A voir également:
- Mon PC ne démarre plus qu'en mode sans échec
- Démarrer en mode sans echec - Guide
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
- Ps4 mode sans echec - Guide
- God mode - Guide
- Plus de son sur mon pc - Guide
308 réponses
Utilisateur anonyme
7 mars 2010 à 17:49
7 mars 2010 à 17:49
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
c:\windows\system32\winlogon.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
c:\windows\system32\winlogon.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 18:02
7 mars 2010 à 18:02
D'acc @ plus tard pour le rapport
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 18:08
7 mars 2010 à 18:08
Ca me dit que le fichier a déjà été analysé ?! Je connaissais même pas ce site
Il y a un rapport tu le veux ? Je peux éventuellement refaire une analyse, je la fais ?
Alors là suis perplexe !!
Fichier winlogon.exe reçu le 2010.03.07 16:36:20 (UTC)
Situation actuelle: terminé
Résultat: 1/41 (2.44%)
http://www.virustotal.com/fr/analisis/0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e-1267979780
Il y a un rapport tu le veux ? Je peux éventuellement refaire une analyse, je la fais ?
Alors là suis perplexe !!
Fichier winlogon.exe reçu le 2010.03.07 16:36:20 (UTC)
Situation actuelle: terminé
Résultat: 1/41 (2.44%)
http://www.virustotal.com/fr/analisis/0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e-1267979780
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 18:15
7 mars 2010 à 18:15
Bon j'ai fait réanalyser et voilà le rapport :
Fichier winlogon.exe reçu le 2010.03.07 17:05:12 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 Heuristic.BehavesLike.Win32.Trojan.I
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 314368 bytes
MD5...: 898e7c06a350d4a1a64a9ea264d55452
SHA1..: 6d63303f3912633c8a9a6e2b3cb74d60220cf7a2
SHA256: 0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e
ssdeep: 6144:U9vKw15Y4vr6jrMKku6IWl8y2+Dq2NLsWQRBKz8r:wvKwftEny/qysHL<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x25eae<br>timedatestamp.....: 0x49e01d05 (Sat Apr 11 04:31:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4155a 0x41600 6.42 9ded7634bd515df353737935af94ac3e<br>.data 0x43000 0x2c38 0x2200 3.06 803038ee2db5e117d4e7f57f9972dc1d<br>.rsrc 0x46000 0x4b28 0x4c00 3.72 28d5f787138056e26daf957525ea1f99<br>.reloc 0x4b000 0x438c 0x4400 6.51 5011a9e02efa98f4f2c4e091ce5a741f<br><br>( 10 imports ) <br>> ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle<br>> KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, WaitForSingleObject, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, GetTickCount64, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport<br>> USER32.dll: CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, SetThreadDesktop, SetForegroundWindow, SetWindowPos, GetDesktopWindow, CancelShutdown, GetWindowLongW, GetWindowRect, LoadStringW, SendMessageW, GetDlgItem, LoadImageW, EndDialog, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, FindWindowW, UpdatePerUserSystemParameters, SetWindowStationUser, UnlockWindowStation, LockWindowStation, GetSystemMetrics, GetAsyncKeyState, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, GetParent, EnumWindows, CloseDesktop<br>> msvcrt.dll: wcsncmp, iswalnum, iswalpha, _snwscanf_s, _wcsupr, strncmp, wcsnlen, ___U@YAPAXI@Z, ___V@YAXPAX@Z, swscanf, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, _wcslwr, wcscpy_s, wcscat_s, _wcsnicmp, swprintf_s, _ultow_s, wcstoul, printf, wcsstr, __isascii, isupper, _tolower<br>> ntdll.dll: RtlCopySid, RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlTimeToSecondsSince1980, RtlRemovePrivileges, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, RtlInitString, RtlDestroyEnvironment, RtlLengthSid, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, NtQuerySystemInformation, NtSystemDebugControl, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, DbgBreakPoint, NtCreateToken, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlpVerifyAndCommitUILanguageSettings, RtlDeleteCriticalSection, RtlFreeUnicodeString, RtlAdjustPrivilege<br>> Secur32.dll: LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW<br>> WINSTA.dll: WinStationGetUserCredentials, WinStationDisconnect, WinStationFreeUserCredentials, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession, _WinStationWaitForConnect<br>> RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerInqBindings<br>> PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW<br>> USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Windows Logon Application<br>original name: WINLOGON.EXE<br>internal name: winlogon<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 Heuristic.BehavesLike.Win32.Trojan.I
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 314368 bytes
MD5...: 898e7c06a350d4a1a64a9ea264d55452
SHA1..: 6d63303f3912633c8a9a6e2b3cb74d60220cf7a2
SHA256: 0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e
ssdeep: 6144:U9vKw15Y4vr6jrMKku6IWl8y2+Dq2NLsWQRBKz8r:wvKwftEny/qysHL<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x25eae<br>timedatestamp.....: 0x49e01d05 (Sat Apr 11 04:31:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4155a 0x41600 6.42 9ded7634bd515df353737935af94ac3e<br>.data 0x43000 0x2c38 0x2200 3.06 803038ee2db5e117d4e7f57f9972dc1d<br>.rsrc 0x46000 0x4b28 0x4c00 3.72 28d5f787138056e26daf957525ea1f99<br>.reloc 0x4b000 0x438c 0x4400 6.51 5011a9e02efa98f4f2c4e091ce5a741f<br><br>( 10 imports ) <br>> ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle<br>> KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, WaitForSingleObject, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, GetTickCount64, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport<br>> USER32.dll: CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, SetThreadDesktop, SetForegroundWindow, SetWindowPos, GetDesktopWindow, CancelShutdown, GetWindowLongW, GetWindowRect, LoadStringW, SendMessageW, GetDlgItem, LoadImageW, EndDialog, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, FindWindowW, UpdatePerUserSystemParameters, SetWindowStationUser, UnlockWindowStation, LockWindowStation, GetSystemMetrics, GetAsyncKeyState, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, GetParent, EnumWindows, CloseDesktop<br>> msvcrt.dll: wcsncmp, iswalnum, iswalpha, _snwscanf_s, _wcsupr, strncmp, wcsnlen, ___U@YAPAXI@Z, ___V@YAXPAX@Z, swscanf, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, _wcslwr, wcscpy_s, wcscat_s, _wcsnicmp, swprintf_s, _ultow_s, wcstoul, printf, wcsstr, __isascii, isupper, _tolower<br>> ntdll.dll: RtlCopySid, RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlTimeToSecondsSince1980, RtlRemovePrivileges, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, RtlInitString, RtlDestroyEnvironment, RtlLengthSid, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, NtQuerySystemInformation, NtSystemDebugControl, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, DbgBreakPoint, NtCreateToken, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlpVerifyAndCommitUILanguageSettings, RtlDeleteCriticalSection, RtlFreeUnicodeString, RtlAdjustPrivilege<br>> Secur32.dll: LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW<br>> WINSTA.dll: WinStationGetUserCredentials, WinStationDisconnect, WinStationFreeUserCredentials, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession, _WinStationWaitForConnect<br>> RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerInqBindings<br>> PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW<br>> USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Windows Logon Application<br>original name: WINLOGON.EXE<br>internal name: winlogon<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Fichier winlogon.exe reçu le 2010.03.07 17:05:12 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 Heuristic.BehavesLike.Win32.Trojan.I
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 314368 bytes
MD5...: 898e7c06a350d4a1a64a9ea264d55452
SHA1..: 6d63303f3912633c8a9a6e2b3cb74d60220cf7a2
SHA256: 0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e
ssdeep: 6144:U9vKw15Y4vr6jrMKku6IWl8y2+Dq2NLsWQRBKz8r:wvKwftEny/qysHL<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x25eae<br>timedatestamp.....: 0x49e01d05 (Sat Apr 11 04:31:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4155a 0x41600 6.42 9ded7634bd515df353737935af94ac3e<br>.data 0x43000 0x2c38 0x2200 3.06 803038ee2db5e117d4e7f57f9972dc1d<br>.rsrc 0x46000 0x4b28 0x4c00 3.72 28d5f787138056e26daf957525ea1f99<br>.reloc 0x4b000 0x438c 0x4400 6.51 5011a9e02efa98f4f2c4e091ce5a741f<br><br>( 10 imports ) <br>> ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle<br>> KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, WaitForSingleObject, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, GetTickCount64, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport<br>> USER32.dll: CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, SetThreadDesktop, SetForegroundWindow, SetWindowPos, GetDesktopWindow, CancelShutdown, GetWindowLongW, GetWindowRect, LoadStringW, SendMessageW, GetDlgItem, LoadImageW, EndDialog, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, FindWindowW, UpdatePerUserSystemParameters, SetWindowStationUser, UnlockWindowStation, LockWindowStation, GetSystemMetrics, GetAsyncKeyState, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, GetParent, EnumWindows, CloseDesktop<br>> msvcrt.dll: wcsncmp, iswalnum, iswalpha, _snwscanf_s, _wcsupr, strncmp, wcsnlen, ___U@YAPAXI@Z, ___V@YAXPAX@Z, swscanf, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, _wcslwr, wcscpy_s, wcscat_s, _wcsnicmp, swprintf_s, _ultow_s, wcstoul, printf, wcsstr, __isascii, isupper, _tolower<br>> ntdll.dll: RtlCopySid, RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlTimeToSecondsSince1980, RtlRemovePrivileges, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, RtlInitString, RtlDestroyEnvironment, RtlLengthSid, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, NtQuerySystemInformation, NtSystemDebugControl, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, DbgBreakPoint, NtCreateToken, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlpVerifyAndCommitUILanguageSettings, RtlDeleteCriticalSection, RtlFreeUnicodeString, RtlAdjustPrivilege<br>> Secur32.dll: LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW<br>> WINSTA.dll: WinStationGetUserCredentials, WinStationDisconnect, WinStationFreeUserCredentials, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession, _WinStationWaitForConnect<br>> RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerInqBindings<br>> PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW<br>> USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Windows Logon Application<br>original name: WINLOGON.EXE<br>internal name: winlogon<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 Heuristic.BehavesLike.Win32.Trojan.I
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 314368 bytes
MD5...: 898e7c06a350d4a1a64a9ea264d55452
SHA1..: 6d63303f3912633c8a9a6e2b3cb74d60220cf7a2
SHA256: 0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e
ssdeep: 6144:U9vKw15Y4vr6jrMKku6IWl8y2+Dq2NLsWQRBKz8r:wvKwftEny/qysHL<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x25eae<br>timedatestamp.....: 0x49e01d05 (Sat Apr 11 04:31:01 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x4155a 0x41600 6.42 9ded7634bd515df353737935af94ac3e<br>.data 0x43000 0x2c38 0x2200 3.06 803038ee2db5e117d4e7f57f9972dc1d<br>.rsrc 0x46000 0x4b28 0x4c00 3.72 28d5f787138056e26daf957525ea1f99<br>.reloc 0x4b000 0x438c 0x4400 6.51 5011a9e02efa98f4f2c4e091ce5a741f<br><br>( 10 imports ) <br>> ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle<br>> KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, WaitForSingleObject, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, GetTickCount64, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport<br>> USER32.dll: CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, SetThreadDesktop, SetForegroundWindow, SetWindowPos, GetDesktopWindow, CancelShutdown, GetWindowLongW, GetWindowRect, LoadStringW, SendMessageW, GetDlgItem, LoadImageW, EndDialog, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, FindWindowW, UpdatePerUserSystemParameters, SetWindowStationUser, UnlockWindowStation, LockWindowStation, GetSystemMetrics, GetAsyncKeyState, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, GetParent, EnumWindows, CloseDesktop<br>> msvcrt.dll: wcsncmp, iswalnum, iswalpha, _snwscanf_s, _wcsupr, strncmp, wcsnlen, ___U@YAPAXI@Z, ___V@YAXPAX@Z, swscanf, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, _wcslwr, wcscpy_s, wcscat_s, _wcsnicmp, swprintf_s, _ultow_s, wcstoul, printf, wcsstr, __isascii, isupper, _tolower<br>> ntdll.dll: RtlCopySid, RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlTimeToSecondsSince1980, RtlRemovePrivileges, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, RtlInitString, RtlDestroyEnvironment, RtlLengthSid, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, NtQuerySystemInformation, NtSystemDebugControl, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, DbgBreakPoint, NtCreateToken, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlpVerifyAndCommitUILanguageSettings, RtlDeleteCriticalSection, RtlFreeUnicodeString, RtlAdjustPrivilege<br>> Secur32.dll: LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW<br>> WINSTA.dll: WinStationGetUserCredentials, WinStationDisconnect, WinStationFreeUserCredentials, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession, _WinStationWaitForConnect<br>> RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerInqBindings<br>> PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW<br>> USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Windows Logon Application<br>original name: WINLOGON.EXE<br>internal name: winlogon<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 19:02
7 mars 2010 à 19:02
Je ne sais pas, c'est une application
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 20:24
7 mars 2010 à 20:24
Voilà le rapport :
Fichier winload.exe reçu le 2010.03.07 19:21:21 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 986600 bytes
MD5...: 074df633d8c15656560f0388aa7f6237
SHA1..: da4b68d8fad5171af10f2166b5063ac0a475da06
SHA256: 4ac91d4633328da0da24c5c944f74132a9d882e013917c49e197b64a3a4bdee3
ssdeep: 24576:1hGhG6sa6b+8wvLpk+60Lp4qRq22T52sCnXGxoqOw:qhNZpfppeYDXMaw<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49e018f6 (Sat Apr 11 04:13:42 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 11 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44740 0x44800 6.62 812c6d5893dda00da8bbbfa7f84c3d84<br>PAGER32C 0x46000 0x4f65 0x5000 6.54 f9b65f31fbe0e29e39e12e6a849e3350<br>PAGE 0x4b000 0x3442 0x3600 6.41 2b2f08c4f7274524b552abe7d7014788<br>INIT 0x4f000 0xdba 0xe00 6.02 1183d9a23482780e404ec6765c0c55d6<br>.rdata 0x50000 0x99fb 0x9a00 6.49 352031ada7d6cf5b0aa1a8ded8f6cfd5<br>.data 0x5a000 0xa6ec4 0x800 5.16 d867f157a1ce491dd542b09bfce6199f<br>PAGER32R 0x101000 0x380 0x400 7.22 4483de0d0a8eb7bb963c90a7e3b27899<br>INITDATA 0x102000 0x5 0x200 0.02 cb3a6e798a9568fc939d89878df9fe58<br>PAGEDATA 0x103000 0x68 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rsrc 0x104000 0x92964 0x92a00 7.91 1d44e64002a5a395c2b006aa0f18faaa<br>.reloc 0x197000 0x365a 0x3800 5.16 7fc5e42332805baeabe5d8b09c159c7f<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: OS Loader<br>original name: osloader.exe<br>internal name: osloader.exe<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 986600 bytes
MD5...: 074df633d8c15656560f0388aa7f6237
SHA1..: da4b68d8fad5171af10f2166b5063ac0a475da06
SHA256: 4ac91d4633328da0da24c5c944f74132a9d882e013917c49e197b64a3a4bdee3
ssdeep: 24576:1hGhG6sa6b+8wvLpk+60Lp4qRq22T52sCnXGxoqOw:qhNZpfppeYDXMaw<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49e018f6 (Sat Apr 11 04:13:42 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 11 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44740 0x44800 6.62 812c6d5893dda00da8bbbfa7f84c3d84<br>PAGER32C 0x46000 0x4f65 0x5000 6.54 f9b65f31fbe0e29e39e12e6a849e3350<br>PAGE 0x4b000 0x3442 0x3600 6.41 2b2f08c4f7274524b552abe7d7014788<br>INIT 0x4f000 0xdba 0xe00 6.02 1183d9a23482780e404ec6765c0c55d6<br>.rdata 0x50000 0x99fb 0x9a00 6.49 352031ada7d6cf5b0aa1a8ded8f6cfd5<br>.data 0x5a000 0xa6ec4 0x800 5.16 d867f157a1ce491dd542b09bfce6199f<br>PAGER32R 0x101000 0x380 0x400 7.22 4483de0d0a8eb7bb963c90a7e3b27899<br>INITDATA 0x102000 0x5 0x200 0.02 cb3a6e798a9568fc939d89878df9fe58<br>PAGEDATA 0x103000 0x68 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rsrc 0x104000 0x92964 0x92a00 7.91 1d44e64002a5a395c2b006aa0f18faaa<br>.reloc 0x197000 0x365a 0x3800 5.16 7fc5e42332805baeabe5d8b09c159c7f<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: OS Loader<br>original name: osloader.exe<br>internal name: osloader.exe<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Fichier winload.exe reçu le 2010.03.07 19:21:21 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 986600 bytes
MD5...: 074df633d8c15656560f0388aa7f6237
SHA1..: da4b68d8fad5171af10f2166b5063ac0a475da06
SHA256: 4ac91d4633328da0da24c5c944f74132a9d882e013917c49e197b64a3a4bdee3
ssdeep: 24576:1hGhG6sa6b+8wvLpk+60Lp4qRq22T52sCnXGxoqOw:qhNZpfppeYDXMaw<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49e018f6 (Sat Apr 11 04:13:42 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 11 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44740 0x44800 6.62 812c6d5893dda00da8bbbfa7f84c3d84<br>PAGER32C 0x46000 0x4f65 0x5000 6.54 f9b65f31fbe0e29e39e12e6a849e3350<br>PAGE 0x4b000 0x3442 0x3600 6.41 2b2f08c4f7274524b552abe7d7014788<br>INIT 0x4f000 0xdba 0xe00 6.02 1183d9a23482780e404ec6765c0c55d6<br>.rdata 0x50000 0x99fb 0x9a00 6.49 352031ada7d6cf5b0aa1a8ded8f6cfd5<br>.data 0x5a000 0xa6ec4 0x800 5.16 d867f157a1ce491dd542b09bfce6199f<br>PAGER32R 0x101000 0x380 0x400 7.22 4483de0d0a8eb7bb963c90a7e3b27899<br>INITDATA 0x102000 0x5 0x200 0.02 cb3a6e798a9568fc939d89878df9fe58<br>PAGEDATA 0x103000 0x68 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rsrc 0x104000 0x92964 0x92a00 7.91 1d44e64002a5a395c2b006aa0f18faaa<br>.reloc 0x197000 0x365a 0x3800 5.16 7fc5e42332805baeabe5d8b09c159c7f<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: OS Loader<br>original name: osloader.exe<br>internal name: osloader.exe<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 986600 bytes
MD5...: 074df633d8c15656560f0388aa7f6237
SHA1..: da4b68d8fad5171af10f2166b5063ac0a475da06
SHA256: 4ac91d4633328da0da24c5c944f74132a9d882e013917c49e197b64a3a4bdee3
ssdeep: 24576:1hGhG6sa6b+8wvLpk+60Lp4qRq22T52sCnXGxoqOw:qhNZpfppeYDXMaw<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49e018f6 (Sat Apr 11 04:13:42 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 11 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44740 0x44800 6.62 812c6d5893dda00da8bbbfa7f84c3d84<br>PAGER32C 0x46000 0x4f65 0x5000 6.54 f9b65f31fbe0e29e39e12e6a849e3350<br>PAGE 0x4b000 0x3442 0x3600 6.41 2b2f08c4f7274524b552abe7d7014788<br>INIT 0x4f000 0xdba 0xe00 6.02 1183d9a23482780e404ec6765c0c55d6<br>.rdata 0x50000 0x99fb 0x9a00 6.49 352031ada7d6cf5b0aa1a8ded8f6cfd5<br>.data 0x5a000 0xa6ec4 0x800 5.16 d867f157a1ce491dd542b09bfce6199f<br>PAGER32R 0x101000 0x380 0x400 7.22 4483de0d0a8eb7bb963c90a7e3b27899<br>INITDATA 0x102000 0x5 0x200 0.02 cb3a6e798a9568fc939d89878df9fe58<br>PAGEDATA 0x103000 0x68 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rsrc 0x104000 0x92964 0x92a00 7.91 1d44e64002a5a395c2b006aa0f18faaa<br>.reloc 0x197000 0x365a 0x3800 5.16 7fc5e42332805baeabe5d8b09c159c7f<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: OS Loader<br>original name: osloader.exe<br>internal name: osloader.exe<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 20:46
7 mars 2010 à 20:46
Nooooooooooooooon Gen !!
En tous les cas un grand merci à moment de grace et toi même pour votre aide et votre patience.
Je vais aller poser la question pour la procédure pour formater rhââââ
Merci
En tous les cas un grand merci à moment de grace et toi même pour votre aide et votre patience.
Je vais aller poser la question pour la procédure pour formater rhââââ
Merci
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
7 mars 2010 à 21:28
7 mars 2010 à 21:28
désolé ai ma...
mais ca reste un grand jour pour moi d'avoir vu ca
Ok ben c'est bon....là je cale......
(sourire)
amicalement
mais ca reste un grand jour pour moi d'avoir vu ca
Ok ben c'est bon....là je cale......
(sourire)
amicalement
Utilisateur anonyme
7 mars 2010 à 22:06
7 mars 2010 à 22:06
fais voir un rapport de ceci via cijoint ?
http://sd-1.archive-host.com/membres/up/829108531491024/Mes_Tools/Root_List.exe
http://sd-1.archive-host.com/membres/up/829108531491024/Mes_Tools/Root_List.exe
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 23:20
7 mars 2010 à 23:20
Est ce que ça prend du temps comme manip ? Parce que là ça fait bien 10 minutes que je l'ai ouvert il est toujours sur une ligne HKEY LOCAL MACHINE....
Le bloc notes s'est ouvert en même temps avec ça dedans :
Root_List by g3n-h@ckm@n 1.0.0.0
¤¤¤¤¤¤¤¤¤¤ Drivers :
¤¤¤¤¤¤¤¤¤¤ Services :
¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤
Le bloc notes s'est ouvert en même temps avec ça dedans :
Root_List by g3n-h@ckm@n 1.0.0.0
¤¤¤¤¤¤¤¤¤¤ Drivers :
¤¤¤¤¤¤¤¤¤¤ Services :
¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
7 mars 2010 à 23:23
7 mars 2010 à 23:23
Naaaaan moment de grace t'as pas à être désolé, je t'en prie, c'est déjà super d'avoir pris de votre temps pour essayer de me venir en aide.
Pis t'as vu il y revient HiHi
Bonne soirée
Pis t'as vu il y revient HiHi
Bonne soirée
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
7 mars 2010 à 23:30
7 mars 2010 à 23:30
il a été piqué au vif...on se demande bien pourquoi ?
(sourire)
je regarde...et j'admire
(sourire)
je regarde...et j'admire
Utilisateur anonyme
8 mars 2010 à 01:30
8 mars 2010 à 01:30
tu l'as executé avec le clic droit "executer en tant qu'......" ?
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
8 mars 2010 à 08:02
8 mars 2010 à 08:02
Oui Oui Gen et j'ai abandonné vers minuit et demi
Je recommencerais ce soir
Bonne journée
Je recommencerais ce soir
Bonne journée
Utilisateur anonyme
8 mars 2010 à 12:05
8 mars 2010 à 12:05
hello
desinstalle List_Kill'em en le relancant si ca n'est fait puis retelexharge-le et fais l'option 1 stp
desinstalle List_Kill'em en le relancant si ca n'est fait puis retelexharge-le et fais l'option 1 stp
Ai ma
Messages postés
169
Date d'inscription
samedi 27 février 2010
Statut
Membre
Dernière intervention
20 janvier 2011
4
8 mars 2010 à 21:07
8 mars 2010 à 21:07
Coucou,
Ben c'est parti !!
Ben c'est parti !!
