Virus droit d'auteur - Page 5

Résolu
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
  1. waerbenn
     
    le voila:

    http://www.cijoint.fr/cjlink.php?file=cj201005/cijtZ4Dheh.txt
    0
    1. waerbenn
       
      et le 2 éme:
      http://www.cijoint.fr/cjlink.php?file=cj201005/cijgUaC3jC.txt
      0
  2. gen-hackman
     
    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    c:\windows\system32\drivers\accskmd.sys
    c:\windows\system32\drivers\drw17.tmp
    c:\windows\system32\drivers\tcpip.sys.flg

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
    0
  3. waerbenn
     
    Fichier accskmd.sys reçu le 2010.05.05 16:40:12 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 -
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -
    Information additionnelle
    File size: 32640 bytes
    MD5...: 9fd47eeccd7fd60c2367ad9a937697fe
    SHA1..: 52eec39dd9c8de2227188e4dfeaab3085169b363
    SHA256: 0d6faab7e6a87d83c9fc4df0aadeb06b40d2b72dce769b7707a3cfe95d243def
    ssdeep: 384:K/FrOvwui9lp3Z1s0/Ibm6OYLZ+ZBKwMecYA0YvOCByKkTM9233QV2s873Cp<br>GGI:KNrp7qkwm6OYsZBKbYA0YfBZkU63CpG<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5d4<br>timedatestamp.....: 0x3ec0dbed (Tue May 13 11:50:05 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x300 0x6656 0x6680 6.46 1d7ee9a808b1d79568ad218d398aa13e<br>.rdata 0x6980 0x2cd 0x300 4.70 9467001b966de9dc3b766c76fb43c142<br>.data 0x6c80 0x430 0x480 0.65 c361b8c32f4830b4abbdd08ee54b6722<br>INIT 0x7100 0x502 0x580 4.74 5d04df66a23c873c2fbaae23eac8bec0<br>.rsrc 0x7680 0x3c8 0x400 3.10 519967e9cb5533375483fc414d0830b5<br>.reloc 0x7a80 0x4a6 0x500 5.95 0db25b56c613a6272bd9dc5da586f744<br><br>( 1 imports ) <br>> NTOSKRNL.EXE: ZwClose, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IoInitializeRemoveLockEx, IoDeleteDevice, RtlFreeUnicodeString, IoAttachDeviceToDeviceStack, IoRegisterDeviceInterface, IoCreateDevice, IoReleaseRemoveLockEx, PoCallDriver, IofCompleteRequest, PoStartNextPowerIrp, IoAcquireRemoveLockEx, IofCallDriver, ExFreePool, ExAllocatePoolWithTag, KeInitializeDpc, KeInitializeTimerEx, KeInitializeMutex, KeSetEvent, KeWaitForSingleObject, KeInitializeEvent, IoDetachDevice, IoSetDeviceInterfaceState, IoReleaseRemoveLockAndWaitEx, IoBuildDeviceIoControlRequest, IoFreeWorkItem, IoFreeIrp, IoAllocateIrp, IoCancelIrp, IoQueueWorkItem, IoAllocateWorkItem, KeReleaseMutex, KeCancelTimer, KeSetTimer, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmBuildMdlForNonPagedPool, IoBuildPartialMdl, IoAllocateMdl, MmProbeAndLockPages, ProbeForRead, RtlCompareMemory, KeDelayExecutionThread, ProbeForWrite, KeWaitForMultipleObjects, RtlUnwind<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win64 Executable Generic (95.5%)<br>Generic Win/DOS Executable (2.2%)<br>DOS Executable Generic (2.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:<br>publisher....: Canon Inc<br>copyright....: Copyright (c) 2003 Canon Inc<br>product......: Camera Storage Device 1.0<br>description..: Accskmd.sys<br>original name: Accskmd.sys<br>internal name: ACCSKMD<br>file version.: 1, 0, 0, 1<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 -
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -

    Information additionnelle
    File size: 32640 bytes
    MD5...: 9fd47eeccd7fd60c2367ad9a937697fe
    SHA1..: 52eec39dd9c8de2227188e4dfeaab3085169b363
    SHA256: 0d6faab7e6a87d83c9fc4df0aadeb06b40d2b72dce769b7707a3cfe95d243def
    ssdeep: 384:K/FrOvwui9lp3Z1s0/Ibm6OYLZ+ZBKwMecYA0YvOCByKkTM9233QV2s873Cp<br>GGI:KNrp7qkwm6OYsZBKbYA0YfBZkU63CpG<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5d4<br>timedatestamp.....: 0x3ec0dbed (Tue May 13 11:50:05 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x300 0x6656 0x6680 6.46 1d7ee9a808b1d79568ad218d398aa13e<br>.rdata 0x6980 0x2cd 0x300 4.70 9467001b966de9dc3b766c76fb43c142<br>.data 0x6c80 0x430 0x480 0.65 c361b8c32f4830b4abbdd08ee54b6722<br>INIT 0x7100 0x502 0x580 4.74 5d04df66a23c873c2fbaae23eac8bec0<br>.rsrc 0x7680 0x3c8 0x400 3.10 519967e9cb5533375483fc414d0830b5<br>.reloc 0x7a80 0x4a6 0x500 5.95 0db25b56c613a6272bd9dc5da586f744<br><br>( 1 imports ) <br>> NTOSKRNL.EXE: ZwClose, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IoInitializeRemoveLockEx, IoDeleteDevice, RtlFreeUnicodeString, IoAttachDeviceToDeviceStack, IoRegisterDeviceInterface, IoCreateDevice, IoReleaseRemoveLockEx, PoCallDriver, IofCompleteRequest, PoStartNextPowerIrp, IoAcquireRemoveLockEx, IofCallDriver, ExFreePool, ExAllocatePoolWithTag, KeInitializeDpc, KeInitializeTimerEx, KeInitializeMutex, KeSetEvent, KeWaitForSingleObject, KeInitializeEvent, IoDetachDevice, IoSetDeviceInterfaceState, IoReleaseRemoveLockAndWaitEx, IoBuildDeviceIoControlRequest, IoFreeWorkItem, IoFreeIrp, IoAllocateIrp, IoCancelIrp, IoQueueWorkItem, IoAllocateWorkItem, KeReleaseMutex, KeCancelTimer, KeSetTimer, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmBuildMdlForNonPagedPool, IoBuildPartialMdl, IoAllocateMdl, MmProbeAndLockPages, ProbeForRead, RtlCompareMemory, KeDelayExecutionThread, ProbeForWrite, KeWaitForMultipleObjects, RtlUnwind<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win64 Executable Generic (95.5%)<br>Generic Win/DOS Executable (2.2%)<br>DOS Executable Generic (2.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:<br>publisher....: Canon Inc<br>copyright....: Copyright (c) 2003 Canon Inc<br>product......: Camera Storage Device 1.0<br>description..: Accskmd.sys<br>original name: Accskmd.sys<br>internal name: ACCSKMD<br>file version.: 1, 0, 0, 1<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  4. waerbenn
     
    Fichier drw17.tmp reçu le 2010.05.05 16:46:39 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 Heuristic.LooksLike.Trojan.Patched.I
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -
    Information additionnelle
    File size: 66048 bytes
    MD5...: 2afb208a5f23514d891f2ff43fdc2d7c
    SHA1..: 8b52ff3a90a5d12932055da2ee648c2a89d00d76
    SHA256: e83d2483c15d10921f57fc60b1ec845a75f1356f9999a9dc231f11c5bde05b5f
    ssdeep: 768:wu/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnDK5zJ<br>uoIt:wWNA29vZyhcMjb/QCtNfkkcoI1/<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaebb<br>timedatestamp.....: 0x48025be0 (Sun Apr 13 19:15:44 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x2ec3 0x2f00 6.11 89dcaeb23cc15fbc24f0a27d2aa97f99<br>.rdata 0x3280 0x1e4 0x200 3.19 e39a450fe545d28d7f936d1a607d3e0e<br>.data 0x3480 0x118 0x180 2.15 f318acc2fb4dfb89c8feedb8474652ac<br>PAGESRP0 0x3600 0x3cfe 0x3d00 6.29 a8d11e2f35f964d6a49a331fdf7edf7d<br>PAGESER 0x7300 0x38b7 0x3900 6.20 d84fe891b8a3ebf286da95f8d01d1246<br>INIT 0xac00 0x2420 0x2480 6.19 62393446cb191bf38d94a19c0610fde6<br>.rsrc 0xd080 0x2978 0x2980 3.14 a8a9af2fd775c0df19da27795f96306f<br>.reloc 0xfa00 0x7dc 0x800 6.64 c123b74152d894aabade2714c8a68f91<br><br>( 3 imports ) <br>> HAL.dll: WRITE_PORT_BUFFER_UCHAR, KfReleaseSpinLock, HalTranslateBusAddress, HalGetInterruptVector, ExAcquireFastMutex, ExReleaseFastMutex, WRITE_PORT_UCHAR, KdComPortInUse, READ_PORT_UCHAR, KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock<br>> ntoskrnl.exe: IoCancelIrp, KeInitializeDpc, KeInitializeTimer, ExAllocatePoolWithTag, DbgBreakPoint, KeInitializeSpinLock, memmove, PoSetPowerState, KeWaitForSingleObject, ExAllocatePoolWithQuotaTag, _except_handler3, KeInsertQueueDpc, KeDelayExecutionThread, MmLockPagableSectionByHandle, MmQuerySystemSize, KeQuerySystemTime, KeSetEvent, KeSetTimer, IofCallDriver, PoCallDriver, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, IoInvalidateDeviceState, IoQueryDeviceDescription, ZwClose, IoDetachDevice, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlDeleteRegistryValue, IoDeleteSymbolicLink, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlWriteRegistryValue, IoCreateSymbolicLink, wcslen, RtlInitUnicodeString, KeInitializeEvent, IoCreateDevice, RtlIntegerToUnicodeString, IoAttachDeviceToDeviceStack, IoConnectInterrupt, RtlQueryRegistryValues, ZwQueryValueKey, ZwSetValueKey, ZwEnumerateKey, IoReportDetectedDevice, ZwOpenKey, PoRequestPowerIrp, PoStartNextPowerIrp, KeClearEvent, KeTickCount, KeBugCheckEx, IoDeleteDevice, IoGetConfigurationInformation, IoWMIRegistrationControl, IoDisconnectInterrupt, KeRemoveQueueDpc, MmUnmapIoSpace, MmMapIoSpace, MmLockPagableDataSection, ExFreePoolWithTag, MmUnlockPagableImageSection, _allmul, IoAcquireCancelSpinLock, KeSynchronizeExecution, IoReleaseCancelSpinLock, IoOpenDeviceRegistryKey, IofCompleteRequest<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 Heuristic.LooksLike.Trojan.Patched.I
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -

    Information additionnelle
    File size: 66048 bytes
    MD5...: 2afb208a5f23514d891f2ff43fdc2d7c
    SHA1..: 8b52ff3a90a5d12932055da2ee648c2a89d00d76
    SHA256: e83d2483c15d10921f57fc60b1ec845a75f1356f9999a9dc231f11c5bde05b5f
    ssdeep: 768:wu/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnDK5zJ<br>uoIt:wWNA29vZyhcMjb/QCtNfkkcoI1/<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaebb<br>timedatestamp.....: 0x48025be0 (Sun Apr 13 19:15:44 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x2ec3 0x2f00 6.11 89dcaeb23cc15fbc24f0a27d2aa97f99<br>.rdata 0x3280 0x1e4 0x200 3.19 e39a450fe545d28d7f936d1a607d3e0e<br>.data 0x3480 0x118 0x180 2.15 f318acc2fb4dfb89c8feedb8474652ac<br>PAGESRP0 0x3600 0x3cfe 0x3d00 6.29 a8d11e2f35f964d6a49a331fdf7edf7d<br>PAGESER 0x7300 0x38b7 0x3900 6.20 d84fe891b8a3ebf286da95f8d01d1246<br>INIT 0xac00 0x2420 0x2480 6.19 62393446cb191bf38d94a19c0610fde6<br>.rsrc 0xd080 0x2978 0x2980 3.14 a8a9af2fd775c0df19da27795f96306f<br>.reloc 0xfa00 0x7dc 0x800 6.64 c123b74152d894aabade2714c8a68f91<br><br>( 3 imports ) <br>> HAL.dll: WRITE_PORT_BUFFER_UCHAR, KfReleaseSpinLock, HalTranslateBusAddress, HalGetInterruptVector, ExAcquireFastMutex, ExReleaseFastMutex, WRITE_PORT_UCHAR, KdComPortInUse, READ_PORT_UCHAR, KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock<br>> ntoskrnl.exe: IoCancelIrp, KeInitializeDpc, KeInitializeTimer, ExAllocatePoolWithTag, DbgBreakPoint, KeInitializeSpinLock, memmove, PoSetPowerState, KeWaitForSingleObject, ExAllocatePoolWithQuotaTag, _except_handler3, KeInsertQueueDpc, KeDelayExecutionThread, MmLockPagableSectionByHandle, MmQuerySystemSize, KeQuerySystemTime, KeSetEvent, KeSetTimer, IofCallDriver, PoCallDriver, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, IoInvalidateDeviceState, IoQueryDeviceDescription, ZwClose, IoDetachDevice, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, RtlDeleteRegistryValue, IoDeleteSymbolicLink, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlWriteRegistryValue, IoCreateSymbolicLink, wcslen, RtlInitUnicodeString, KeInitializeEvent, IoCreateDevice, RtlIntegerToUnicodeString, IoAttachDeviceToDeviceStack, IoConnectInterrupt, RtlQueryRegistryValues, ZwQueryValueKey, ZwSetValueKey, ZwEnumerateKey, IoReportDetectedDevice, ZwOpenKey, PoRequestPowerIrp, PoStartNextPowerIrp, KeClearEvent, KeTickCount, KeBugCheckEx, IoDeleteDevice, IoGetConfigurationInformation, IoWMIRegistrationControl, IoDisconnectInterrupt, KeRemoveQueueDpc, MmUnmapIoSpace, MmMapIoSpace, MmLockPagableDataSection, ExFreePoolWithTag, MmUnlockPagableImageSection, _allmul, IoAcquireCancelSpinLock, KeSynchronizeExecution, IoReleaseCancelSpinLock, IoOpenDeviceRegistryKey, IofCompleteRequest<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. waerbenn
     
    Fichier tcpip.sys.flg reçu le 2010.05.05 16:50:52 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 -
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -
    Information additionnelle
    File size: 359808 bytes
    MD5...: 1dbf125862891817f374f407626967f4
    SHA1..: a502d0d6c3a4dd995a3554347b04fbb51dd05901
    SHA256: 1e202b81d5650e0247be4df005e45dcb2147794111c0e634d2fed8cbcd9d7525
    ssdeep: 6144:ZaALiGdmz77B9dwUgvrGWZ7xBiqOOnFHfpY8eWKKOizAo9JVVAb53wMc/vS<br>JtdGM:IALiimP7B9dwP1YAnpfpsgRzAo9JVVaO<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x51416<br>timedatestamp.....: 0x444775d3 (Thu Apr 20 11:51:47 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 10 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x3eb46 0x3eb80 6.60 0070c0fe071f86ff450abb82796a707b<br>.rdata 0x3ef00 0x57c 0x580 4.44 69aa09759336b6e0507386af3bbb6dcc<br>.data 0x3f480 0xa4a4 0xa500 0.06 3c6615b610e6de876b2c262b0758fd16<br>PAGE 0x49980 0x1f2b 0x1f80 6.38 81d20590d39aa950d5bf471b3be448de<br>PAGELK 0x4b900 0x6f2 0x700 6.22 9af2dd2d18cd58f1055a9beeb544167e<br>PAGEIPMc 0x4c000 0x2781 0x2800 6.43 e1de3c0bdeb74f323da3399d8c48e2cf<br>.edata 0x4e800 0x341 0x380 5.21 ec24162692a0d59d9dc3f33c776159b4<br>INIT 0x4eb80 0x5836 0x5880 6.21 cc0ff324837f885b4524eae20fd2e67b<br>.rsrc 0x54400 0x3f0 0x400 3.40 542b54f6047b1b152fb11007523f7fdf<br>.reloc 0x54800 0x355c 0x3580 6.81 22673530fa14c0fa0b8d5337c10fdd05<br><br>( 4 imports ) <br>> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex<br>> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter<br>> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile<br>> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel<br><br>( 31 exports ) <br>ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum<br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: TCP/IP Protocol Driver<br>original name: tcpip.sys<br>internal name: tcpip.sys<br>file version.: 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.05.05 -
    AhnLab-V3 2010.05.05.00 2010.05.05 -
    AntiVir 8.2.1.236 2010.05.05 -
    Antiy-AVL 2.0.3.7 2010.05.05 -
    Authentium 5.2.0.5 2010.05.05 -
    Avast 4.8.1351.0 2010.05.05 -
    Avast5 5.0.332.0 2010.05.05 -
    AVG 9.0.0.787 2010.05.05 -
    BitDefender 7.2 2010.05.05 -
    CAT-QuickHeal 10.00 2010.05.04 -
    ClamAV 0.96.0.3-git 2010.05.05 -
    Comodo 4772 2010.05.05 -
    DrWeb 5.0.2.03300 2010.05.05 -
    eSafe 7.0.17.0 2010.05.05 -
    eTrust-Vet 35.2.7469 2010.05.05 -
    F-Prot 4.5.1.85 2010.05.05 -
    F-Secure 9.0.15370.0 2010.05.05 -
    Fortinet 4.0.14.0 2010.05.05 -
    GData 21 2010.05.05 -
    Ikarus T3.1.1.84.0 2010.05.05 -
    Jiangmin 13.0.900 2010.05.05 -
    Kaspersky 7.0.0.125 2010.05.05 -
    McAfee 5.400.0.1158 2010.05.05 -
    McAfee-GW-Edition 2010.1 2010.05.05 -
    Microsoft 1.5703 2010.05.04 -
    NOD32 5088 2010.05.05 -
    Norman 6.04.12 2010.05.05 -
    nProtect 2010-05-05.01 2010.05.05 -
    Panda 10.0.2.7 2010.05.05 -
    PCTools 7.0.3.5 2010.05.05 -
    Prevx 3.0 2010.05.05 -
    Rising 22.46.02.03 2010.05.05 -
    Sophos 4.53.0 2010.05.05 -
    Sunbelt 6263 2010.05.05 -
    Symantec 20091.2.0.41 2010.05.05 -
    TheHacker 6.5.2.0.275 2010.05.03 -
    TrendMicro 9.120.0.1004 2010.05.05 -
    TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
    VBA32 3.12.12.4 2010.05.05 -
    ViRobot 2010.5.4.2303 2010.05.05 -
    VirusBuster 5.0.27.0 2010.05.05 -

    Information additionnelle
    File size: 359808 bytes
    MD5...: 1dbf125862891817f374f407626967f4
    SHA1..: a502d0d6c3a4dd995a3554347b04fbb51dd05901
    SHA256: 1e202b81d5650e0247be4df005e45dcb2147794111c0e634d2fed8cbcd9d7525
    ssdeep: 6144:ZaALiGdmz77B9dwUgvrGWZ7xBiqOOnFHfpY8eWKKOizAo9JVVAb53wMc/vS<br>JtdGM:IALiimP7B9dwP1YAnpfpsgRzAo9JVVaO<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x51416<br>timedatestamp.....: 0x444775d3 (Thu Apr 20 11:51:47 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 10 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x3eb46 0x3eb80 6.60 0070c0fe071f86ff450abb82796a707b<br>.rdata 0x3ef00 0x57c 0x580 4.44 69aa09759336b6e0507386af3bbb6dcc<br>.data 0x3f480 0xa4a4 0xa500 0.06 3c6615b610e6de876b2c262b0758fd16<br>PAGE 0x49980 0x1f2b 0x1f80 6.38 81d20590d39aa950d5bf471b3be448de<br>PAGELK 0x4b900 0x6f2 0x700 6.22 9af2dd2d18cd58f1055a9beeb544167e<br>PAGEIPMc 0x4c000 0x2781 0x2800 6.43 e1de3c0bdeb74f323da3399d8c48e2cf<br>.edata 0x4e800 0x341 0x380 5.21 ec24162692a0d59d9dc3f33c776159b4<br>INIT 0x4eb80 0x5836 0x5880 6.21 cc0ff324837f885b4524eae20fd2e67b<br>.rsrc 0x54400 0x3f0 0x400 3.40 542b54f6047b1b152fb11007523f7fdf<br>.reloc 0x54800 0x355c 0x3580 6.81 22673530fa14c0fa0b8d5337c10fdd05<br><br>( 4 imports ) <br>> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex<br>> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter<br>> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile<br>> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel<br><br>( 31 exports ) <br>ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum<br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: TCP/IP Protocol Driver<br>original name: tcpip.sys<br>internal name: tcpip.sys<br>file version.: 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  7. gen-hackman
     
    supprime deja celui-ci : drw17.tmp
    0
    1. waerbenn
       
      ok c'est fait
      0
  8. gen-hackman
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  9. waerbenn
     
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4056

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    06/05/2010 08:08:50
    mbam-log-2010-05-06 (08-08-50).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 228289
    Temps écoulé: 1 heure(s), 30 minute(s), 11 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 23

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\HelpAssistant\Local Settings\Temp\e4e8f5e3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\CW8V6BDA\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\T421B37U\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6415EA79-C175-4EBE-B6ED-F35953831397}\RP754\A0290590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\files (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\iplog (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\ispinfo (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\shot.jpeg (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\wallpaper.jpg (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HelpAssistant\Bureau\ARManager.lnk (Rogue.ARManager) -> Quarantined and deleted successfully.
    0
    1. waerbenn
       
      je pense que ça doit aller.....
      0
  10. gen-hackman
     
    bonjour peux-tu observer d'autres soucis .?
    0
  11. waerbenn
     
    non depuis pas de page qui s'ouvre intempestivement et aucun autre virus detecté.....
    0
  12. gen-hackman
     
    bien

    Pour nettoyer les outils utilsés et mieux sécuriser ton pc
    --------------------------------------------------------------

    ▶---> Télécharge ToolsCleaner2sur ton Bureau.
    * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
    * Clique sur Recherche et laisse le scan agir.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options Facultatives.
    * Clique sur Quitter pour obtenir le rapport.
    * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    ___________________________________________________

    Tu peux supprimer ToolCleaner
    ___________________________________________________

    ▶ Télécharge :ATF Cleaner par Atribune

    Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme.
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected
    Si tu utilises le navigateur Firefox :
    Clique Firefox au haut et choisis : Select All
    Clique le bouton Empty Selected a
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
    Si tu utilises le navigateur Opera :
    Clique Opera au haut et choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
    Clique Exit, du menu prinicipal, afin de fermer le programme.
    Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.
    __________________________________________________

    Tu peux garder ATF pour d'eventuels netttoyages un peu plus poussés
    __________________________________________________

    ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

    * Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
    * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
    * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
    * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)
    __________________________________________________

    Attention : ne pas toucher au PC pendant qu'il travaille !

    ▶ Nettoyage et Défragmentation de tes Disques

    *Nettoyage :

    Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
    Cliques sur le bouton "nettoyage de disque", OK
    tu le fais pour chacun de tes disques
    ________________________________________________

    *Vérifications des erreurs :

    Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
    "Vérifier maintenant", une boîte s'ouvre, cocher les cases :
    -réparer automatiquement les erreurs...
    -rechercher et tenter une récupération...

    --->Démarrer, ok
    Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
    tu le fais pour chacun de tes disques
    ________________________________________________

    ensuite toujours dans le même onglet tu choisis :

    *Défragmentation :
    "défragmenter maintenant", OK
    une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
    tu le fais pour chacun de tes disques
    _______________________________________________

    Note : si tu as un utilitaire pour défragmenter , utilises le à la place

    pour ce faire Defraggler est proposé
    _________________________________________________

    ▶ Peux-tu vérifier ta Console Java ? :

    et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).

    voici pour desinstaller :

    JavaRa

    Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
    * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
    * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
    * Choisis Français puis clique sur Select.
    * Clique sur Recherche de mises à jour.
    * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
    * Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
    * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
    * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
    * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
    * Ferme l'application.

    Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
    _________________________________________________

    ▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
    __________________________________________________

    ▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu :

    Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/
    ___________________________________________________

    ▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul
    _____________________________________________________

    ▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine :

    * Lance le programme puis clique sur <Quarantaine>.
    * Sélectionne tous les éléments puis clique sur <supprimer>.
    * Quitte le programme.
    ______________________________________________________

    si tu as installé Antivir :

    Configuration
    ________________________________________________________

    ▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait
    ______________________________________________________

    ▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien :

    Lien XP

    Lien Vista

    Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Quelques conseils et recommandations pour l'avenir :

    ▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC.
    ▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser.
    * Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise))
    _____________

    ▶ Pour bien protéger ton PC :
    [1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)]

    Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT
    Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT

    PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect....
    Les virus utilisent les failles de ton PC pour infecter un système

    dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens :

    Desinstaller Avast
    Desinstaller BitDefender
    Desinstaller Norton
    Desinstaller Kaspersky
    Desinstaller AVG

    ou tout en un :

    Désinstallation Antivirus , Parefeu , Antispyware
    _____________

    Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC)
    ___________

    Si tu as Spybot S&D et que nous avons desactive le "Tea-timer" tu peux le réactiver
    ___________

    si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché"

    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Décoche Afficher les fichiers et dossiers cachés
    * - coche Masquer les extensions des fichiers dont le type est connu
    * - coche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.
    ____________

    Voila,

    Bonne lecture, à bientot , une fois tout ceci fait,

    tu peux mettre le topic en resolu

    Bonne continuation et surtout , prudence et bon surf :)

    0
  13. waerbenn
     
    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\HelpAssistant\Bureau\catchme.zip: trouvé !
    C:\Documents and Settings\HelpAssistant\Bureau\gmer\Gmer.exe: trouvé !
    C:\Program Files\List_Kill'em\catchme.exe: trouvé !
    C:\Program Files\List_Kill'em\mbr.log: trouvé !
    C:\Program Files\List_Kill'em\mbr.exe: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\WINDOWS\mbr.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\HelpAssistant\Bureau\gmer\Gmer.exe: supprimé !
    C:\Program Files\List_Kill'em\catchme.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Documents and Settings\HelpAssistant\Bureau\catchme.zip: supprimé !
    C:\Program Files\List_Kill'em\mbr.log: supprimé !
    C:\Program Files\List_Kill'em\mbr.exe: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\WINDOWS\mbr.exe: supprimé !
    C:\Qoobox: supprimé !

    Fichiers temporaires nettoyés !
    Corbeille vidée!
    0
  14. waerbenn
     
    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Fri May 07 13:52:18 2010

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: Software\JavaSoft\Java2D\1.6.0_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

    ------------------------------------

    Finished reporting.
    0
  15. waerbenn
     
    bon voila j'ai tout appliqué......
    Vraiment merci beaucoup pour ton aide !!!!
    0
    1. waerbenn
       
      resolu !
      0
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5