XP smart Security et autre virus.
Résolu
spsp111
-
sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention -
sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour, mon père à un ordinateur utilisant XP depuis très longtemps. C'est un outils de travail très précieux pour lui, et quand il l'a allumé sont ordinateur ce matin, il y avait Security Tool qui était installé. (Je tiens à dire qu'il n'a jamais rien installé de suspect sur son ordi, il y fait très attention). On a réussit à le désinstallé (je croit, avec MalwareBytes, mais ce qui est bizarre, c'est qu'on l'a supprimé en mode normal (pas en sans échec).
Et après, il y a eu le chaos sur son ordi, Avast Antivirus qui s'affolait en disant qu'il y avait un (non, des) virus sur son ordinateur, dans le système32. Mon père n'est pas du tout rassuré, et The cerise sur le gâteau, c'est que maintenant, dans son centre de sécurité Windows, il y a un "antivirus", je sais pas si on peut appeler ça comme ça, nommer "XP smart security". Mon père me dit que c'est normal si c'est dans son centre de sécurité, mais moi je trouve sa louche, parce que il ressemble pas mal à security tool, mais en moins chiant pour le déplacer. Il empêche quand même d'ouvrir des antivirus, et met la mer.e sur son ordinateur.
Que dois-je faire, merci d'avance.
Cordialement, SPSP111
Et après, il y a eu le chaos sur son ordi, Avast Antivirus qui s'affolait en disant qu'il y avait un (non, des) virus sur son ordinateur, dans le système32. Mon père n'est pas du tout rassuré, et The cerise sur le gâteau, c'est que maintenant, dans son centre de sécurité Windows, il y a un "antivirus", je sais pas si on peut appeler ça comme ça, nommer "XP smart security". Mon père me dit que c'est normal si c'est dans son centre de sécurité, mais moi je trouve sa louche, parce que il ressemble pas mal à security tool, mais en moins chiant pour le déplacer. Il empêche quand même d'ouvrir des antivirus, et met la mer.e sur son ordinateur.
Que dois-je faire, merci d'avance.
Cordialement, SPSP111
A voir également:
- XP smart Security et autre virus.
- Cle windows xp - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Nuki smart lock ultra - Accueil - Objets connectés
- Smart switch pc - Télécharger - Divers Bureautique
76 réponses
Voici le lien du rapport UsbFix fait par Cijoint !
http://www.cijoint.fr/cjlink.php?file=cj201003/cijbBrupHz.txt
Voilà !
http://www.cijoint.fr/cjlink.php?file=cj201003/cijbBrupHz.txt
Voilà !
Je n'avais pas vu que tu voulais le copier coller !
Le voilà (rapport USBFix)
------------------------------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.099 |
User : M. Provot (Administrateurs) # PAT
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:06:14 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.7.1098 [VPS 100317-0] 4.7.1098 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 69,23 Go (34,56 Go free) [System] # NTFS
F:\ -> Disque fixe local # 149,05 Go (38,95 Go free) [Data] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible # 3,73 Go (3,69 Go free) [LEXAR] # FAT32
N:\ -> Disque amovible # 1,86 Go (1,62 Go free) # FAT
################## | Elements infectieux |
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{0975c710-2af2-11dd-9a38-00173190265b}
Shell\AutoRun\command =M:\InstallTomTomHOME.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.099 ! |
-----------------------------------------------------------------------------------------------------------------------------
BONNE CHANCE (encore une fois)
Tu pourras me tenir au courant je reste sur le forum.
Merci beaucoup.
SPSP111
Le voilà (rapport USBFix)
------------------------------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.099 |
User : M. Provot (Administrateurs) # PAT
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:06:14 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.7.1098 [VPS 100317-0] 4.7.1098 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 69,23 Go (34,56 Go free) [System] # NTFS
F:\ -> Disque fixe local # 149,05 Go (38,95 Go free) [Data] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible # 3,73 Go (3,69 Go free) [LEXAR] # FAT32
N:\ -> Disque amovible # 1,86 Go (1,62 Go free) # FAT
################## | Elements infectieux |
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{0975c710-2af2-11dd-9a38-00173190265b}
Shell\AutoRun\command =M:\InstallTomTomHOME.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.099 ! |
-----------------------------------------------------------------------------------------------------------------------------
BONNE CHANCE (encore une fois)
Tu pourras me tenir au courant je reste sur le forum.
Merci beaucoup.
SPSP111
oki ....
mais je crois que le driver du CD ROM a été contaminé et supprimé ... il faudra que l'on répart cela ....
dis moi si tu insères un CD dans le lecteur , est-il reconnu par le PC sur le poste de travail ?
puis fait ceci maintenant :
1- ! Déconnecte toi d'internet et ferme toutes applications en cours !
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil .
# Cette fois ci , tu choisis l' option 2 ( Suppression ) .
> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .
# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .
( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr pour ouvrir le Gestionnaire des Tâches > Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\
=========================
2- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...
mais je crois que le driver du CD ROM a été contaminé et supprimé ... il faudra que l'on répart cela ....
dis moi si tu insères un CD dans le lecteur , est-il reconnu par le PC sur le poste de travail ?
puis fait ceci maintenant :
1- ! Déconnecte toi d'internet et ferme toutes applications en cours !
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil .
# Cette fois ci , tu choisis l' option 2 ( Suppression ) .
> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .
# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .
( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr pour ouvrir le Gestionnaire des Tâches > Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\
=========================
2- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...
Voilà le rapport... par contre l'ordi rame à mort c'est normal ?
---------------------------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.099 |
User : M. Provot (Administrateurs) # PAT
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:23:29 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.7.1098 [VPS 100317-0] 4.7.1098 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 69,23 Go (34,6 Go free) [System] # NTFS
F:\ -> Disque fixe local # 149,05 Go (38,95 Go free) [Data] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible # 3,73 Go (3,69 Go free) [LEXAR] # FAT32
N:\ -> Disque amovible # 1,86 Go (1,62 Go free) # FAT
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-2000478354-484763869-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-2000478354-484763869-725345543-1003
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{0975c710-2af2-11dd-9a38-00173190265b}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[13/10/2006 15:17|--a------|0] C:\AUTOEXEC.BAT
[04/03/2009 22:28|--a------|224] C:\Boot.bak
[08/03/2010 07:17|-rahs----|294] C:\boot.ini
[05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] C:\cmldr
[20/10/2007 12:54|--a------|74] C:\CMLoader.log
[04/03/2009 16:40|--a------|16835] C:\ComboFix.txt
[13/10/2006 15:17|--a------|0] C:\CONFIG.SYS
[20/10/2007 12:39|--a------|0] C:\conmgr.log
[20/10/2008 07:05|--a------|270] C:\GLM_AEX.STK
[02/05/2007 11:03|-ra------|267864] C:\hpzids01.dll
[13/10/2006 15:17|-rahs----|0] C:\IO.SYS
[13/10/2006 15:17|-rahs----|0] C:\MSDOS.SYS
[18/12/2007 17:06|--a------|283425] C:\MSNFix.zip
[05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[23/12/2009 07:20|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/10/2008 18:53|--a------|586] C:\prefs.js
[04/03/2009 22:18|--a------|522] C:\RHDSetup.log
[14/02/2009 11:02|--a------|90] C:\Setup.log
[17/03/2010 14:11|--a------|2266] C:\TB.txt
[17/03/2010 17:26|--a------|2558] C:\UsbFix.txt
[17/03/2010 12:20|--a------|7982] C:\ZHPExportRegistry-17-03-2010-12-20-45.txt
[22/02/2008 20:16|--a------|6012] C:\_Sid.txt
[06/02/2004 16:19|-ra------|16384] F:\hpqimgrc.resources.dll
[03/11/2007 11:59|--a------|4186275840] F:\itw-cge.iso
[07/09/2009 01:29|--a------|2051584] F:\Valmob 2009 009.xls
[03/12/2009 11:06|--a------|3303] M:\NE PAS TOUCHER CONNECTION DSI.txt
[16/01/2010 21:17|--a------|137865] M:\Mouvements 68875.xlsx
[10/03/2010 07:31|--a------|27830] M:\How I Met Your Mother - 5x17 - Say Cheese.HDTV.FQM.fr.srt
[25/01/2010 23:35|--a------|31744] M:\Excel Le plein.xls
[17/11/2009 01:45|--a------|9161776] M:\DTLite4355-0068.exe
[14/03/2010 21:49|--a------|13635] M:\Hello.docx
[05/11/2001 06:22|--a------|23930] M:\Gerreur.exe
[17/03/2010 11:40|--a------|95934] N:\ZHPDiag.Txt
[17/03/2010 12:16|--a------|343020] N:\ToolBarSD.exe
[17/03/2010 12:28|--a------|3609] N:\Coller.txt
[17/03/2010 12:17|--a------|2477] N:\Explication.txt
[04/01/2010 09:15|--a------|22528] N:\GL procédure.doc
[06/04/2009 14:00|--ahs----|229376] N:\ehthumbs_vista.db
[07/10/2009 18:22|--ah-----|165] N:\~$Présentation.pptx
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PAT.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
-----------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.099 |
User : M. Provot (Administrateurs) # PAT
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:23:29 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.7.1098 [VPS 100317-0] 4.7.1098 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 69,23 Go (34,6 Go free) [System] # NTFS
F:\ -> Disque fixe local # 149,05 Go (38,95 Go free) [Data] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
M:\ -> Disque amovible # 3,73 Go (3,69 Go free) [LEXAR] # FAT32
N:\ -> Disque amovible # 1,86 Go (1,62 Go free) # FAT
################## | Elements infectieux |
Supprimé ! C:\Recycler\S-1-5-21-2000478354-484763869-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-2000478354-484763869-725345543-1003
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{0975c710-2af2-11dd-9a38-00173190265b}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[13/10/2006 15:17|--a------|0] C:\AUTOEXEC.BAT
[04/03/2009 22:28|--a------|224] C:\Boot.bak
[08/03/2010 07:17|-rahs----|294] C:\boot.ini
[05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] C:\cmldr
[20/10/2007 12:54|--a------|74] C:\CMLoader.log
[04/03/2009 16:40|--a------|16835] C:\ComboFix.txt
[13/10/2006 15:17|--a------|0] C:\CONFIG.SYS
[20/10/2007 12:39|--a------|0] C:\conmgr.log
[20/10/2008 07:05|--a------|270] C:\GLM_AEX.STK
[02/05/2007 11:03|-ra------|267864] C:\hpzids01.dll
[13/10/2006 15:17|-rahs----|0] C:\IO.SYS
[13/10/2006 15:17|-rahs----|0] C:\MSDOS.SYS
[18/12/2007 17:06|--a------|283425] C:\MSNFix.zip
[05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[23/12/2009 07:20|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[27/10/2008 18:53|--a------|586] C:\prefs.js
[04/03/2009 22:18|--a------|522] C:\RHDSetup.log
[14/02/2009 11:02|--a------|90] C:\Setup.log
[17/03/2010 14:11|--a------|2266] C:\TB.txt
[17/03/2010 17:26|--a------|2558] C:\UsbFix.txt
[17/03/2010 12:20|--a------|7982] C:\ZHPExportRegistry-17-03-2010-12-20-45.txt
[22/02/2008 20:16|--a------|6012] C:\_Sid.txt
[06/02/2004 16:19|-ra------|16384] F:\hpqimgrc.resources.dll
[03/11/2007 11:59|--a------|4186275840] F:\itw-cge.iso
[07/09/2009 01:29|--a------|2051584] F:\Valmob 2009 009.xls
[03/12/2009 11:06|--a------|3303] M:\NE PAS TOUCHER CONNECTION DSI.txt
[16/01/2010 21:17|--a------|137865] M:\Mouvements 68875.xlsx
[10/03/2010 07:31|--a------|27830] M:\How I Met Your Mother - 5x17 - Say Cheese.HDTV.FQM.fr.srt
[25/01/2010 23:35|--a------|31744] M:\Excel Le plein.xls
[17/11/2009 01:45|--a------|9161776] M:\DTLite4355-0068.exe
[14/03/2010 21:49|--a------|13635] M:\Hello.docx
[05/11/2001 06:22|--a------|23930] M:\Gerreur.exe
[17/03/2010 11:40|--a------|95934] N:\ZHPDiag.Txt
[17/03/2010 12:16|--a------|343020] N:\ToolBarSD.exe
[17/03/2010 12:28|--a------|3609] N:\Coller.txt
[17/03/2010 12:17|--a------|2477] N:\Explication.txt
[04/01/2010 09:15|--a------|22528] N:\GL procédure.doc
[06/04/2009 14:00|--ahs----|229376] N:\ehthumbs_vista.db
[07/10/2009 18:22|--ah-----|165] N:\~$Présentation.pptx
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PAT.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
-----------------------------------------------------------------------------------------------------------------------------
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désolé pour le retard problème avec ci-joint fallait que je change le nom du fichier.
Voici le lien : http://www.cijoint.fr/cjlink.php?file=cj201003/cijm3Vk94i.txt
Salut !!
Voici le lien : http://www.cijoint.fr/cjlink.php?file=cj201003/cijm3Vk94i.txt
Salut !!
bien ....
on avance .... la suite dans l'ordre :
1- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
C:\WINDOWS\system32\MtxDrvService.exe
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
petit tuto > https://www.commentcamarche.net/faq/8633-legitimite-d-un-fichier-ou-processus-douteux#les-bonnes-adresses
Fais de même pour :
C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys
C:\Program Files\NetBak\NetBak.exe
C:\WINDOWS\System32\cometuninstall.exe
C:\WINDOWS\System32\Nasuninst.exe
Poste moi donc ces 5 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et fais la suite ...
==============================
3- Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
• Ferme tes applications en cours ( ainsi que ton navigateur ) .
• DESACTIVE TOUTES TES DEFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe .
En effet, activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !
->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
• Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
• Note : pour XP, il est IMPERATIF d'installer la Console de Récupération de Windows si l'outil le demande ( voir tuto ci-dessus ).
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
Ensuite :
> Double-clique sur l'icône "Combofix.exe" pour lancer l'outil .
> A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...
-- Pour XP, l' installation de la Console de Récupération sera demandé :
* Laisse toi guider et fais l'installe de la "console de récupération" ( en anglais, "Windows Recovery Console" ) lorsque l'outil te le demandera ( important ! ).
image > http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
*Reconnecte toi avant de cliquer sur "yes", et uniquement le temps de cette manipulation.
*Une fois la console installée,
image > http://img.photobucket.com/albums/v706/ried7/whatnext.png
re-déconnecte toi avant de cliquer sur "yes" pour lancer le scan --
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix pour analyse et attends la suite ...
on avance .... la suite dans l'ordre :
1- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
C:\WINDOWS\system32\MtxDrvService.exe
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
petit tuto > https://www.commentcamarche.net/faq/8633-legitimite-d-un-fichier-ou-processus-douteux#les-bonnes-adresses
Fais de même pour :
C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys
C:\Program Files\NetBak\NetBak.exe
C:\WINDOWS\System32\cometuninstall.exe
C:\WINDOWS\System32\Nasuninst.exe
Poste moi donc ces 5 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et fais la suite ...
==============================
3- Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
• Ferme tes applications en cours ( ainsi que ton navigateur ) .
• DESACTIVE TOUTES TES DEFENSES (anti-virus, garde anti spy-ware, pare-feu) le temps de la manipe .
En effet, activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !
->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
• Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
• Note : pour XP, il est IMPERATIF d'installer la Console de Récupération de Windows si l'outil le demande ( voir tuto ci-dessus ).
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
Ensuite :
> Double-clique sur l'icône "Combofix.exe" pour lancer l'outil .
> A la fenêtre "DISCLAIMER..." , clique sur "oui" et laisse travailler ...
-- Pour XP, l' installation de la Console de Récupération sera demandé :
* Laisse toi guider et fais l'installe de la "console de récupération" ( en anglais, "Windows Recovery Console" ) lorsque l'outil te le demandera ( important ! ).
image > http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
*Reconnecte toi avant de cliquer sur "yes", et uniquement le temps de cette manipulation.
*Une fois la console installée,
image > http://img.photobucket.com/albums/v706/ried7/whatnext.png
re-déconnecte toi avant de cliquer sur "yes" pour lancer le scan --
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix pour analyse et attends la suite ...
MtxDrvService.exe rapport
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4296 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5938 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: db05e9875457ed8ffcb7dbb4a994a20e
SHA1..: dad4d9e571b82074e3c40263ef553b11c98b9510
SHA256: b985d76f0ec75afb50d59ee689663e86b1e9db62c60eb71e569bf440bc123c11
ssdeep: 3072:dKBjUyY/BkIuRfJ0z67/CFRlzdnuDx0kxX9Ivgcx2pXIGu:dKBjDZR+NTlJ
nuN0E6vJ2pX7u
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9646
timedatestamp.....: 0x43398c99 (Tue Sep 27 18:16:57 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a5fa 0x1b000 6.53 0c1109940cfaf2fa3c9a2f5ca5d65021
.rdata 0x1c000 0x68c6 0x7000 4.90 a026de873a97c4868caf996f514e4695
.data 0x23000 0x4f74 0x2000 3.28 8d00859caa4f9a83bf957bbef16d43da
.rsrc 0x28000 0x360 0x1000 0.92 0eb28463a9affebc82cd17ed788ff8de
( 9 imports )
> KERNEL32.dll: SetFilePointer, GetCurrentProcess, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, RaiseException, HeapReAlloc, TerminateProcess, HeapSize, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, VirtualProtect, GetSystemInfo, VirtualQuery, SetStdHandle, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GlobalFlags, GlobalAddAtomA, WritePrivateProfileStringA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, SetErrorMode, lstrcatA, GetCurrentThread, GetCurrentThreadId, GlobalDeleteAtom, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, lstrcmpA, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, lstrlenA, lstrcmpiA, GetVersion, MultiByteToWideChar, GetCommandLineA, GetModuleHandleA, GetModuleFileNameA, RegisterWaitForSingleObject, Sleep, DisconnectNamedPipe, ConnectNamedPipe, GetNamedPipeInfo, ReadFile, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, WriteFile, GetLastError, GetOverlappedResult, FlushFileBuffers, CreateNamedPipeA, LocalFree, CreateThread, WaitForMultipleObjects, CreateEventA, WaitForSingleObject, SetEvent, CloseHandle, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LoadLibraryA, GetProcAddress, FreeLibrary, GetCurrentProcessId, WideCharToMultiByte
> USER32.dll: SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, SetWindowTextA, GetClassNameA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetTopWindow, SetWindowsHookExA, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, SetRectEmpty, CopyRect, GetDlgItem, UnhookWindowsHookEx, LoadCursorA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, PostMessageA, PostQuitMessage, wsprintfA, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetSystemMetrics, EnumDisplayDevicesA, MapWindowPoints, LoadIconA, GetMessagePos, GetMessageTime, CallNextHookEx, DestroyWindow, DestroyMenu, ShowWindow, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, SetCursor
> GDI32.dll: PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetStockObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, DeleteObject, GetDeviceCaps, DeleteDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, OpenSCManagerA, RegCloseKey, DeleteService, CreateServiceA, OpenServiceA, CloseServiceHandle, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegDeleteValueA, RegSetValueExA, RegOpenKeyA, RegQueryValueExA
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEAUT32.dll: -, -, -
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2004, Matrox Graphics Inc.
product......: MtxDrvService Application
description..: MtxDrvService Application
original name: MtxDrvService.exe
internal name: MtxDrvService
file version.: 2.01.00.081
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4296 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5938 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: db05e9875457ed8ffcb7dbb4a994a20e
SHA1..: dad4d9e571b82074e3c40263ef553b11c98b9510
SHA256: b985d76f0ec75afb50d59ee689663e86b1e9db62c60eb71e569bf440bc123c11
ssdeep: 3072:dKBjUyY/BkIuRfJ0z67/CFRlzdnuDx0kxX9Ivgcx2pXIGu:dKBjDZR+NTlJ
nuN0E6vJ2pX7u
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9646
timedatestamp.....: 0x43398c99 (Tue Sep 27 18:16:57 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a5fa 0x1b000 6.53 0c1109940cfaf2fa3c9a2f5ca5d65021
.rdata 0x1c000 0x68c6 0x7000 4.90 a026de873a97c4868caf996f514e4695
.data 0x23000 0x4f74 0x2000 3.28 8d00859caa4f9a83bf957bbef16d43da
.rsrc 0x28000 0x360 0x1000 0.92 0eb28463a9affebc82cd17ed788ff8de
( 9 imports )
> KERNEL32.dll: SetFilePointer, GetCurrentProcess, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, RaiseException, HeapReAlloc, TerminateProcess, HeapSize, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, VirtualProtect, GetSystemInfo, VirtualQuery, SetStdHandle, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GlobalFlags, GlobalAddAtomA, WritePrivateProfileStringA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, SetErrorMode, lstrcatA, GetCurrentThread, GetCurrentThreadId, GlobalDeleteAtom, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, lstrcmpA, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, lstrlenA, lstrcmpiA, GetVersion, MultiByteToWideChar, GetCommandLineA, GetModuleHandleA, GetModuleFileNameA, RegisterWaitForSingleObject, Sleep, DisconnectNamedPipe, ConnectNamedPipe, GetNamedPipeInfo, ReadFile, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, WriteFile, GetLastError, GetOverlappedResult, FlushFileBuffers, CreateNamedPipeA, LocalFree, CreateThread, WaitForMultipleObjects, CreateEventA, WaitForSingleObject, SetEvent, CloseHandle, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LoadLibraryA, GetProcAddress, FreeLibrary, GetCurrentProcessId, WideCharToMultiByte
> USER32.dll: SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, SetWindowTextA, GetClassNameA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetTopWindow, SetWindowsHookExA, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, SetRectEmpty, CopyRect, GetDlgItem, UnhookWindowsHookEx, LoadCursorA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, PostMessageA, PostQuitMessage, wsprintfA, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetSystemMetrics, EnumDisplayDevicesA, MapWindowPoints, LoadIconA, GetMessagePos, GetMessageTime, CallNextHookEx, DestroyWindow, DestroyMenu, ShowWindow, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, SetCursor
> GDI32.dll: PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetStockObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, DeleteObject, GetDeviceCaps, DeleteDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, OpenSCManagerA, RegCloseKey, DeleteService, CreateServiceA, OpenServiceA, CloseServiceHandle, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegDeleteValueA, RegSetValueExA, RegOpenKeyA, RegQueryValueExA
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEAUT32.dll: -, -, -
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2004, Matrox Graphics Inc.
product......: MtxDrvService Application
description..: MtxDrvService Application
original name: MtxDrvService.exe
internal name: MtxDrvService
file version.: 2.01.00.081
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------------------------------------------------------------------
Voilà le rapport de MtxDrvService.exe (il sera peut être en double mais sa a pas marché la première fois)
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4296 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5938 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: db05e9875457ed8ffcb7dbb4a994a20e
SHA1..: dad4d9e571b82074e3c40263ef553b11c98b9510
SHA256: b985d76f0ec75afb50d59ee689663e86b1e9db62c60eb71e569bf440bc123c11
ssdeep: 3072:dKBjUyY/BkIuRfJ0z67/CFRlzdnuDx0kxX9Ivgcx2pXIGu:dKBjDZR+NTlJ
nuN0E6vJ2pX7u
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9646
timedatestamp.....: 0x43398c99 (Tue Sep 27 18:16:57 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a5fa 0x1b000 6.53 0c1109940cfaf2fa3c9a2f5ca5d65021
.rdata 0x1c000 0x68c6 0x7000 4.90 a026de873a97c4868caf996f514e4695
.data 0x23000 0x4f74 0x2000 3.28 8d00859caa4f9a83bf957bbef16d43da
.rsrc 0x28000 0x360 0x1000 0.92 0eb28463a9affebc82cd17ed788ff8de
( 9 imports )
> KERNEL32.dll: SetFilePointer, GetCurrentProcess, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, RaiseException, HeapReAlloc, TerminateProcess, HeapSize, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, VirtualProtect, GetSystemInfo, VirtualQuery, SetStdHandle, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GlobalFlags, GlobalAddAtomA, WritePrivateProfileStringA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, SetErrorMode, lstrcatA, GetCurrentThread, GetCurrentThreadId, GlobalDeleteAtom, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, lstrcmpA, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, lstrlenA, lstrcmpiA, GetVersion, MultiByteToWideChar, GetCommandLineA, GetModuleHandleA, GetModuleFileNameA, RegisterWaitForSingleObject, Sleep, DisconnectNamedPipe, ConnectNamedPipe, GetNamedPipeInfo, ReadFile, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, WriteFile, GetLastError, GetOverlappedResult, FlushFileBuffers, CreateNamedPipeA, LocalFree, CreateThread, WaitForMultipleObjects, CreateEventA, WaitForSingleObject, SetEvent, CloseHandle, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LoadLibraryA, GetProcAddress, FreeLibrary, GetCurrentProcessId, WideCharToMultiByte
> USER32.dll: SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, SetWindowTextA, GetClassNameA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetTopWindow, SetWindowsHookExA, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, SetRectEmpty, CopyRect, GetDlgItem, UnhookWindowsHookEx, LoadCursorA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, PostMessageA, PostQuitMessage, wsprintfA, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetSystemMetrics, EnumDisplayDevicesA, MapWindowPoints, LoadIconA, GetMessagePos, GetMessageTime, CallNextHookEx, DestroyWindow, DestroyMenu, ShowWindow, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, SetCursor
> GDI32.dll: PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetStockObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, DeleteObject, GetDeviceCaps, DeleteDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, OpenSCManagerA, RegCloseKey, DeleteService, CreateServiceA, OpenServiceA, CloseServiceHandle, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegDeleteValueA, RegSetValueExA, RegOpenKeyA, RegQueryValueExA
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEAUT32.dll: -, -, -
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2004, Matrox Graphics Inc.
product......: MtxDrvService Application
description..: MtxDrvService Application
original name: MtxDrvService.exe
internal name: MtxDrvService
file version.: 2.01.00.081
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4296 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5938 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: db05e9875457ed8ffcb7dbb4a994a20e
SHA1..: dad4d9e571b82074e3c40263ef553b11c98b9510
SHA256: b985d76f0ec75afb50d59ee689663e86b1e9db62c60eb71e569bf440bc123c11
ssdeep: 3072:dKBjUyY/BkIuRfJ0z67/CFRlzdnuDx0kxX9Ivgcx2pXIGu:dKBjDZR+NTlJ
nuN0E6vJ2pX7u
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9646
timedatestamp.....: 0x43398c99 (Tue Sep 27 18:16:57 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a5fa 0x1b000 6.53 0c1109940cfaf2fa3c9a2f5ca5d65021
.rdata 0x1c000 0x68c6 0x7000 4.90 a026de873a97c4868caf996f514e4695
.data 0x23000 0x4f74 0x2000 3.28 8d00859caa4f9a83bf957bbef16d43da
.rsrc 0x28000 0x360 0x1000 0.92 0eb28463a9affebc82cd17ed788ff8de
( 9 imports )
> KERNEL32.dll: SetFilePointer, GetCurrentProcess, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, HeapAlloc, HeapFree, RaiseException, HeapReAlloc, TerminateProcess, HeapSize, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, VirtualProtect, GetSystemInfo, VirtualQuery, SetStdHandle, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GlobalFlags, GlobalAddAtomA, WritePrivateProfileStringA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, InterlockedDecrement, SetErrorMode, lstrcatA, GetCurrentThread, GetCurrentThreadId, GlobalDeleteAtom, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, lstrcmpA, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, lstrlenA, lstrcmpiA, GetVersion, MultiByteToWideChar, GetCommandLineA, GetModuleHandleA, GetModuleFileNameA, RegisterWaitForSingleObject, Sleep, DisconnectNamedPipe, ConnectNamedPipe, GetNamedPipeInfo, ReadFile, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, WriteFile, GetLastError, GetOverlappedResult, FlushFileBuffers, CreateNamedPipeA, LocalFree, CreateThread, WaitForMultipleObjects, CreateEventA, WaitForSingleObject, SetEvent, CloseHandle, FindResourceA, LoadResource, LockResource, SizeofResource, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LoadLibraryA, GetProcAddress, FreeLibrary, GetCurrentProcessId, WideCharToMultiByte
> USER32.dll: SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, GetClassInfoA, RegisterClassA, UnregisterClassA, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, SetWindowTextA, GetClassNameA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetTopWindow, SetWindowsHookExA, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, SetRectEmpty, CopyRect, GetDlgItem, UnhookWindowsHookEx, LoadCursorA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, PostMessageA, PostQuitMessage, wsprintfA, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetSystemMetrics, EnumDisplayDevicesA, MapWindowPoints, LoadIconA, GetMessagePos, GetMessageTime, CallNextHookEx, DestroyWindow, DestroyMenu, ShowWindow, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, SetCursor
> GDI32.dll: PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetStockObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, DeleteObject, GetDeviceCaps, DeleteDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegOpenKeyExA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, OpenSCManagerA, RegCloseKey, DeleteService, CreateServiceA, OpenServiceA, CloseServiceHandle, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegDeleteValueA, RegSetValueExA, RegOpenKeyA, RegQueryValueExA
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEAUT32.dll: -, -, -
> OLEACC.dll: LresultFromObject, CreateStdAccessibleObject
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2004, Matrox Graphics Inc.
product......: MtxDrvService Application
description..: MtxDrvService Application
original name: MtxDrvService.exe
internal name: MtxDrvService
file version.: 2.01.00.081
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
------------------------------------------------------------------------------------------------------------------------------
2ème rapport Mtxparmx.sys
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4297 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5939 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 5504 bytes
MD5...: a866e2884629b260c2d8659064ff9ea7
SHA1..: 07967c84b7832573fe03e8df64a1994b43a776f7
SHA256: 27e9569c1c2208f0b3b65128b34637aba6ca8458d8722272ec99f2493fc1b545
ssdeep: 96:/KXl364D+SsQPGEmEvIN+Xxpxo29Jkm1ePDVYsJgs:Kl3UQuE1zHyqs
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xada
timedatestamp.....: 0x484f0dca (Tue Jun 10 23:27:06 2008)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x822 0x880 6.02 9a870362bb25474ea9ab71de20484172
.rdata 0xb80 0x1ed 0x200 4.40 d2fc53299efd860c0fe039827b07ead4
.data 0xd80 0x8 0x80 0.00 f09f35a5637839458e462e6350ecbce4
INIT 0xe00 0x26c 0x280 4.96 80786466c58d1ec728dcac55f3fe377f
.rsrc 0x1080 0x3d8 0x400 3.19 bd8fd1eedc58d20c8cccc8bd2411f2ac
.reloc 0x1480 0x100 0x100 4.92 40bbf3c4fa9083ae2d07bfc2af1177c9
( 1 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, ExFreePoolWithTag, _purecall, wcsncat, wcslen, wcsncpy, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, IoDeleteSymbolicLink, IofCompleteRequest, KeSetEvent, IoDetachDevice, RtlCompareUnicodeString, IoAttachDevice, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlIntegerToUnicodeString, IoFreeIrp, KeWaitForSingleObject, IofCallDriver, KeInitializeEvent, IoAllocateIrp
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Matrox Graphics Inc.
copyright....: Copyright (c) Matrox Graphics Inc. 1995-2008
product......: Matrox Miniport Extension Kernel Driver
description..: mtxparmx
original name: mtxparmx.sys
internal name: mtxparmx.sys
file version.: 2.06.00.002
comments.....: 2.06.00.002
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4297 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5939 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 5504 bytes
MD5...: a866e2884629b260c2d8659064ff9ea7
SHA1..: 07967c84b7832573fe03e8df64a1994b43a776f7
SHA256: 27e9569c1c2208f0b3b65128b34637aba6ca8458d8722272ec99f2493fc1b545
ssdeep: 96:/KXl364D+SsQPGEmEvIN+Xxpxo29Jkm1ePDVYsJgs:Kl3UQuE1zHyqs
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xada
timedatestamp.....: 0x484f0dca (Tue Jun 10 23:27:06 2008)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x822 0x880 6.02 9a870362bb25474ea9ab71de20484172
.rdata 0xb80 0x1ed 0x200 4.40 d2fc53299efd860c0fe039827b07ead4
.data 0xd80 0x8 0x80 0.00 f09f35a5637839458e462e6350ecbce4
INIT 0xe00 0x26c 0x280 4.96 80786466c58d1ec728dcac55f3fe377f
.rsrc 0x1080 0x3d8 0x400 3.19 bd8fd1eedc58d20c8cccc8bd2411f2ac
.reloc 0x1480 0x100 0x100 4.92 40bbf3c4fa9083ae2d07bfc2af1177c9
( 1 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, ExFreePoolWithTag, _purecall, wcsncat, wcslen, wcsncpy, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, IoDeleteSymbolicLink, IofCompleteRequest, KeSetEvent, IoDetachDevice, RtlCompareUnicodeString, IoAttachDevice, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlIntegerToUnicodeString, IoFreeIrp, KeWaitForSingleObject, IofCallDriver, KeInitializeEvent, IoAllocateIrp
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Matrox Graphics Inc.
copyright....: Copyright (c) Matrox Graphics Inc. 1995-2008
product......: Matrox Miniport Extension Kernel Driver
description..: mtxparmx
original name: mtxparmx.sys
internal name: mtxparmx.sys
file version.: 2.06.00.002
comments.....: 2.06.00.002
signers......: -
signing date.: -
verified.....: Unsigned
-----------------------------------------------------------------------------------------------------------------------------
3ème rapport Netbak.exe
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4297 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5939 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 Suspicious.Insight
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 589824 bytes
MD5...: 65e7d411a2f31b55ca0043ec848bd5f3
SHA1..: d96925096135f9bf9533283f5706c53454eb38f2
SHA256: 154048c9d164e0be29d1776da6145afda0cdb73336e554af5c21421e81df42ec
ssdeep: 12288:3nVDvxLeXwQSfqXbt306GoP23uqqjj9qqIPDAKCY6yg:FVLkbtk6z23bqd
qqAD
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x28565
timedatestamp.....: 0x407fa125 (Fri Apr 16 09:02:29 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x47ac3 0x48000 6.47 13b8495c689ba1e7dc7b32678e6e8879
.rdata 0x49000 0xfed4 0x10000 4.61 f3c6ecbb2bf4c418cee8559b46bd5868
.data 0x59000 0x6c28 0x3000 3.96 ba921c5aa1cc2548cb9e87c161937ce4
.rsrc 0x60000 0x336f0 0x34000 6.57 368fdee8611a1d1aab20b444cd75be50
( 15 imports )
> MPR.dll: WNetCancelConnection2A, WNetAddConnection2A
> KERNEL32.dll: HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, GetStringTypeA, HeapDestroy, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, LCMapStringA, LCMapStringW, HeapSize, HeapReAlloc, TerminateProcess, ExitThread, GetACP, GetLocalTime, GetSystemTime, GetTimeZoneInformation, RaiseException, ExitProcess, GetStartupInfoA, HeapAlloc, HeapFree, RtlUnwind, WritePrivateProfileStringA, SetErrorMode, GetFileTime, GetFileSize, GetOEMCP, GetCPInfo, GetProcessVersion, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SizeofResource, GlobalFlags, MulDiv, GlobalAlloc, lstrcmpA, GetCurrentThread, GetThreadLocale, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, GetCurrentProcess, DuplicateHandle, lstrcpynA, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, FileTimeToLocalFileTime, FileTimeToSystemTime, FormatMessageA, LocalFree, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetModuleHandleA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, WriteFile, lstrcatA, CreateProcessA, GetCommandLineA, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersionExA, GetTickCount, GetQueuedCompletionStatus, CreateThread, CreateFileA, CreateIoCompletionPort, SetLastError, ReadDirectoryChangesW, PostQueuedCompletionStatus, WaitForSingleObject, CloseHandle, DeleteFileA, RemoveDirectoryA, GetLastError, MoveFileA, CreateDirectoryA, GetFileAttributesA, GetComputerNameA, lstrlenA, GetFullPathNameA, GetDriveTypeA, GetLogicalDrives, CopyFileA, FindFirstFileA, FindNextFileA, FindClose, GetCurrentDirectoryA, GetUserDefaultLangID, lstrcpyA, GetStringTypeW
> USER32.dll: CheckDlgButton, SendDlgItemMessageA, MapWindowPoints, SetFocus, AdjustWindowRectEx, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, GetWindow, SetWindowPos, RegisterWindowMessageA, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindowEnabled, CopyRect, PtInRect, GetNextDlgGroupItem, InvalidateRect, GetIconInfo, GetCapture, WindowFromPoint, DrawStateA, DrawEdge, OffsetRect, InflateRect, GetWindowLongA, DestroyIcon, SetRectEmpty, IsWindow, SetWindowLongA, CallWindowProcA, TranslateAcceleratorA, DeleteMenu, SendMessageA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, IsWindowUnicode, EnableWindow, GetSystemMetrics, GetClientRect, DrawIcon, GetSysColor, GetDC, FillRect, ReleaseDC, GetSystemMenu, AppendMenuA, LoadAcceleratorsA, LoadBitmapA, LoadImageA, GetDlgItem, FindWindowA, ShowWindow, BringWindowToTop, SetForegroundWindow, DefDlgProcA, LoadIconA, LoadCursorA, TranslateMessage, PeekMessageA, DispatchMessageA, IsDialogMessageA, SetWindowTextA, MoveWindow, EnableMenuItem, PostThreadMessageA, EndDialog, RegisterClipboardFormatA, GetWindowRect, GetFocus, GetKeyState, GetParent, GetNextDlgTabItem, GetCursorPos, LoadMenuA, GetSubMenu, GetMenuItemCount, GetMenuItemID, ModifyMenuA, ClientToScreen, GetMessagePos, ScreenToClient, UpdateWindow, KillTimer, PostMessageA, SetTimer, MessageBeep, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, GetDesktopWindow, GetClassNameA, SetWindowContextHelpId, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, SetCursor, PostQuitMessage, DestroyMenu, CharUpperA, GetMessageA, ValidateRect, MapDialogRect, LoadStringA, GetMenuCheckMarkDimensions, IsIconic, GetMenuState, ReleaseCapture, CheckMenuItem, SetMenuItemBitmaps
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, IntersectClipRect, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, LPtoDP, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetBkMode, RestoreDC, SaveDC, PatBlt, SetTextColor, GetClipBox, GetTextExtentPoint32A, GetCurrentObject, CreateFontIndirectA, GetStockObject, SetStretchBltMode, SetDIBitsToDevice, CreateRectRgn, StretchBlt, GetPixel, CreateCompatibleDC, SelectObject, GetObjectA, DPtoLP, CreateBitmap, CreateCompatibleBitmap, GetMapMode, SetMapMode, BitBlt, SetBkColor, DeleteObject, CreateDIBitmap, GetTextExtentPointA, DeleteDC
> comdlg32.dll: GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, GetUserNameA, CryptReleaseContext, CryptDestroyKey, CryptEncrypt, CryptDestroyHash, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextA, CryptDecrypt, RegCloseKey
> SHELL32.dll: DragAcceptFiles, Shell_NotifyIconA, ShellExecuteA, SHGetSpecialFolderPathA
> COMCTL32.dll: _TrackMouseEvent, ImageList_Draw, ImageList_GetImageInfo, -, ImageList_Destroy, ImageList_LoadImageA
> oledlg.dll: -
> ole32.dll: StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoGetClassObject, OleInitialize, OleUninitialize, CoFreeUnusedLibraries, CoRegisterMessageFilter, CoRevokeClassObject, CLSIDFromProgID, CLSIDFromString, OleFlushClipboard, OleIsCurrentClipboard
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> IMAGEHLP.dll: MakeSureDirectoryPathExists
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: ICP Electronics Inc.
copyright....: Copyright(C) ICP Electronic Inc. 2003. All rights reserved.
product......: iEi Storage Products
description..: NetBak Replicator
original name: NetBak.EXE
internal name: NetBak Replicator
file version.: 4, 4, 16, 1
comments.....: Release Version
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
----------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4297 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5939 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 Suspicious.Insight
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 589824 bytes
MD5...: 65e7d411a2f31b55ca0043ec848bd5f3
SHA1..: d96925096135f9bf9533283f5706c53454eb38f2
SHA256: 154048c9d164e0be29d1776da6145afda0cdb73336e554af5c21421e81df42ec
ssdeep: 12288:3nVDvxLeXwQSfqXbt306GoP23uqqjj9qqIPDAKCY6yg:FVLkbtk6z23bqd
qqAD
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x28565
timedatestamp.....: 0x407fa125 (Fri Apr 16 09:02:29 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x47ac3 0x48000 6.47 13b8495c689ba1e7dc7b32678e6e8879
.rdata 0x49000 0xfed4 0x10000 4.61 f3c6ecbb2bf4c418cee8559b46bd5868
.data 0x59000 0x6c28 0x3000 3.96 ba921c5aa1cc2548cb9e87c161937ce4
.rsrc 0x60000 0x336f0 0x34000 6.57 368fdee8611a1d1aab20b444cd75be50
( 15 imports )
> MPR.dll: WNetCancelConnection2A, WNetAddConnection2A
> KERNEL32.dll: HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, GetStringTypeA, HeapDestroy, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, LCMapStringA, LCMapStringW, HeapSize, HeapReAlloc, TerminateProcess, ExitThread, GetACP, GetLocalTime, GetSystemTime, GetTimeZoneInformation, RaiseException, ExitProcess, GetStartupInfoA, HeapAlloc, HeapFree, RtlUnwind, WritePrivateProfileStringA, SetErrorMode, GetFileTime, GetFileSize, GetOEMCP, GetCPInfo, GetProcessVersion, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SizeofResource, GlobalFlags, MulDiv, GlobalAlloc, lstrcmpA, GetCurrentThread, GetThreadLocale, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, GetCurrentProcess, DuplicateHandle, lstrcpynA, CreateEventA, SuspendThread, SetThreadPriority, ResumeThread, SetEvent, FileTimeToLocalFileTime, FileTimeToSystemTime, FormatMessageA, LocalFree, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetModuleHandleA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, WriteFile, lstrcatA, CreateProcessA, GetCommandLineA, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersionExA, GetTickCount, GetQueuedCompletionStatus, CreateThread, CreateFileA, CreateIoCompletionPort, SetLastError, ReadDirectoryChangesW, PostQueuedCompletionStatus, WaitForSingleObject, CloseHandle, DeleteFileA, RemoveDirectoryA, GetLastError, MoveFileA, CreateDirectoryA, GetFileAttributesA, GetComputerNameA, lstrlenA, GetFullPathNameA, GetDriveTypeA, GetLogicalDrives, CopyFileA, FindFirstFileA, FindNextFileA, FindClose, GetCurrentDirectoryA, GetUserDefaultLangID, lstrcpyA, GetStringTypeW
> USER32.dll: CheckDlgButton, SendDlgItemMessageA, MapWindowPoints, SetFocus, AdjustWindowRectEx, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, GetWindow, SetWindowPos, RegisterWindowMessageA, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindowEnabled, CopyRect, PtInRect, GetNextDlgGroupItem, InvalidateRect, GetIconInfo, GetCapture, WindowFromPoint, DrawStateA, DrawEdge, OffsetRect, InflateRect, GetWindowLongA, DestroyIcon, SetRectEmpty, IsWindow, SetWindowLongA, CallWindowProcA, TranslateAcceleratorA, DeleteMenu, SendMessageA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, IsWindowUnicode, EnableWindow, GetSystemMetrics, GetClientRect, DrawIcon, GetSysColor, GetDC, FillRect, ReleaseDC, GetSystemMenu, AppendMenuA, LoadAcceleratorsA, LoadBitmapA, LoadImageA, GetDlgItem, FindWindowA, ShowWindow, BringWindowToTop, SetForegroundWindow, DefDlgProcA, LoadIconA, LoadCursorA, TranslateMessage, PeekMessageA, DispatchMessageA, IsDialogMessageA, SetWindowTextA, MoveWindow, EnableMenuItem, PostThreadMessageA, EndDialog, RegisterClipboardFormatA, GetWindowRect, GetFocus, GetKeyState, GetParent, GetNextDlgTabItem, GetCursorPos, LoadMenuA, GetSubMenu, GetMenuItemCount, GetMenuItemID, ModifyMenuA, ClientToScreen, GetMessagePos, ScreenToClient, UpdateWindow, KillTimer, PostMessageA, SetTimer, MessageBeep, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, GetDesktopWindow, GetClassNameA, SetWindowContextHelpId, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, SetCursor, PostQuitMessage, DestroyMenu, CharUpperA, GetMessageA, ValidateRect, MapDialogRect, LoadStringA, GetMenuCheckMarkDimensions, IsIconic, GetMenuState, ReleaseCapture, CheckMenuItem, SetMenuItemBitmaps
> GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, IntersectClipRect, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, LPtoDP, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetBkMode, RestoreDC, SaveDC, PatBlt, SetTextColor, GetClipBox, GetTextExtentPoint32A, GetCurrentObject, CreateFontIndirectA, GetStockObject, SetStretchBltMode, SetDIBitsToDevice, CreateRectRgn, StretchBlt, GetPixel, CreateCompatibleDC, SelectObject, GetObjectA, DPtoLP, CreateBitmap, CreateCompatibleBitmap, GetMapMode, SetMapMode, BitBlt, SetBkColor, DeleteObject, CreateDIBitmap, GetTextExtentPointA, DeleteDC
> comdlg32.dll: GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, GetUserNameA, CryptReleaseContext, CryptDestroyKey, CryptEncrypt, CryptDestroyHash, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextA, CryptDecrypt, RegCloseKey
> SHELL32.dll: DragAcceptFiles, Shell_NotifyIconA, ShellExecuteA, SHGetSpecialFolderPathA
> COMCTL32.dll: _TrackMouseEvent, ImageList_Draw, ImageList_GetImageInfo, -, ImageList_Destroy, ImageList_LoadImageA
> oledlg.dll: -
> ole32.dll: StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoTaskMemFree, CoTaskMemAlloc, CoGetClassObject, OleInitialize, OleUninitialize, CoFreeUnusedLibraries, CoRegisterMessageFilter, CoRevokeClassObject, CLSIDFromProgID, CLSIDFromString, OleFlushClipboard, OleIsCurrentClipboard
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> IMAGEHLP.dll: MakeSureDirectoryPathExists
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: ICP Electronics Inc.
copyright....: Copyright(C) ICP Electronic Inc. 2003. All rights reserved.
product......: iEi Storage Products
description..: NetBak Replicator
original name: NetBak.EXE
internal name: NetBak Replicator
file version.: 4, 4, 16, 1
comments.....: Release Version
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
----------------------------------------------------------------------------------------------------------------------------
Euh, dit moi... on peut arrêter un scan encours sur VirusTotal pour le recommencer. Ca fait 12min que le 4ème est en cours est sa à rien changer depuis 10min, un bug non?????
Voilà le 4ème rapport, qui a fonctionner après le 2eme essai. (comeuninstall.exe)
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4298 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7371 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5940 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: 87699a25e19628441decc1923ce99192
SHA1..: 1a47063595c2cae61b64d9266d933d715ec6d46e
SHA256: 04a6a05d835612910b259decc7f4f28d42fa41eb815614e16793381d7834357a
ssdeep: 1536:bHrV35gLYqsvy9lNJqxJACodsBSgSSMu/qGTC8yNH:vbg99rJqfACopgSSp
/qGTC8yNH
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5e24
timedatestamp.....: 0x43bcdcfc (Thu Jan 05 08:46:52 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8144 0x9000 6.04 be2efbc5b28c9ff75ab766ab2fd3a237
.rdata 0xa000 0x1432 0x2000 3.96 6886e666cdb78ba40711ba7ea0b6b6bd
.data 0xc000 0xb9dc 0x2000 1.76 d70dee9538b7ae6ff70a9f3863f5a991
.rsrc 0x18000 0x17a70 0x18000 4.25 1738aa349d42c9dcec24c6d11d3ae3aa
( 6 imports )
> KERNEL32.dll: GetPrivateProfileStringA, DeleteFileA, SetFileAttributesA, RemoveDirectoryA, FindNextFileA, lstrcmpA, CreateThread, HeapFree, HeapAlloc, GetProcessHeap, SetEvent, OpenEventA, CreateEventA, CopyFileA, GetTempFileNameA, GetTempPathA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, SetStdHandle, GetSystemDirectoryA, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, TerminateProcess, ExitProcess, GetWindowsDirectoryA, CreateFileA, GetFileSize, CreateFileMappingA, FlushFileBuffers, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, MoveFileExA, CreateProcessA, Sleep, lstrcmpiA, lstrcatA, GetModuleFileNameA, lstrlenA, GetModuleHandleA, OpenProcess, GetLastError, SetLastError, GetCurrentProcess, DuplicateHandle, GetExitCodeProcess, CloseHandle, CreateRemoteThread, WaitForSingleObject, lstrcpyA, GetCurrentThreadId, FindFirstFileA, FindClose, GetVersionExA, LoadLibraryA, GetProcAddress, HeapReAlloc, FreeLibrary
> USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, LoadIconA, RegisterClassA, MessageBoxA, SetWindowPos, BeginPaint, GetMessageA, GetSystemMetrics, EndPaint, PostQuitMessage, IsDlgButtonChecked, ExitWindowsEx, CheckDlgButton, GetWindowRect, MoveWindow, FillRect, EnableWindow, UpdateWindow, InvalidateRect, DefWindowProcA, SetTimer, LoadCursorA, SetCursor, DialogBoxParamA, EndDialog, GetWindowTextA, SetWindowTextA, SetFocus, LoadBitmapA, GetDC, ReleaseDC, GetDlgItem, GetClientRect, MapWindowPoints, wsprintfA, FindWindowA, SendMessageA, PostMessageA, LoadStringA, IsWindow, GetLastActivePopup, IsWindowVisible, IsIconic, ShowWindow, SystemParametersInfoA, SetForegroundWindow, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, KillTimer
> GDI32.dll: GetTextExtentPoint32A, SetTextColor, SetBkMode, DeleteObject, CreateSolidBrush, GetStockObject, DeleteDC, StretchBlt, SetStretchBltMode, SelectObject, CreateCompatibleDC, CreateFontA, TextOutA
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegOpenKeyExA, RegEnumValueA
> SHELL32.dll: ShellExecuteA
> COMCTL32.dll: -
( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: QNAP Systems, Inc.
copyright....: Copyright (c) 2002-2005, QNAP Systems, Inc.
product......: QNAP Network Products
description..: Uninstall Program
original name: ieiunins.exe
internal name: nasuninst.exe
file version.: 4, 0, 0, 1113
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
----------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4298 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7371 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5940 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 155648 bytes
MD5...: 87699a25e19628441decc1923ce99192
SHA1..: 1a47063595c2cae61b64d9266d933d715ec6d46e
SHA256: 04a6a05d835612910b259decc7f4f28d42fa41eb815614e16793381d7834357a
ssdeep: 1536:bHrV35gLYqsvy9lNJqxJACodsBSgSSMu/qGTC8yNH:vbg99rJqfACopgSSp
/qGTC8yNH
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5e24
timedatestamp.....: 0x43bcdcfc (Thu Jan 05 08:46:52 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8144 0x9000 6.04 be2efbc5b28c9ff75ab766ab2fd3a237
.rdata 0xa000 0x1432 0x2000 3.96 6886e666cdb78ba40711ba7ea0b6b6bd
.data 0xc000 0xb9dc 0x2000 1.76 d70dee9538b7ae6ff70a9f3863f5a991
.rsrc 0x18000 0x17a70 0x18000 4.25 1738aa349d42c9dcec24c6d11d3ae3aa
( 6 imports )
> KERNEL32.dll: GetPrivateProfileStringA, DeleteFileA, SetFileAttributesA, RemoveDirectoryA, FindNextFileA, lstrcmpA, CreateThread, HeapFree, HeapAlloc, GetProcessHeap, SetEvent, OpenEventA, CreateEventA, CopyFileA, GetTempFileNameA, GetTempPathA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, SetStdHandle, GetSystemDirectoryA, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, TerminateProcess, ExitProcess, GetWindowsDirectoryA, CreateFileA, GetFileSize, CreateFileMappingA, FlushFileBuffers, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, MoveFileExA, CreateProcessA, Sleep, lstrcmpiA, lstrcatA, GetModuleFileNameA, lstrlenA, GetModuleHandleA, OpenProcess, GetLastError, SetLastError, GetCurrentProcess, DuplicateHandle, GetExitCodeProcess, CloseHandle, CreateRemoteThread, WaitForSingleObject, lstrcpyA, GetCurrentThreadId, FindFirstFileA, FindClose, GetVersionExA, LoadLibraryA, GetProcAddress, HeapReAlloc, FreeLibrary
> USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, LoadIconA, RegisterClassA, MessageBoxA, SetWindowPos, BeginPaint, GetMessageA, GetSystemMetrics, EndPaint, PostQuitMessage, IsDlgButtonChecked, ExitWindowsEx, CheckDlgButton, GetWindowRect, MoveWindow, FillRect, EnableWindow, UpdateWindow, InvalidateRect, DefWindowProcA, SetTimer, LoadCursorA, SetCursor, DialogBoxParamA, EndDialog, GetWindowTextA, SetWindowTextA, SetFocus, LoadBitmapA, GetDC, ReleaseDC, GetDlgItem, GetClientRect, MapWindowPoints, wsprintfA, FindWindowA, SendMessageA, PostMessageA, LoadStringA, IsWindow, GetLastActivePopup, IsWindowVisible, IsIconic, ShowWindow, SystemParametersInfoA, SetForegroundWindow, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, KillTimer
> GDI32.dll: GetTextExtentPoint32A, SetTextColor, SetBkMode, DeleteObject, CreateSolidBrush, GetStockObject, DeleteDC, StretchBlt, SetStretchBltMode, SelectObject, CreateCompatibleDC, CreateFontA, TextOutA
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegOpenKeyExA, RegEnumValueA
> SHELL32.dll: ShellExecuteA
> COMCTL32.dll: -
( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: QNAP Systems, Inc.
copyright....: Copyright (c) 2002-2005, QNAP Systems, Inc.
product......: QNAP Network Products
description..: Uninstall Program
original name: ieiunins.exe
internal name: nasuninst.exe
file version.: 4, 0, 0, 1113
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
----------------------------------------------------------------------------------------------------------------------------
Fiou, le dernier, voilà le rapport, bonne chance (c'est Nasuninst.exe) je passe à la suite.
---------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4298 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7371 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5940 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 Suspicious.Insight
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 159744 bytes
MD5...: 5b5a62284caf78df2a7e4bb2add22ae5
SHA1..: a7924f7e3c857c8ee079a7031895eb987a13a84e
SHA256: b1ebf07a4657e7b33c7c9a8c6fae50d5be930770b79314db12d0e544b50e0027
ssdeep: 1536:kFS+0UH1mGEOlFCCMcBSQSuxw8oQYb24SlH+/qGTCAyNuM1:kFS+nVsObSW
w8oQ/4Sle/qGTCAyNu
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5844
timedatestamp.....: 0x3abf2343 (Mon Mar 26 11:08:51 2001)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9f74 0xa000 6.54 bd5c0852533ce98d41b51a14ccf808d9
.rdata 0xb000 0x1512 0x2000 4.09 2bee72e52596a41f9841dac44dbaa5be
.data 0xd000 0xd498 0x4000 1.39 d5fc73e71978c37601e4b1839ed32fdb
.rsrc 0x1b000 0x153f8 0x16000 4.06 e0a9458443a0ff583f26c82ae70928aa
( 5 imports )
> KERNEL32.dll: CreateFileA, lstrcatA, GetFileSize, CreateFileMappingA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, DeleteFileA, lstrcmpiA, RemoveDirectoryA, FindNextFileA, SetFileAttributesA, CreateThread, HeapFree, HeapAlloc, GetProcessHeap, SetEvent, SetFilePointer, MapViewOfFile, CreateEventA, CopyFileA, GetTempFileNameA, GetTempPathA, DuplicateHandle, GetExitCodeProcess, CloseHandle, CreateRemoteThread, WaitForSingleObject, GetThreadLocale, SetThreadLocale, lstrcpyA, GetCurrentThreadId, FindFirstFileA, FindClose, GetVersionExA, LoadLibraryA, GetProcAddress, UnmapViewOfFile, Sleep, SetEndOfFile, MoveFileExA, GetModuleHandleA, GetModuleFileNameA, lstrlenA, SetLastError, OpenProcess, GetLastError, OpenEventA, GetCurrentProcess, CreateProcessA, lstrcmpA, FlushFileBuffers, LCMapStringW, SetStdHandle, FreeLibrary, LCMapStringA, GetStringTypeW, GetStringTypeA, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, ExitProcess, TerminateProcess
> USER32.dll: GetDC, ReleaseDC, SetFocus, GetClientRect, MapWindowPoints, wsprintfA, FindWindowA, LoadBitmapA, GetDlgItem, SetWindowTextA, IsWindow, GetLastActivePopup, IsWindowVisible, IsIconic, ShowWindow, SystemParametersInfoA, SetForegroundWindow, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, GetWindowTextA, EndDialog, DialogBoxParamA, PostMessageA, SetCursor, LoadCursorA, SetTimer, GetMessageA, TranslateMessage, DispatchMessageA, CreateWindowExA, LoadIconA, RegisterClassA, MessageBoxA, SetWindowPos, BeginPaint, FillRect, GetSystemMetrics, EndPaint, PostQuitMessage, IsDlgButtonChecked, ExitWindowsEx, CheckDlgButton, KillTimer, GetWindowRect, MoveWindow, EnableWindow, DefWindowProcA, SendMessageA, LoadStringA, InvalidateRect, UpdateWindow
> GDI32.dll: DeleteObject, SetStretchBltMode, SelectObject, StretchBlt, TextOutA, GetTextExtentPoint32A, CreateCompatibleDC, SetBkMode, CreateFontIndirectA, SetTextColor, CreateSolidBrush, GetStockObject, CreateFontA, DeleteDC
> ADVAPI32.dll: RegDeleteValueA, RegCloseKey, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegQueryValueExA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegOpenKeyA
> COMCTL32.dll: -
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Silitek Corporation
copyright....: Copyright (c) 2000 Silitek Corporation.
product......: Keyboard Products
description..: Uninstall Program
original name: Uninstal.exe
internal name: Uninstal.exe
file version.: 1, 0, 7, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
---------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.17 -
AntiVir 8.2.1.194 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 -
Avast5 5.0.332.0 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4298 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
eTrust-Vet 35.2.7371 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 -
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4953 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5940 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 Suspicious.Insight
TheHacker 6.5.2.0.236 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.17 -
Information additionnelle
File size: 159744 bytes
MD5...: 5b5a62284caf78df2a7e4bb2add22ae5
SHA1..: a7924f7e3c857c8ee079a7031895eb987a13a84e
SHA256: b1ebf07a4657e7b33c7c9a8c6fae50d5be930770b79314db12d0e544b50e0027
ssdeep: 1536:kFS+0UH1mGEOlFCCMcBSQSuxw8oQYb24SlH+/qGTCAyNuM1:kFS+nVsObSW
w8oQ/4Sle/qGTCAyNu
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5844
timedatestamp.....: 0x3abf2343 (Mon Mar 26 11:08:51 2001)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9f74 0xa000 6.54 bd5c0852533ce98d41b51a14ccf808d9
.rdata 0xb000 0x1512 0x2000 4.09 2bee72e52596a41f9841dac44dbaa5be
.data 0xd000 0xd498 0x4000 1.39 d5fc73e71978c37601e4b1839ed32fdb
.rsrc 0x1b000 0x153f8 0x16000 4.06 e0a9458443a0ff583f26c82ae70928aa
( 5 imports )
> KERNEL32.dll: CreateFileA, lstrcatA, GetFileSize, CreateFileMappingA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, DeleteFileA, lstrcmpiA, RemoveDirectoryA, FindNextFileA, SetFileAttributesA, CreateThread, HeapFree, HeapAlloc, GetProcessHeap, SetEvent, SetFilePointer, MapViewOfFile, CreateEventA, CopyFileA, GetTempFileNameA, GetTempPathA, DuplicateHandle, GetExitCodeProcess, CloseHandle, CreateRemoteThread, WaitForSingleObject, GetThreadLocale, SetThreadLocale, lstrcpyA, GetCurrentThreadId, FindFirstFileA, FindClose, GetVersionExA, LoadLibraryA, GetProcAddress, UnmapViewOfFile, Sleep, SetEndOfFile, MoveFileExA, GetModuleHandleA, GetModuleFileNameA, lstrlenA, SetLastError, OpenProcess, GetLastError, OpenEventA, GetCurrentProcess, CreateProcessA, lstrcmpA, FlushFileBuffers, LCMapStringW, SetStdHandle, FreeLibrary, LCMapStringA, GetStringTypeW, GetStringTypeA, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetVersion, GetCommandLineA, GetStartupInfoA, ExitProcess, TerminateProcess
> USER32.dll: GetDC, ReleaseDC, SetFocus, GetClientRect, MapWindowPoints, wsprintfA, FindWindowA, LoadBitmapA, GetDlgItem, SetWindowTextA, IsWindow, GetLastActivePopup, IsWindowVisible, IsIconic, ShowWindow, SystemParametersInfoA, SetForegroundWindow, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, GetWindowTextA, EndDialog, DialogBoxParamA, PostMessageA, SetCursor, LoadCursorA, SetTimer, GetMessageA, TranslateMessage, DispatchMessageA, CreateWindowExA, LoadIconA, RegisterClassA, MessageBoxA, SetWindowPos, BeginPaint, FillRect, GetSystemMetrics, EndPaint, PostQuitMessage, IsDlgButtonChecked, ExitWindowsEx, CheckDlgButton, KillTimer, GetWindowRect, MoveWindow, EnableWindow, DefWindowProcA, SendMessageA, LoadStringA, InvalidateRect, UpdateWindow
> GDI32.dll: DeleteObject, SetStretchBltMode, SelectObject, StretchBlt, TextOutA, GetTextExtentPoint32A, CreateCompatibleDC, SetBkMode, CreateFontIndirectA, SetTextColor, CreateSolidBrush, GetStockObject, CreateFontA, DeleteDC
> ADVAPI32.dll: RegDeleteValueA, RegCloseKey, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegQueryValueExA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegOpenKeyA
> COMCTL32.dll: -
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Silitek Corporation
copyright....: Copyright (c) 2000 Silitek Corporation.
product......: Keyboard Products
description..: Uninstall Program
original name: Uninstal.exe
internal name: Uninstal.exe
file version.: 1, 0, 7, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
---------------------------------------------------------------------------------------------------------------------------