wsprintfA, ExitWindowsEx, GetParent, GetWindowRect, GetSystemMetrics, SetWindowPos, SendDlgItemMessageA, GetActiveWindow, MessageBoxA, CopyRect, FillRect, SetRectEmpty, IsRectEmpty, SetRect, OffsetRect, InflateRect, BeginPaint, EndPaint, SetWindowTextA, GetClientRect, CheckRadioButton
> GDI32.dll: BitBlt, PatBlt, DeleteDC, IntersectClipRect, SelectObject, SetTextAlign, GetBkColor, SetBkColor, CreateCompatibleDC, GetObjectA, RealizePalette, SelectPalette, CreateFontA, DeleteObject, StretchBlt, GetTextExtentPointA, TextOutA, SetTextColor, SetBkMode, CreatePalette, CreateSolidBrush, GetDeviceCaps, GetTextFaceA, CreateDIBitmap, SaveDC, ExtTextOutA, RestoreDC
> ADVAPI32.dll: RegSetValueA, LookupPrivilegeValueA, OpenProcessToken, RegDeleteKeyA, RegQueryValueA, RegDeleteValueA, RegCreateKeyA, RegSetValueExA, AdjustTokenPrivileges, RegQueryValueExA, RegOpenKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey
> SHELL32.dll: SHGetSpecialFolderLocation, SHBrowseForFolderA, SHGetDesktopFolder, SHChangeNotify, SHGetMalloc, SHGetPathFromIDListA
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA, VerInstallFileA
> LZ32.dll: LZCopy, LZClose, LZOpenFileA
> COMCTL32.dll: PropertySheetA, ImageList_Add, -, ImageList_Create
( 2 exports )
_BkgndWndProc@@YGJPAUHWND__@@IIJ@Z, _MeterWndFn@16
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: InstallShield setup (42.6%)
Win32 Executable MS Visual C++ (generic) (37.3%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.5%)
Generic Win/DOS Executable (1.9%)
sigcheck:
publisher....:
copyright....: Copyright 2009
product......: Windows Application Installer Program
description..: Setupx32: Application Installer Program
original name: SETUPX32.EXE
internal name: SETUPX32.EXE
file version.: 8, 6, 2009, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
Ca c'est pour explorer.exe:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3931 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 2614272 bytes
MD5...: 2626fc9755be22f805d3cfa0ce3ee727
SHA1..: d76db4dcd710be9c3314cff94824933847565372
SHA256: c82149baca8d91b3ff1a189ca5dc814701e79bbb14798cd5766593b1206a1baa
ssdeep: 49152:bwPz1ubtHXPUvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xno4c
v:EPcbtcvYYYYYYYYYYYRYYYYYYYYYYE3h
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2a8cb
timedatestamp.....: 0x4aeba271 (Sat Oct 31 02:35:29 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaf135 0xaf200 6.39 8180f5d3d4d7f8265dc0f08e1bb154a8
.data 0xb1000 0x2fcc 0x2800 0.95 1408cc5d5952a7ece5e6486fb4c726d9
.rsrc 0xb4000 0x1c2e80 0x1c3000 5.52 b19a7eab21e8dad3fa5ade7705bb1828
.reloc 0x277000 0x9304 0x9400 6.75 b898429771fe2fa8fbedd7bd42575852
( 19 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus
> KERNEL32.dll: LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, QueueUserWorkItem, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, OpenProcess, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA
> GDI32.dll: GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend
> USER32.dll: PtInRect, GetWindowRect, GetWindow, SendMessageW, EnumChildWindows, GetWindowLongW, CharPrevW, CharNextW, GetSystemMetrics, CreateWindowExW, DialogBoxParamW, GetClassInfoW, GetClassInfoExW, GetMenuItemInfoW, GetMenuItemCount, GetClassNameW, GetKeyboardLayout, ActivateKeyboardLayout, IsChild, InsertMenuW, GetMenuStringW, SetMenuItemInfoW, InsertMenuItemW, IsWinEventHookInstalled, IsProcessDPIAware, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, MoveWindow, IsRectEmpty, UnionRect, ChildWindowFromPointEx, GetGUIThreadInfo, SetClassLongW, GetClassLongW, WindowFromDC, CharUpperW, UnregisterClassW, FrameRect, GetWindowDC, SendMessageCallbackW, UpdateLayeredWindow, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation, GetIconInfo, ShowWindowAsync, FlashWindowEx, EndTask, SetThreadDesktop, GetMenuState, SetScrollInfo, GetScrollInfo, SetScrollPos, BringWindowToTop, DeregisterShellHookWindow, IsZoomed, CloseDesktop, OpenInputDesktop, RegisterShellHookWindow, InternalGetWindowText, GetWindowInfo, GetLayeredWindowAttributes, SetLayeredWindowAttributes, GetCaretBlinkTime, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExW, GetUpdateRect, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DispatchMessageW, TranslateMessage, GetMessageW, DestroyMenu, GetMenuDefaultItem, CreatePopupMenu, PostMessageW, MsgWaitForMultipleObjectsEx, PeekMessageW, SetWindowLongW, ShutdownBlockReasonCreate, LoadStringW, DestroyWindow, PostQuitMessage, SetWindowPos, KillTimer, SetTimer, SetPropW, ShowWindow, MapWindowPoints, RegisterClassW, LoadCursorW, SetActiveWindow, UpdateLayeredWindowIndirect, GetLastInputInfo, SendDlgItemMessageW, EndDialog, GetDesktopWindow, GetShellWindow, DestroyIcon, GetMonitorInfoW, CopyRect, ModifyMenuW, CheckMenuItem, EnableMenuItem, GhostWindowFromHungWindow, DeleteMenu, ReleaseCapture, GetCursorPos, DefWindowProcW, TrackMouseEvent, GetDoubleClickTime, InvalidateRect, LockWorkStation, TileWindows, UpdateWindow, CascadeWindows, GetWindowTextW, TrackPopupMenu, ClientToScreen, WindowFromPoint, AppendMenuW, EndPaint, DrawEdge, FillRect, LockSetForegroundWindow, InflateRect, IsWindowVisible, GetForegroundWindow, GetParent, WaitMessage, RegisterWindowMessageW, TrackPopupMenuEx, GetClientRect, MonitorFromRect, EqualRect, SubtractRect, RedrawWindow, EnumDisplayMonitors, SetWindowTextW, IntersectRect, GetWindowPlacement, SendNotifyMessageW, RemovePropW, SetWindowCompositionAttribute, HungWindowFromGhostWindow, SetFocus, SendMessageTimeoutW, EnumWindows, UnregisterHotKey, RegisterHotKey, MonitorFromWindow, IsWindow, SetCursor, GetAsyncKeyState, SetForegroundWindow, ChildWindowFromPoint, SetCursorPos, GetMessagePos, IsIconic, LoadIconW, DeferWindowPos, OffsetRect, GetWindowThreadProcessId, ScreenToClient, GetAncestor, MonitorFromPoint, SetRectEmpty, ChangeWindowMessageFilterEx, LoadAcceleratorsW, TranslateAcceleratorW, GetKeyState, SetWindowRgn, GetWindowRgnBox, LoadImageW, GetFocus, GetActiveWindow, MessageBeep, BeginPaint, SwitchToThisWindow, GetLastActivePopup, EndDeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, IsHungAppWindow, RegisterClipboardFormatW, SetRect, GetSysColorBrush, GetPropW, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetMenuDefaultItem, GetCapture, DrawIconEx, GetMessageExtraInfo, SetGestureConfig, AdjustWindowRect, CalculatePopupWindowPosition, DrawTextW, SetCapture, CallWindowProcW, CheckDlgButton, IsDlgButtonChecked, IsWindowEnabled, GetDlgItemInt, SetDlgItemInt, GetDlgItem, EnableWindow, SetWinEventHook, MsgWaitForMultipleObjects, RegisterClassExW, CopyIcon, AdjustWindowRectEx, GetSysColor, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, GetSystemMenu
> msvcrt.dll: _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, memcpy, memmove, _CIsin, _ftol2, _CIcos, _wtoi, wcsncmp, _wcsnicmp, _wcsicmp, bsearch, __p__commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _ftol2_sse, malloc, _CIsqrt, ceil, realloc, wcschr, iswalpha, wcsstr, free, _vsnwprintf, memset
> ntdll.dll: WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo
> SHLWAPI.dll: SHStrDupA, StrCmpW, -, -, PathCommonPrefixW, PathRemoveExtensionW, -, PathIsFileSpecW, -, -, -, StrRetToStrW, -, AssocCreate, -, StrRetToBufW, AssocQueryStringW, -, PathQuoteSpacesW, -, -, SHDeleteKeyW, -, SHRegGetUSValueW, -, -, PathIsNetworkPathW, -, -, -, -, SHOpenRegStream2W, -, -, -, -, -, -, PathRemoveFileSpecW, -, -, -, -, SHRegGetBoolUSValueW, -, -, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, -, -, PathFindExtensionW, StrChrIW, -, -, PathAppendW, SHDeleteValueW, -, SHSetValueW, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, -, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, -, -, -, -, StrToIntW, -, StrChrW, -, -, -, -, -, -, SHStrDupW, PathStripToRootW, -, -, -, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, -, -, -, -, -, -, PathIsPrefixW, -, StrCmpIW, PathParseIconLocationW, PathIsRootW, -, -, -, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, -
> SHELL32.dll: -, -, -, SHGetPropertyStoreForWindow, -, -, SHGetStockIconInfo, -, -, -, -, -, -, -, -, -, Shell_GetCachedImageIndexW, -, -, -, SHGetLocalizedName, SHCreateDataObject, -, -, -, -, -, -, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, -, -, SHBindToFolderIDListParentEx, SHGetFileInfoW, -, SHCreateItemWithParent, -, -, -, -, -, SHGetFolderLocation, -, SHParseDisplayName, SHGetSpecialFolderPathW, -, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, -, -, -, -, -, -, -, -, -, -, -, SHGetNameFromIDList, SHCreateShellItem, -, -, -, -, -, -, -, -, -, -, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, -, SHGetIDListFromObject, -, SHChangeNotifyRegisterThread, -, -, -, -, SHUpdateRecycleBinIcon, -, -, SHCreateItemFromIDList, -, -, SHFileOperationW, SHGetFolderPathEx, -, -, -, -, -, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, -, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, -, DragQueryFileW, -, -, SHGetSpecialFolderLocation, SHBindToFolderIDListParent
> ole32.dll: OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries
> OLEAUT32.dll: -, -, -, -, -, -
> EXPLORERFRAME.dll: -, -
> UxTheme.dll: DrawThemeTextEx, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, BeginBufferedPaint, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, -, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent
> POWRPROF.dll: CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
> dwmapi.dll: -, -, DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, -, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, -, -
> slc.dll: SLGetWindowsInformationDWORD
> gdiplus.dll: GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage
> Secur32.dll: GetUserNameExW
> RPCRT4.dll: RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
> PROPSYS.dll: PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.1.7600.16450 (win7_gdr.091030-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Et enfin ST~7DDC.tmp:
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.13 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.13 -
Avast 4.8.1351.0 2010.02.13 -
AVG 9.0.0.730 2010.02.13 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3932 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5891 2010.02.13 -
McAfee+Artemis 5891 2010.02.13 -
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4864 2010.02.13 -
Norman 6.04.08 2010.02.13 -
nProtect 2009.1.8.0 2010.02.13 -
Panda 10.0.2.2 2010.02.13 -
PCTools 7.0.3.5 2010.02.14 -
Prevx 3.0 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5676 2010.02.13 -
Symantec 20091.2.0.41 2010.02.14 -
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.13 -
Information additionnelle
File size: 462848 bytes
MD5...: b6e1df8e85d5c76a322eaa5fce2a65c3
SHA1..: 496c896cc7dfbfe3f28c9a3184777ea3023db8fb
SHA256: fab8af1f8fe46cb8a5cda44e420723b7305a665cc8736bf07aad02171908f196
ssdeep: 6144:LruHI9NHttYp2yiY07xqbAkK/jqSd+ezkHim414hJgSbZGrGD0Oz/Hynt6c
XNlw7:Lruk9ttYPCSujqS0QrGhJbqV
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16a90
timedatestamp.....: 0x4abc5e05 (Fri Sep 25 06:07:01 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1bfa5 0x1c000 6.52 45412d17cfa6e502d465be7343d4d748
.rdata 0x1d000 0x1a42 0x2000 4.99 b101091927242619c03d05756bc93a9d
.data 0x1f000 0x4d8c 0x2000 4.04 966e1fe4e9671f6c1ed70b6987de791b
.rsrc 0x24000 0x4ff08 0x50000 6.20 26446f72c42e6cbe1eaddca0ce92c40f
( 6 imports )
> KERNEL32.dll: HeapReAlloc, GetOEMCP, GetACP, GetCPInfo, HeapAlloc, TerminateProcess, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, RtlUnwind, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, SetStdHandle, FlushFileBuffers, GetModuleHandleA, GetTickCount, GetCurrentProcess, GetLastError, GetVersionExA, MulDiv, lstrcpynA, lstrcmpiA, GetModuleFileNameA, GetFileAttributesA, GetWindowsDirectoryA, DeleteFileA, WritePrivateProfileStringA, FreeLibrary, LoadLibraryA, GetProcAddress, lstrcatA, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcpyA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, lstrlenA, HeapFree, CloseHandle
> USER32.dll: LoadCursorA, SetCursor, ReleaseCapture, SetCapture, GetDoubleClickTime, CreateDialogParamA, IntersectRect, GetSystemMetrics, FindWindowA, SetFocus, GetCursorPos, SendMessageA, InvalidateRect, UpdateWindow, GetClientRect, MapWindowPoints, ClientToScreen, PeekMessageA, SetDlgItemInt, ExitWindowsEx, MessageBoxA, CheckRadioButton, IsIconic, ShowCursor, EndDialog, PtInRect, DialogBoxParamA, GetDlgItemInt, MoveWindow, SetWindowTextA, GetWindowTextLengthA, GetDlgItemTextA, DestroyWindow, SetDlgItemTextA, GetWindowTextA, RedrawWindow, LoadImageA, SetWindowPos, CreateWindowExA, GetDC, DrawTextA, ReleaseDC, FillRect, InflateRect, EqualRect, SetRect, IsRectEmpty, OffsetRect, CopyRect, SetRectEmpty, wsprintfA, LoadStringA, SetWindowLongA, SendDlgItemMessageA, SystemParametersInfoA, BeginPaint, GetWindow, ShowWindow, GetDlgItem, GetWindowRect, ScreenToClient, EndPaint, KillTimer, SetTimer, CheckDlgButton, GetParent, EnableWindow, IsDlgButtonChecked, GetForegroundWindow, PostMessageA, GetKeyState
> GDI32.dll: SelectObject, DeleteObject, EndDoc, EndPage, RoundRect, GetDeviceCaps, StartPage, ExtTextOutA, IntersectClipRect, GetDCOrgEx, GetClipBox, SetPixel, GetPixel, SetROP2, SetTextColor, SetBkMode, GetTextExtentPoint32A, Rectangle, GetStockObject, CreateSolidBrush, ExcludeClipRect, CreateHatchBrush, SetBkColor, DeleteDC, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, GetObjectA, CreatePen, LineTo, MoveToEx, RestoreDC, StartDocA, CreateFontA, SaveDC
> comdlg32.dll: GetOpenFileNameA, PrintDlgA
> ADVAPI32.dll: RegEnumKeyExA, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegEnumKeyA, RegQueryInfoKeyA, RegQueryValueExA, RegCreateKeyExA, RegEnumValueA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyA
> COMCTL32.dll: PropertySheetA, CreatePropertySheetPageA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Pen Tablet
copyright....: Copyright (c) 2009
product......: Tablet Control Panel
description..: Control Panel for Tablet Settings
original name: TabCfg.exe
internal name: TabCfg.exe
file version.: 9, 23, 2009, 1
comments.....: Tablet Control Panel
signers......: -
signing date.: -
verified.....: Unsigned
Salut kei
Cela est bon, on va vérifier si rien de caché :
Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :
https://www.eset.com/int/home/online-scanner/
(coche toutes les cases à chaque fois)
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
@++ :)
Cela est bon, on va vérifier si rien de caché :
Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :
https://www.eset.com/int/home/online-scanner/
(coche toutes les cases à chaque fois)
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
@++ :)
