A voir également:
- Security master AV
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Easeus partition master - Télécharger - Stockage
- Ai security avis - Forum Mobile
- Av out ✓ - Forum TV & Vidéo
- Av adapter tcl - Forum Téléviseurs
123 réponses
le rapport
http://www.cijoint.fr/cjlink.php?file=cj201007/cijGQyzMqJ.doc
et pour more txt
http://www.cijoint.fr/cjlink.php?file=cj201007/cijTSfyzdF.txt
http://www.cijoint.fr/cjlink.php?file=cj201007/cijGQyzMqJ.doc
et pour more txt
http://www.cijoint.fr/cjlink.php?file=cj201007/cijTSfyzdF.txt
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\Program Files\Internet Explorer\IEShims.dll
C:\Windows\System32\obase.exe
C:\Windows\System32\odumo.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\Program Files\Internet Explorer\IEShims.dll
C:\Windows\System32\obase.exe
C:\Windows\System32\odumo.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Fichier IEShims.dll reçu le 2010.07.16 19:05:39 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 197632 bytes
MD5...: 284d1d7a19a0f502b4579b295bfbcfc7
SHA1..: 2fbc188646ba67ce6afe00c682eee251a8b77f3f
SHA256: 7f7d0262548b6cacf66e98de93ecfc9674274ffbbc3c538b9451810185e57e5b
ssdeep: 3072:VIJSDa5bzSknMCzGzUd96HjzoFO0Hu9BVbUeT33RJovihMCF:KJSDmPNTUj<BR>zoFJHu9BuUnW8r<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1532<BR>timedatestamp.....: 0x4bdfb706 (Tue May 04 05:56:22 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2b314 0x2b400 6.38 5c3f20e503636b687ec3d03f023147b8<BR>.data 0x2d000 0xe98 0xe00 1.41 55b907aa5c4d6c15777e6345c5ffd78d<BR>.rsrc 0x2e000 0x438 0x600 2.58 e3edc0a4b2285384b9eba515c1881dda<BR>.reloc 0x2f000 0x3604 0x3800 6.73 0750c2e768a173de7e08975e61f6e1aa<BR><BR>( 10 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, fclose, _wfopen, fputws, calloc, wcsncmp, _vscwprintf, _wcslwr, __1type_info@@UAE@XZ, free, _except_handler4_common, _terminate@@YAXXZ, memmove, _CxxThrowException, _unlock, __dllonexit, _lock, _onexit, wcsspn, memcpy, memset, realloc, __CxxFrameHandler3, malloc, _wcsnicmp, iswspace, towlower, wcstok, wcsstr, wcsrchr, wcspbrk, wcschr, _vsnwprintf, _wcsicmp, iswctype<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryObject<BR>> KERNEL32.dll: LoadLibraryW, InitializeCriticalSection, EnterCriticalSection, EncodePointer, FindFirstFileW, CreateMutexW, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, QueryDosDeviceW, GetLogicalDriveStringsW, OpenProcess, WaitForSingleObject, TerminateProcess, FindNextFileW, FindClose, DecodePointer, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, OutputDebugStringW, OutputDebugStringA, GetModuleHandleA, VirtualProtect, SetEnvironmentVariableW, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpiW, CopyFileW, CreateDirectoryW, GetFileInformationByHandle, DeviceIoControl, GetCurrentThreadId, GetFileAttributesW, SearchPathW, SetLastError, LocalAlloc, GetModuleFileNameW, VirtualQuery, LocalFree, GetCurrentDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, InterlockedDecrement, HeapAlloc, InterlockedIncrement, GetLongPathNameW, GetFullPathNameW, ExpandEnvironmentStringsW, GetSystemDirectoryW, GetWindowsDirectoryW, GetEnvironmentVariableW, GetModuleHandleExW, GetCurrentProcessId, GetLastError, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, CloseHandle, WaitForSingleObjectEx, OpenEventW, InitializeProcThreadAttributeList, DeleteProcThreadAttributeList, GetProcessId, CreateFileW, GetFileSizeEx, SetFileAttributesW<BR>> SHLWAPI.dll: PathFindFileNameW, StrDupW, PathSkipRootW, -, -, -, -, -, SHRegGetValueW, PathIsUNCW, PathGetArgsW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, StringFromGUID2, CoUninitialize, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> ADVAPI32.dll: RegCloseKey, RegQueryValueW, RegOpenKeyExW, DecryptFileW, EncryptFileW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegCreateKeyExW<BR>> iertutil.dll: -, -, -, -, -<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW<BR>> USER32.dll: GetClassNameW, GetForegroundWindow, GetWindowThreadProcessId, GetPropW, AllowSetForegroundWindow, GetGUIThreadInfo<BR><BR>( 8 exports ) <BR>AcRedirNotify, AcRedirNotifySetEnabled, AcRedirSetEnabled, IEShims_GetOriginatingThreadId, IEShims_InDllMainContext, IEShims_Initialize, IEShims_SetRedirectRegistryForThread, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims<BR>original name: ieshims.dll<BR>internal name: ieshims.dll<BR>file version.: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 197632 bytes
MD5...: 284d1d7a19a0f502b4579b295bfbcfc7
SHA1..: 2fbc188646ba67ce6afe00c682eee251a8b77f3f
SHA256: 7f7d0262548b6cacf66e98de93ecfc9674274ffbbc3c538b9451810185e57e5b
ssdeep: 3072:VIJSDa5bzSknMCzGzUd96HjzoFO0Hu9BVbUeT33RJovihMCF:KJSDmPNTUj<BR>zoFJHu9BuUnW8r<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1532<BR>timedatestamp.....: 0x4bdfb706 (Tue May 04 05:56:22 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2b314 0x2b400 6.38 5c3f20e503636b687ec3d03f023147b8<BR>.data 0x2d000 0xe98 0xe00 1.41 55b907aa5c4d6c15777e6345c5ffd78d<BR>.rsrc 0x2e000 0x438 0x600 2.58 e3edc0a4b2285384b9eba515c1881dda<BR>.reloc 0x2f000 0x3604 0x3800 6.73 0750c2e768a173de7e08975e61f6e1aa<BR><BR>( 10 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, fclose, _wfopen, fputws, calloc, wcsncmp, _vscwprintf, _wcslwr, __1type_info@@UAE@XZ, free, _except_handler4_common, _terminate@@YAXXZ, memmove, _CxxThrowException, _unlock, __dllonexit, _lock, _onexit, wcsspn, memcpy, memset, realloc, __CxxFrameHandler3, malloc, _wcsnicmp, iswspace, towlower, wcstok, wcsstr, wcsrchr, wcspbrk, wcschr, _vsnwprintf, _wcsicmp, iswctype<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryObject<BR>> KERNEL32.dll: LoadLibraryW, InitializeCriticalSection, EnterCriticalSection, EncodePointer, FindFirstFileW, CreateMutexW, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, QueryDosDeviceW, GetLogicalDriveStringsW, OpenProcess, WaitForSingleObject, TerminateProcess, FindNextFileW, FindClose, DecodePointer, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, OutputDebugStringW, OutputDebugStringA, GetModuleHandleA, VirtualProtect, SetEnvironmentVariableW, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpiW, CopyFileW, CreateDirectoryW, GetFileInformationByHandle, DeviceIoControl, GetCurrentThreadId, GetFileAttributesW, SearchPathW, SetLastError, LocalAlloc, GetModuleFileNameW, VirtualQuery, LocalFree, GetCurrentDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, InterlockedDecrement, HeapAlloc, InterlockedIncrement, GetLongPathNameW, GetFullPathNameW, ExpandEnvironmentStringsW, GetSystemDirectoryW, GetWindowsDirectoryW, GetEnvironmentVariableW, GetModuleHandleExW, GetCurrentProcessId, GetLastError, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, CloseHandle, WaitForSingleObjectEx, OpenEventW, InitializeProcThreadAttributeList, DeleteProcThreadAttributeList, GetProcessId, CreateFileW, GetFileSizeEx, SetFileAttributesW<BR>> SHLWAPI.dll: PathFindFileNameW, StrDupW, PathSkipRootW, -, -, -, -, -, SHRegGetValueW, PathIsUNCW, PathGetArgsW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, StringFromGUID2, CoUninitialize, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> ADVAPI32.dll: RegCloseKey, RegQueryValueW, RegOpenKeyExW, DecryptFileW, EncryptFileW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegCreateKeyExW<BR>> iertutil.dll: -, -, -, -, -<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW<BR>> USER32.dll: GetClassNameW, GetForegroundWindow, GetWindowThreadProcessId, GetPropW, AllowSetForegroundWindow, GetGUIThreadInfo<BR><BR>( 8 exports ) <BR>AcRedirNotify, AcRedirNotifySetEnabled, AcRedirSetEnabled, IEShims_GetOriginatingThreadId, IEShims_InDllMainContext, IEShims_Initialize, IEShims_SetRedirectRegistryForThread, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims<BR>original name: ieshims.dll<BR>internal name: ieshims.dll<BR>file version.: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 197632 bytes
MD5...: 284d1d7a19a0f502b4579b295bfbcfc7
SHA1..: 2fbc188646ba67ce6afe00c682eee251a8b77f3f
SHA256: 7f7d0262548b6cacf66e98de93ecfc9674274ffbbc3c538b9451810185e57e5b
ssdeep: 3072:VIJSDa5bzSknMCzGzUd96HjzoFO0Hu9BVbUeT33RJovihMCF:KJSDmPNTUj<BR>zoFJHu9BuUnW8r<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1532<BR>timedatestamp.....: 0x4bdfb706 (Tue May 04 05:56:22 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2b314 0x2b400 6.38 5c3f20e503636b687ec3d03f023147b8<BR>.data 0x2d000 0xe98 0xe00 1.41 55b907aa5c4d6c15777e6345c5ffd78d<BR>.rsrc 0x2e000 0x438 0x600 2.58 e3edc0a4b2285384b9eba515c1881dda<BR>.reloc 0x2f000 0x3604 0x3800 6.73 0750c2e768a173de7e08975e61f6e1aa<BR><BR>( 10 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, fclose, _wfopen, fputws, calloc, wcsncmp, _vscwprintf, _wcslwr, __1type_info@@UAE@XZ, free, _except_handler4_common, _terminate@@YAXXZ, memmove, _CxxThrowException, _unlock, __dllonexit, _lock, _onexit, wcsspn, memcpy, memset, realloc, __CxxFrameHandler3, malloc, _wcsnicmp, iswspace, towlower, wcstok, wcsstr, wcsrchr, wcspbrk, wcschr, _vsnwprintf, _wcsicmp, iswctype<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryObject<BR>> KERNEL32.dll: LoadLibraryW, InitializeCriticalSection, EnterCriticalSection, EncodePointer, FindFirstFileW, CreateMutexW, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, QueryDosDeviceW, GetLogicalDriveStringsW, OpenProcess, WaitForSingleObject, TerminateProcess, FindNextFileW, FindClose, DecodePointer, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, OutputDebugStringW, OutputDebugStringA, GetModuleHandleA, VirtualProtect, SetEnvironmentVariableW, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpiW, CopyFileW, CreateDirectoryW, GetFileInformationByHandle, DeviceIoControl, GetCurrentThreadId, GetFileAttributesW, SearchPathW, SetLastError, LocalAlloc, GetModuleFileNameW, VirtualQuery, LocalFree, GetCurrentDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, InterlockedDecrement, HeapAlloc, InterlockedIncrement, GetLongPathNameW, GetFullPathNameW, ExpandEnvironmentStringsW, GetSystemDirectoryW, GetWindowsDirectoryW, GetEnvironmentVariableW, GetModuleHandleExW, GetCurrentProcessId, GetLastError, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, CloseHandle, WaitForSingleObjectEx, OpenEventW, InitializeProcThreadAttributeList, DeleteProcThreadAttributeList, GetProcessId, CreateFileW, GetFileSizeEx, SetFileAttributesW<BR>> SHLWAPI.dll: PathFindFileNameW, StrDupW, PathSkipRootW, -, -, -, -, -, SHRegGetValueW, PathIsUNCW, PathGetArgsW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, StringFromGUID2, CoUninitialize, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> ADVAPI32.dll: RegCloseKey, RegQueryValueW, RegOpenKeyExW, DecryptFileW, EncryptFileW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegCreateKeyExW<BR>> iertutil.dll: -, -, -, -, -<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW<BR>> USER32.dll: GetClassNameW, GetForegroundWindow, GetWindowThreadProcessId, GetPropW, AllowSetForegroundWindow, GetGUIThreadInfo<BR><BR>( 8 exports ) <BR>AcRedirNotify, AcRedirNotifySetEnabled, AcRedirSetEnabled, IEShims_GetOriginatingThreadId, IEShims_InDllMainContext, IEShims_Initialize, IEShims_SetRedirectRegistryForThread, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims<BR>original name: ieshims.dll<BR>internal name: ieshims.dll<BR>file version.: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 197632 bytes
MD5...: 284d1d7a19a0f502b4579b295bfbcfc7
SHA1..: 2fbc188646ba67ce6afe00c682eee251a8b77f3f
SHA256: 7f7d0262548b6cacf66e98de93ecfc9674274ffbbc3c538b9451810185e57e5b
ssdeep: 3072:VIJSDa5bzSknMCzGzUd96HjzoFO0Hu9BVbUeT33RJovihMCF:KJSDmPNTUj<BR>zoFJHu9BuUnW8r<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1532<BR>timedatestamp.....: 0x4bdfb706 (Tue May 04 05:56:22 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2b314 0x2b400 6.38 5c3f20e503636b687ec3d03f023147b8<BR>.data 0x2d000 0xe98 0xe00 1.41 55b907aa5c4d6c15777e6345c5ffd78d<BR>.rsrc 0x2e000 0x438 0x600 2.58 e3edc0a4b2285384b9eba515c1881dda<BR>.reloc 0x2f000 0x3604 0x3800 6.73 0750c2e768a173de7e08975e61f6e1aa<BR><BR>( 10 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, fclose, _wfopen, fputws, calloc, wcsncmp, _vscwprintf, _wcslwr, __1type_info@@UAE@XZ, free, _except_handler4_common, _terminate@@YAXXZ, memmove, _CxxThrowException, _unlock, __dllonexit, _lock, _onexit, wcsspn, memcpy, memset, realloc, __CxxFrameHandler3, malloc, _wcsnicmp, iswspace, towlower, wcstok, wcsstr, wcsrchr, wcspbrk, wcschr, _vsnwprintf, _wcsicmp, iswctype<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryObject<BR>> KERNEL32.dll: LoadLibraryW, InitializeCriticalSection, EnterCriticalSection, EncodePointer, FindFirstFileW, CreateMutexW, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, QueryDosDeviceW, GetLogicalDriveStringsW, OpenProcess, WaitForSingleObject, TerminateProcess, FindNextFileW, FindClose, DecodePointer, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, Sleep, InterlockedExchange, OutputDebugStringW, OutputDebugStringA, GetModuleHandleA, VirtualProtect, SetEnvironmentVariableW, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpiW, CopyFileW, CreateDirectoryW, GetFileInformationByHandle, DeviceIoControl, GetCurrentThreadId, GetFileAttributesW, SearchPathW, SetLastError, LocalAlloc, GetModuleFileNameW, VirtualQuery, LocalFree, GetCurrentDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, FreeLibrary, GetProcAddress, HeapFree, GetProcessHeap, InterlockedDecrement, HeapAlloc, InterlockedIncrement, GetLongPathNameW, GetFullPathNameW, ExpandEnvironmentStringsW, GetSystemDirectoryW, GetWindowsDirectoryW, GetEnvironmentVariableW, GetModuleHandleExW, GetCurrentProcessId, GetLastError, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, CloseHandle, WaitForSingleObjectEx, OpenEventW, InitializeProcThreadAttributeList, DeleteProcThreadAttributeList, GetProcessId, CreateFileW, GetFileSizeEx, SetFileAttributesW<BR>> SHLWAPI.dll: PathFindFileNameW, StrDupW, PathSkipRootW, -, -, -, -, -, SHRegGetValueW, PathIsUNCW, PathGetArgsW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, StringFromGUID2, CoUninitialize, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> ADVAPI32.dll: RegCloseKey, RegQueryValueW, RegOpenKeyExW, DecryptFileW, EncryptFileW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegCreateKeyExW<BR>> iertutil.dll: -, -, -, -, -<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW<BR>> USER32.dll: GetClassNameW, GetForegroundWindow, GetWindowThreadProcessId, GetPropW, AllowSetForegroundWindow, GetGUIThreadInfo<BR><BR>( 8 exports ) <BR>AcRedirNotify, AcRedirNotifySetEnabled, AcRedirSetEnabled, IEShims_GetOriginatingThreadId, IEShims_InDllMainContext, IEShims_Initialize, IEShims_SetRedirectRegistryForThread, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims<BR>original name: ieshims.dll<BR>internal name: ieshims.dll<BR>file version.: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fichier obase.exe reçu le 2010.07.16 19:07:00 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 53596 bytes
MD5...: c9ffabd9d843e235f428f4d4442ae431
SHA1..: dbac610fc6585cc23d31191e5cd87f64171ce403
SHA256: fd76d5a37a0690446be93b749c65dab186bea3af778f766aaf50e956022ec5cf
ssdeep: 1536:5qPqXEX1uway8T9z1N2RwA3Ex6Pozr05XxT:Ra9aRp1Nbhx6PAr05t<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 53596 bytes
MD5...: c9ffabd9d843e235f428f4d4442ae431
SHA1..: dbac610fc6585cc23d31191e5cd87f64171ce403
SHA256: fd76d5a37a0690446be93b749c65dab186bea3af778f766aaf50e956022ec5cf
ssdeep: 1536:5qPqXEX1uway8T9z1N2RwA3Ex6Pozr05XxT:Ra9aRp1Nbhx6PAr05t<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 53596 bytes
MD5...: c9ffabd9d843e235f428f4d4442ae431
SHA1..: dbac610fc6585cc23d31191e5cd87f64171ce403
SHA256: fd76d5a37a0690446be93b749c65dab186bea3af778f766aaf50e956022ec5cf
ssdeep: 1536:5qPqXEX1uway8T9z1N2RwA3Ex6Pozr05XxT:Ra9aRp1Nbhx6PAr05t<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 53596 bytes
MD5...: c9ffabd9d843e235f428f4d4442ae431
SHA1..: dbac610fc6585cc23d31191e5cd87f64171ce403
SHA256: fd76d5a37a0690446be93b749c65dab186bea3af778f766aaf50e956022ec5cf
ssdeep: 1536:5qPqXEX1uway8T9z1N2RwA3Ex6Pozr05XxT:Ra9aRp1Nbhx6PAr05t<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Fichier odumo.exe reçu le 2010.07.16 19:10:23 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 51399 bytes
MD5...: 597bc6d96d9e1476031d6c38c978fe07
SHA1..: c52ca6f65bf2db179f6391765049bb8b8f2b5780
SHA256: 56bf99c67c05ffa0efbfaf5406607464561b40365b677b9b1a3e6aaf7b13ea1d
ssdeep: 768:7FqPqXE0DHe1yf4xtwy80o/1qxPxq3lNEhnlXwy2wdVW+ExT8VpFlOUhbWuA<BR>:5qPqXEX1uway8T9z1N2RwA3ExKpz3wuA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 51399 bytes
MD5...: 597bc6d96d9e1476031d6c38c978fe07
SHA1..: c52ca6f65bf2db179f6391765049bb8b8f2b5780
SHA256: 56bf99c67c05ffa0efbfaf5406607464561b40365b677b9b1a3e6aaf7b13ea1d
ssdeep: 768:7FqPqXE0DHe1yf4xtwy80o/1qxPxq3lNEhnlXwy2wdVW+ExT8VpFlOUhbWuA<BR>:5qPqXEX1uway8T9z1N2RwA3ExKpz3wuA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 51399 bytes
MD5...: 597bc6d96d9e1476031d6c38c978fe07
SHA1..: c52ca6f65bf2db179f6391765049bb8b8f2b5780
SHA256: 56bf99c67c05ffa0efbfaf5406607464561b40365b677b9b1a3e6aaf7b13ea1d
ssdeep: 768:7FqPqXE0DHe1yf4xtwy80o/1qxPxq3lNEhnlXwy2wdVW+ExT8VpFlOUhbWuA<BR>:5qPqXEX1uway8T9z1N2RwA3ExKpz3wuA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.16.00 2010.07.15 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 -
Avast5 5.0.332.0 2010.07.16 -
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.16 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5450 2010.07.16 -
DrWeb 5.0.2.03300 2010.07.16 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.16 -
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.16 -
McAfee 5.400.0.1158 2010.07.16 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 -
PCTools 7.0.3.5 2010.07.16 -
Prevx 3.0 2010.07.16 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.16 -
Sunbelt 6593 2010.07.16 -
SUPERAntiSpyware 4.40.0.1006 2010.07.16 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 Backdoor/Bifrose.abkm
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.16 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 -
Information additionnelle
File size: 51399 bytes
MD5...: 597bc6d96d9e1476031d6c38c978fe07
SHA1..: c52ca6f65bf2db179f6391765049bb8b8f2b5780
SHA256: 56bf99c67c05ffa0efbfaf5406607464561b40365b677b9b1a3e6aaf7b13ea1d
ssdeep: 768:7FqPqXE0DHe1yf4xtwy80o/1qxPxq3lNEhnlXwy2wdVW+ExT8VpFlOUhbWuA<BR>:5qPqXEX1uway8T9z1N2RwA3ExKpz3wuA<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x82d0<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x73bc 0x7400 6.60 98d0c444ab8da714c38e34ab258227e3<BR>DATA 0x9000 0x284 0x400 3.03 db4547fda3fbb10377d34dca8defabd2<BR>BSS 0xa000 0x81d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xb000 0x970 0xa00 4.44 8636cbe19d7da7da2c9d96628e295343<BR>.tls 0xc000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xd000 0x18 0x200 0.20 14868041314619a289c5c349b2dab0a2<BR>.reloc 0xe000 0x7e0 0x800 6.61 b4d0e39556fa5db5646978bc6146c0f2<BR>.rsrc 0xf000 0xc00 0xc00 3.86 43326f218f8e77eaffb5bf38ee611e05<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, CreateDirectoryA, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantClear<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WinExec, SetFileTime, SetFilePointer, SetCurrentDirectoryA, ReadFile, LocalFileTimeToFileTime, GetVersionExA, GetTempPathA, GetShortPathNameA, GetFileSize, GetFileAttributesA, GetCurrentDirectoryA, FindFirstFileA, FindClose, DosDateTimeToFileTime, CreateFileA, CloseHandle<BR>> user32.dll: TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetFocus, SetDlgItemTextA, SetClassLongA, SendMessageA, ScreenToClient, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, IsWindowVisible, IsWindowEnabled, GetWindowRect, GetSystemMetrics, GetDlgItemTextA, GetDlgItem, GetClassNameA, EnumChildWindows, EndDialog, EnableWindow, DispatchMessageA, DialogBoxParamA, DestroyWindow, DefDlgProcA, CreateWindowExA<BR>> shell32.dll: ShellExecuteA<BR>> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%)
packers (F-Prot): ZIP
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Pour la dernière partie, relance de list kill'em clean
il est écrit : opération réussie le client ne dispose pas d'un privilège nécessaire
j'attends qd meme?
il est écrit : opération réussie le client ne dispose pas d'un privilège nécessaire
j'attends qd meme?
C:\Windows\System32\obase.exe
C:\Windows\System32\odumo.exe
==>> poubelle
ensuite tu n'as pas du le lancer avec le clic droit "executer en tant que......."
C:\Windows\System32\odumo.exe
==>> poubelle
ensuite tu n'as pas du le lancer avec le clic droit "executer en tant que......."
c'est fait ! ca travaille
pour la relance de list kill'em clean , j'avais effectivement oublier d'exécuter en tant que... quelle truffe !
pour la relance de list kill'em clean , j'avais effectivement oublier d'exécuter en tant que... quelle truffe !
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? colle le contenu dans ta reponse
? colle le contenu dans ta reponse
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.1.8 ¤¤¤¤¤¤¤¤¤¤
User : François (Administrateurs)
Update on 13/07/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 22:12:41 | 16/07/2010
AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18928
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 290,92 Go (209,91 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 7,17 Go (818,79 Mo free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\Windows\System32\smss.exe----604 Ko
C:\Windows\system32\csrss.exe----3672 Ko
C:\Windows\system32\wininit.exe----3492 Ko
C:\Windows\system32\csrss.exe----11136 Ko
C:\Windows\system32\services.exe----6680 Ko
C:\Windows\system32\lsass.exe----4104 Ko
C:\Windows\system32\lsm.exe----3396 Ko
C:\Windows\system32\winlogon.exe----4872 Ko
C:\Windows\system32\svchost.exe----5044 Ko
C:\Windows\system32\nvvsvc.exe----2992 Ko
C:\Windows\system32\svchost.exe----4740 Ko
C:\Windows\System32\svchost.exe----24420 Ko
C:\Windows\system32\LogonUI.exe----19036 Ko
C:\Windows\System32\svchost.exe----9408 Ko
C:\Windows\System32\svchost.exe----44572 Ko
C:\Windows\system32\svchost.exe----22684 Ko
C:\Windows\system32\svchost.exe----4096 Ko
C:\Windows\system32\SLsvc.exe----4064 Ko
C:\Windows\system32\svchost.exe----9048 Ko
C:\Windows\system32\nvvsvc.exe----5928 Ko
C:\Windows\system32\svchost.exe----11004 Ko
C:\Windows\System32\spoolsv.exe----9460 Ko
C:\Windows\system32\svchost.exe----8144 Ko
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe----3076 Ko
C:\Program Files\Bonjour\mDNSResponder.exe----4292 Ko
C:\Windows\system32\svchost.exe----2776 Ko
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe----2268 Ko
C:\Windows\system32\ezNTSvc.exe----3540 Ko
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe----2484 Ko
C:\Windows\system32\svchost.exe----6740 Ko
c:\Program Files\Common Files\LightScribe\LSSrvc.exe----3100 Ko
C:\Windows\System32\svchost.exe----2536 Ko
C:\Program Files\Controle Parental\bin\optproxy.exe----115944 Ko
C:\Windows\System32\svchost.exe----2408 Ko
C:\Windows\system32\svchost.exe----3756 Ko
C:\Windows\system32\svchost.exe----6004 Ko
C:\Windows\System32\svchost.exe----2028 Ko
C:\Windows\system32\SearchIndexer.exe----5612 Ko
C:\Windows\system32\taskeng.exe----5396 Ko
C:\Windows\system32\WUDFHost.exe----4092 Ko
C:\Windows\system32\svchost.exe----7080 Ko
C:\Windows\system32\wbem\wmiprvse.exe----5456 Ko
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe----8800 Ko
C:\Windows\system32\DllHost.exe----0 Ko
C:\Windows\system32\userinit.exe----3148 Ko
C:\Windows\system32\taskeng.exe----9376 Ko
C:\Windows\system32\Dwm.exe----3544 Ko
C:\Windows\Explorer.EXE----6080 Ko
C:\Windows\system32\runonce.exe----4520 Ko
C:\Windows\system32\cmd.exe----2628 Ko
C:\Windows\system32\conime.exe----3032 Ko
C:\Windows\system32\wbem\wmiprvse.exe----8596 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE----4820 Ko
C:\Program Files\List_Kill'em\pv.exe----5692 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\ProgramData\nvModes.001
Quarantined & Deleted !! : C:\ProgramData\nvModes.dat
Quarantined & Deleted !! : C:\Windows\DUMP33bc.tmp
Quarantined & Deleted !! : C:\Windows\system32\AbaleZip.dll
Quarantined & Deleted !! : C:\Windows\System32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Roaming\SystemProc
Quarantined & Deleted !! : C:\Users\Fran#ois\Local Settings\Temp\434.tmp
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : rthdbpl
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : François (Administrateurs)
Update on 13/07/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 22:12:41 | 16/07/2010
AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18928
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 290,92 Go (209,91 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 7,17 Go (818,79 Mo free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\Windows\System32\smss.exe----604 Ko
C:\Windows\system32\csrss.exe----3672 Ko
C:\Windows\system32\wininit.exe----3492 Ko
C:\Windows\system32\csrss.exe----11136 Ko
C:\Windows\system32\services.exe----6680 Ko
C:\Windows\system32\lsass.exe----4104 Ko
C:\Windows\system32\lsm.exe----3396 Ko
C:\Windows\system32\winlogon.exe----4872 Ko
C:\Windows\system32\svchost.exe----5044 Ko
C:\Windows\system32\nvvsvc.exe----2992 Ko
C:\Windows\system32\svchost.exe----4740 Ko
C:\Windows\System32\svchost.exe----24420 Ko
C:\Windows\system32\LogonUI.exe----19036 Ko
C:\Windows\System32\svchost.exe----9408 Ko
C:\Windows\System32\svchost.exe----44572 Ko
C:\Windows\system32\svchost.exe----22684 Ko
C:\Windows\system32\svchost.exe----4096 Ko
C:\Windows\system32\SLsvc.exe----4064 Ko
C:\Windows\system32\svchost.exe----9048 Ko
C:\Windows\system32\nvvsvc.exe----5928 Ko
C:\Windows\system32\svchost.exe----11004 Ko
C:\Windows\System32\spoolsv.exe----9460 Ko
C:\Windows\system32\svchost.exe----8144 Ko
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe----3076 Ko
C:\Program Files\Bonjour\mDNSResponder.exe----4292 Ko
C:\Windows\system32\svchost.exe----2776 Ko
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe----2268 Ko
C:\Windows\system32\ezNTSvc.exe----3540 Ko
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe----2484 Ko
C:\Windows\system32\svchost.exe----6740 Ko
c:\Program Files\Common Files\LightScribe\LSSrvc.exe----3100 Ko
C:\Windows\System32\svchost.exe----2536 Ko
C:\Program Files\Controle Parental\bin\optproxy.exe----115944 Ko
C:\Windows\System32\svchost.exe----2408 Ko
C:\Windows\system32\svchost.exe----3756 Ko
C:\Windows\system32\svchost.exe----6004 Ko
C:\Windows\System32\svchost.exe----2028 Ko
C:\Windows\system32\SearchIndexer.exe----5612 Ko
C:\Windows\system32\taskeng.exe----5396 Ko
C:\Windows\system32\WUDFHost.exe----4092 Ko
C:\Windows\system32\svchost.exe----7080 Ko
C:\Windows\system32\wbem\wmiprvse.exe----5456 Ko
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe----8800 Ko
C:\Windows\system32\DllHost.exe----0 Ko
C:\Windows\system32\userinit.exe----3148 Ko
C:\Windows\system32\taskeng.exe----9376 Ko
C:\Windows\system32\Dwm.exe----3544 Ko
C:\Windows\Explorer.EXE----6080 Ko
C:\Windows\system32\runonce.exe----4520 Ko
C:\Windows\system32\cmd.exe----2628 Ko
C:\Windows\system32\conime.exe----3032 Ko
C:\Windows\system32\wbem\wmiprvse.exe----8596 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE----4820 Ko
C:\Program Files\List_Kill'em\pv.exe----5692 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\ProgramData\nvModes.001
Quarantined & Deleted !! : C:\ProgramData\nvModes.dat
Quarantined & Deleted !! : C:\Windows\DUMP33bc.tmp
Quarantined & Deleted !! : C:\Windows\system32\AbaleZip.dll
Quarantined & Deleted !! : C:\Windows\System32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Fran#ois\AppData\Roaming\SystemProc
Quarantined & Deleted !! : C:\Users\Fran#ois\Local Settings\Temp\434.tmp
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : rthdbpl
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
cest fait
Question: poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
je vois effectivement sur le bureau et dans l'onglet rapport/log le rapport en question. Que signifie ici poster ? apparement il ne me reste qu'à redémarrer ?
Question: poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
je vois effectivement sur le bureau et dans l'onglet rapport/log le rapport en question. Que signifie ici poster ? apparement il ne me reste qu'à redémarrer ?
Que signifie poster ?
J'ai le rapport, il est sur le bureau et j'ai cliqué sur "rapport/log" il y est ausi. je dois donc redémarrer et c'est tout ?
J'ai le rapport, il est sur le bureau et j'ai cliqué sur "rapport/log" il y est ausi. je dois donc redémarrer et c'est tout ?
