Onglet intempestifs

Résolu
Noch -  
 gen-hackman -
Bonjour,

En surfant un peu vite, je suis allé sur un site qui a ouvert et de suite fermé une fenêtre.
Donc ca vient de là.

Depuis, j'ai un onglet qui s'ouvre régulièrement.
Parfois, il s'agit d'un lien directement lié à ce qui est écrit dans ma barre de recherche Google, a droite de la barre d'adresse ...
J'ai eu le "Generic host process for Win 32 services" qui s'est mis à planter.
Une fois planter, je ne pouvais plus lancer aucun *.exe
J'ai aussi le débugueur qui se lance sans cesse (VS7JIT.exe), j'ai beau dire que non, je ne veux pas débuguer. Il revient.

J'ai téléchargé et exécuté CCleaner.
J'ai téléchargé et exécuté Malwarebytes' Anti-Malware.
J'ai téléchargé et exécuté AVG Free 9.0 mis à jour encore ce matin même.
J'ai donc déjà fait un peu de ménage.

Aujourd'hui, le Generic Host ne plante plus, j'ai desactivé le MDM.exe qui devait lancer le débugueur (ca ne résoud pas le pb du virus sous-jacent) et il me reste des onglets intempestifs.
A l'instant, Apres une recherche google, je clique sur un lien menant sur "commentcamarche", je me suis fait rediriger vers un site malveillant.
En copiant et collant le lien, je tombe bien sur ce que je cherchais ...

63 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une infection par malware sur Windows XP entraîne des redirections après une visite suspecte et l’ouverture d’onglets, avec des plantages du Generic Host et des indices de rootkit qui font lancer le débogueur. Des mesures de désinfection ont été entreprises, incluant des scans anti-malware et un nettoyage approfondi, puis la mise à jour des composants critiques comme Java et Adobe Reader pour combler les failles de sécurité. En cas de persistance, il est préconisé d’activer un pare-feu et de vérifier les extensions du navigateur, puis de limiter les téléchargements non fiables et de surveiller les comportements suspects jusqu’à résolution complète.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Noch
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:45:43, on 06/08/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17055)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\NetLimiter\nlsvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NetLimiter\NLClient.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\PrintKey\Printkey 2000 Fr.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/meteo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey\Printkey 2000 Fr.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter\nlsvc.exe
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    
    --
    End of file - 7635 bytes
    
    0
  2. gen-hackman
     
    salut :

    tu peux nous remettre le rapport de malwarebytes stp ?
    0
    1. Noch
       
      Voila le rapport que j'ai. Il a 2 semaines, c'est ce que j'ai eu qd j'ai passé le scan la première fois. Je peux en relancer un si tu veux.

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4354

      Windows 5.1.2600 Service Pack 2
      Internet Explorer 7.0.5730.13

      26/07/2010 21:36:26
      mbam-log-2010-07-26 (21-36-26).txt

      Type d'examen: Examen complet (C:\|D:\|)
      Elément(s) analysé(s): 19838
      Temps écoulé: 11 minute(s), 35 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setupupdate70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Fred\Application Data\F3898E87327CBE398D4EE5E2B7E7809D\setupupdate70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Fred\Application Data\ogix.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      0
  3. gen-hackman
     
    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ▶ Télécharge ici :List_Kill'em

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    ♦ Executer List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    ▶ laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶ Fais de même avec more.txt qui se trouve sur ton bureau
    0
    1. Noch
       
      merci, je fais ca !
      0
  4. gen-hackman
     
    ok
    0
    1. Noch
       
      J'ai lancé la recherche ... l'outil semble ne rien faire ?
      Est ce normal ?

      edit : c'est bon, le scan est en cours.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Noch
     
    voici les rapports :
    http://www.cijoint.fr/cjlink.php?file=cj201008/cijZUE0WVr.txt
    http://www.cijoint.fr/cjlink.php?file=cj201008/cijAGXJved.txt
    0
  7. gen-hackman
     
    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    c:\windows\system32\drivers\alcxeq.dat
    c:\windows\system32\drivers\alcxhweq.dat
    C:\WINDOWS\System32\avantd.exe
    C:\WINDOWS\System32\CreateReg.exe
    C:\WINDOWS\System32\installs.exe
    C:\WINDOWS\System32\lmtools.exe
    C:\WINDOWS\System32\nuvyuv.dll


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

    ensuite :

    ▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'Option Clean

    ton PC va redemarrer,

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta reponse
    0
  8. Noch
     
    Fichier alcxeq.dat reçu le 2010.08.06 16:46:57 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 176 bytes
    MD5...: 81e032386b46908da863f1575f3bf8eb
    SHA1..: dd0f03e126501975d0122cdcce24cf03504bd4f7
    SHA256: 7cbed99f4147d2f66482e6ec8a64807be1b9191a36fcf2ce3fe27e4d9573c67f
    ssdeep: 3:bqEGlEl2maJs6hl+llAH9lvsl8ZaF3l/KstKkl+azasdlkkMo2Jt/k/lJn/k/p<br>lR:bqEG/mis6qodxE8k7tKklT2sdAo2jst+<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 176 bytes
    MD5...: 81e032386b46908da863f1575f3bf8eb
    SHA1..: dd0f03e126501975d0122cdcce24cf03504bd4f7
    SHA256: 7cbed99f4147d2f66482e6ec8a64807be1b9191a36fcf2ce3fe27e4d9573c67f
    ssdeep: 3:bqEGlEl2maJs6hl+llAH9lvsl8ZaF3l/KstKkl+azasdlkkMo2Jt/k/lJn/k/p<br>lR:bqEG/mis6qodxE8k7tKklT2sdAo2jst+<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  9. Noch
     
    Fichier alcxhweq.dat reçu le 2010.08.06 16:50:15 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 176 bytes
    MD5...: 46af6a1bc90a6aa73af7ba833961573b
    SHA1..: 8e35c47cd6ceac584e9fdc585f8233e31e5cf038
    SHA256: 1306a537e677793df979f9be53365fdd84514582d1f7a90a3f3d99e57eaac251
    ssdeep: 3:bqE/l8kRTlkvvl+l/qf2fau//GNl+lXpE1pzka9Xsy/lollA:bqEtBk3sl/qga<br>u//asl5EjzkmXR4G<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 176 bytes
    MD5...: 46af6a1bc90a6aa73af7ba833961573b
    SHA1..: 8e35c47cd6ceac584e9fdc585f8233e31e5cf038
    SHA256: 1306a537e677793df979f9be53365fdd84514582d1f7a90a3f3d99e57eaac251
    ssdeep: 3:bqE/l8kRTlkvvl+l/qf2fau//GNl+lXpE1pzka9Xsy/lollA:bqEtBk3sl/qga<br>u//asl5EjzkmXR4G<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  10. Noch
     
    Fichier avantd.exe reçu le 2010.08.06 16:55:40 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 716800 bytes
    MD5...: b441444d7da1ffa4c4cf6f5718aaa579
    SHA1..: b02a3facfdc615a2144282a4474542e0825254c0
    SHA256: 6d3bec3af5f4b1c8e295fe753dd31b330de066b527122e56980997a0e3060969
    ssdeep: 12288:WsQ4Upl6K24PZbwZ3Fnk3vGfPCiju38kINzB7DkhCvCY/Lv1MK/V8vzFoa<br>:WAUp02sZ1k3vGfP7C3QFBHfXDV<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5653b<br>timedatestamp.....: 0x3d5a8441 (Wed Aug 14 16:24:33 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x86686 0x87000 6.36 e8009970c6375783a6ac264c3bfb86ee<br>.rdata 0x88000 0x3304 0x4000 4.39 35ee91a22149e0d1458a23c2065bdfd8<br>.data 0x8c000 0x1c068 0x12000 5.40 4054d349d8f426f2e6889b1f171d7922<br>_TEXT_HA 0xa9000 0x108ca 0x11000 6.50 66f3ffffc3325931203c28b73f8638f7<br><br>( 6 imports ) <br>> KERNEL32.dll: GetProcessTimes, GetTickCount, ReleaseSemaphore, OpenSemaphoreA, CreateSemaphoreA, GetLastError, GetCurrentProcess, GetWindowsDirectoryA, GetVolumeInformationA, GetDriveTypeA, GlobalFree, GlobalAlloc, VirtualAlloc, VirtualFree, SetLastError, LoadLibraryA, FindClose, LocalFree, LocalAlloc, GetCurrentThread, CreateFileA, SetThreadPriority, ReadFile, WriteFile, DeviceIoControl, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileStringA, GetPrivateProfileIntA, DuplicateHandle, SetErrorMode, SetEvent, GetProcAddress, GetModuleHandleA, ResetEvent, CreateEventA, WaitForSingleObject, Sleep, FreeLibrary, CloseHandle, FindFirstFileA, FindNextFileA, GetVersionExA, UnhandledExceptionFilter, GetModuleFileNameA, SetFileTime, MoveFileA, UnlockFile, LockFile, SetConsoleTitleA, GetLocaleInfoW, SetEndOfFile, CompareStringW, FileTimeToLocalFileTime, CompareStringA, SetStdHandle, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetOEMCP, GetACP, GetCPInfo, HeapSize, SystemTimeToFileTime, GetVersion, LocalFileTimeToFileTime, SetFilePointer, SetCurrentDirectoryA, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, ResumeThread, CreateThread, TlsSetValue, ExitThread, TerminateProcess, EnterCriticalSection, LeaveCriticalSection, FileTimeToSystemTime, SetEnvironmentVariableW, CreateDirectoryA, GetFileAttributesA, DeleteFileA, GetCurrentProcessId, GetCurrentDirectoryA, GetFullPathNameA, TlsFree, SetEnvironmentVariableA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetCurrentThreadId, TlsAlloc, HeapReAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, RtlUnwind, InitializeCriticalSection, IsBadWritePtr, FatalAppExitA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers<br>> USER32.dll: GetDlgItem, GetParent, MoveWindow, ScreenToClient, ShowWindow, EnableWindow, GetWindowRect, MessageBoxA, SendMessageA, GetWindowLongA, MessageBeep, GetDlgItemTextA, SetDlgItemTextA, EndDialog, DialogBoxIndirectParamA, CreateDialogIndirectParamA, wsprintfA, GetClientRect, SetWindowTextA, GetActiveWindow, GetFocus<br>> NETAPI32.dll: Netbios<br>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegEnumKeyExA, RegEnumValueA<br>> comdlg32.dll: GetOpenFileNameA<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 716800 bytes
    MD5...: b441444d7da1ffa4c4cf6f5718aaa579
    SHA1..: b02a3facfdc615a2144282a4474542e0825254c0
    SHA256: 6d3bec3af5f4b1c8e295fe753dd31b330de066b527122e56980997a0e3060969
    ssdeep: 12288:WsQ4Upl6K24PZbwZ3Fnk3vGfPCiju38kINzB7DkhCvCY/Lv1MK/V8vzFoa<br>:WAUp02sZ1k3vGfP7C3QFBHfXDV<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5653b<br>timedatestamp.....: 0x3d5a8441 (Wed Aug 14 16:24:33 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x86686 0x87000 6.36 e8009970c6375783a6ac264c3bfb86ee<br>.rdata 0x88000 0x3304 0x4000 4.39 35ee91a22149e0d1458a23c2065bdfd8<br>.data 0x8c000 0x1c068 0x12000 5.40 4054d349d8f426f2e6889b1f171d7922<br>_TEXT_HA 0xa9000 0x108ca 0x11000 6.50 66f3ffffc3325931203c28b73f8638f7<br><br>( 6 imports ) <br>> KERNEL32.dll: GetProcessTimes, GetTickCount, ReleaseSemaphore, OpenSemaphoreA, CreateSemaphoreA, GetLastError, GetCurrentProcess, GetWindowsDirectoryA, GetVolumeInformationA, GetDriveTypeA, GlobalFree, GlobalAlloc, VirtualAlloc, VirtualFree, SetLastError, LoadLibraryA, FindClose, LocalFree, LocalAlloc, GetCurrentThread, CreateFileA, SetThreadPriority, ReadFile, WriteFile, DeviceIoControl, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileStringA, GetPrivateProfileIntA, DuplicateHandle, SetErrorMode, SetEvent, GetProcAddress, GetModuleHandleA, ResetEvent, CreateEventA, WaitForSingleObject, Sleep, FreeLibrary, CloseHandle, FindFirstFileA, FindNextFileA, GetVersionExA, UnhandledExceptionFilter, GetModuleFileNameA, SetFileTime, MoveFileA, UnlockFile, LockFile, SetConsoleTitleA, GetLocaleInfoW, SetEndOfFile, CompareStringW, FileTimeToLocalFileTime, CompareStringA, SetStdHandle, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetOEMCP, GetACP, GetCPInfo, HeapSize, SystemTimeToFileTime, GetVersion, LocalFileTimeToFileTime, SetFilePointer, SetCurrentDirectoryA, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, ResumeThread, CreateThread, TlsSetValue, ExitThread, TerminateProcess, EnterCriticalSection, LeaveCriticalSection, FileTimeToSystemTime, SetEnvironmentVariableW, CreateDirectoryA, GetFileAttributesA, DeleteFileA, GetCurrentProcessId, GetCurrentDirectoryA, GetFullPathNameA, TlsFree, SetEnvironmentVariableA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetCurrentThreadId, TlsAlloc, HeapReAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, RtlUnwind, InitializeCriticalSection, IsBadWritePtr, FatalAppExitA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers<br>> USER32.dll: GetDlgItem, GetParent, MoveWindow, ScreenToClient, ShowWindow, EnableWindow, GetWindowRect, MessageBoxA, SendMessageA, GetWindowLongA, MessageBeep, GetDlgItemTextA, SetDlgItemTextA, EndDialog, DialogBoxIndirectParamA, CreateDialogIndirectParamA, wsprintfA, GetClientRect, SetWindowTextA, GetActiveWindow, GetFocus<br>> NETAPI32.dll: Netbios<br>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegEnumKeyExA, RegEnumValueA<br>> comdlg32.dll: GetOpenFileNameA<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  11. Noch
     
    Fichier CreateReg.exe reçu le 2010.08.06 16:55:59 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 221184 bytes
    MD5...: de1a2134c7c77f469817b2ff8c9f7cb8
    SHA1..: cb230e6eadc246b24beb1845a4373ace05a64e63
    SHA256: e6a825d029feac0145b54363401a9fc3125dbefbb5ce944e06cfffd330b4b0a9
    ssdeep: 3072:5ArqxOQywpizKLGN3dCZVWKpAEGuDHqDaW0tLzFNpS47poZPoMsiC:CXQyw<br>p1LGpdCZVbdWuYwbMs<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaf15<br>timedatestamp.....: 0x42b18928 (Thu Jun 16 14:14:00 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x23c43 0x24000 6.60 097a8993242f4147669f9e663c759587<br>.rdata 0x25000 0x8b0c 0x9000 4.66 aef1b36ff01c704cf6910a006650f1e6<br>.data 0x2e000 0xd348 0x4000 2.56 e935227233c0ebcce65d0df15fcf4310<br>.rsrc 0x3c000 0x3528 0x4000 3.44 acd4fd61145ba6381758545770b1c567<br><br>( 11 imports ) <br>> KERNEL32.dll: FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetTimeZoneInformation, UnhandledExceptionFilter, GetEnvironmentStrings, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, GetEnvironmentStringsW, VirtualAlloc, HeapReAlloc, SetHandleCount, VirtualFree, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, FlushFileBuffers, UnlockFile, GetACP, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapSize, RaiseException, TerminateProcess, HeapAlloc, HeapFree, RtlUnwind, ExitProcess, GetStartupInfoA, GetFileAttributesA, GetFileTime, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, FindClose, GetVolumeInformationA, FindFirstFileA, SetEndOfFile, IsBadWritePtr, LCMapStringA, LockFile, CloseHandle, GetModuleFileNameA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetVersionExA, GlobalLock, GlobalUnlock, GetTickCount, LocalFree, LocalAlloc, lstrlenA, lstrcpyA, ReadFile, SetFilePointer, GetProfileStringA, WriteFile, DuplicateHandle, CreateFileA, GetCurrentProcess, GetCPInfo, SetErrorMode, GetOEMCP, GetProcessVersion, SizeofResource, GetThreadLocale, WritePrivateProfileStringA, GetLastError, GlobalFlags, LocalReAlloc, lstrcpynA, TlsGetValue, GlobalReAlloc, TlsSetValue, EnterCriticalSection, GlobalHandle, LeaveCriticalSection, TlsFree, InitializeCriticalSection, DeleteCriticalSection, TlsAlloc, LoadLibraryA, MulDiv, SetLastError, lstrcatA, FreeLibrary, GetVersion, GlobalFindAtomA, GlobalGetAtomNameA, GlobalAddAtomA, FindResourceA, GetModuleHandleA, GetProcAddress, GlobalFree, LoadResource, LockResource, SetStdHandle, LCMapStringW, GetCommandLineA<br>> USER32.dll: InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, MessageBeep, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, LoadCursorA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, GetTopWindow, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, CharUpperA, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, CopyRect, GetSubMenu, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, UnhookWindowsHookEx, PostMessageA, PostQuitMessage, IsWindow, GetWindowPlacement, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, IsChild, DrawFocusRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode<br>> GDI32.dll: DeleteObject, GetViewportExtEx, GetWindowExtEx, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, GetBkColor, DPtoLP, GetTextColor, LPtoDP, GetMapMode, PatBlt, CreateCompatibleDC, BitBlt, CreateDIBitmap, IntersectClipRect, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, SetViewportOrgEx, SetMapMode, OffsetViewportOrgEx, GetStockObject, SetBkMode, RestoreDC, SaveDC, SelectObject, DeleteDC, GetObjectA, CreateBitmap, GetClipBox, SetBkColor, SetTextColor, GetTextExtentPointA<br>> comdlg32.dll: GetFileTitleA<br>> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>> ADVAPI32.dll: RegCreateKeyExA, SetEntriesInAclA, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegOpenKeyExA, RegSetValueExA, RegSetKeySecurity, RegEnumKeyA<br>> COMCTL32.dll: -<br>> oledlg.dll: -<br>> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, OleInitialize, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoTaskMemAlloc<br>> OLEPRO32.DLL: -<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (53.1%)<br>Windows Screen Saver (18.4%)<br>Win32 Executable Generic (12.0%)<br>Win32 Dynamic Link Library (generic) (10.6%)<br>Generic Win/DOS Executable (2.8%)
    sigcheck:<br>publisher....: <br>copyright....: Copyright (C) 2005<br>product......: Application CreateReg<br>description..: Application MFC CreateReg<br>original name: CreateReg.EXE<br>internal name: CreateReg<br>file version.: 2, 5, 6, 16<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 221184 bytes
    MD5...: de1a2134c7c77f469817b2ff8c9f7cb8
    SHA1..: cb230e6eadc246b24beb1845a4373ace05a64e63
    SHA256: e6a825d029feac0145b54363401a9fc3125dbefbb5ce944e06cfffd330b4b0a9
    ssdeep: 3072:5ArqxOQywpizKLGN3dCZVWKpAEGuDHqDaW0tLzFNpS47poZPoMsiC:CXQyw<br>p1LGpdCZVbdWuYwbMs<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaf15<br>timedatestamp.....: 0x42b18928 (Thu Jun 16 14:14:00 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x23c43 0x24000 6.60 097a8993242f4147669f9e663c759587<br>.rdata 0x25000 0x8b0c 0x9000 4.66 aef1b36ff01c704cf6910a006650f1e6<br>.data 0x2e000 0xd348 0x4000 2.56 e935227233c0ebcce65d0df15fcf4310<br>.rsrc 0x3c000 0x3528 0x4000 3.44 acd4fd61145ba6381758545770b1c567<br><br>( 11 imports ) <br>> KERNEL32.dll: FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetTimeZoneInformation, UnhandledExceptionFilter, GetEnvironmentStrings, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, GetEnvironmentStringsW, VirtualAlloc, HeapReAlloc, SetHandleCount, VirtualFree, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, FlushFileBuffers, UnlockFile, GetACP, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapSize, RaiseException, TerminateProcess, HeapAlloc, HeapFree, RtlUnwind, ExitProcess, GetStartupInfoA, GetFileAttributesA, GetFileTime, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, FindClose, GetVolumeInformationA, FindFirstFileA, SetEndOfFile, IsBadWritePtr, LCMapStringA, LockFile, CloseHandle, GetModuleFileNameA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetVersionExA, GlobalLock, GlobalUnlock, GetTickCount, LocalFree, LocalAlloc, lstrlenA, lstrcpyA, ReadFile, SetFilePointer, GetProfileStringA, WriteFile, DuplicateHandle, CreateFileA, GetCurrentProcess, GetCPInfo, SetErrorMode, GetOEMCP, GetProcessVersion, SizeofResource, GetThreadLocale, WritePrivateProfileStringA, GetLastError, GlobalFlags, LocalReAlloc, lstrcpynA, TlsGetValue, GlobalReAlloc, TlsSetValue, EnterCriticalSection, GlobalHandle, LeaveCriticalSection, TlsFree, InitializeCriticalSection, DeleteCriticalSection, TlsAlloc, LoadLibraryA, MulDiv, SetLastError, lstrcatA, FreeLibrary, GetVersion, GlobalFindAtomA, GlobalGetAtomNameA, GlobalAddAtomA, FindResourceA, GetModuleHandleA, GetProcAddress, GlobalFree, LoadResource, LockResource, SetStdHandle, LCMapStringW, GetCommandLineA<br>> USER32.dll: InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, MessageBeep, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, LoadCursorA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, GetTopWindow, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, CharUpperA, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, CopyRect, GetSubMenu, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, UnhookWindowsHookEx, PostMessageA, PostQuitMessage, IsWindow, GetWindowPlacement, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, IsChild, DrawFocusRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode<br>> GDI32.dll: DeleteObject, GetViewportExtEx, GetWindowExtEx, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, GetBkColor, DPtoLP, GetTextColor, LPtoDP, GetMapMode, PatBlt, CreateCompatibleDC, BitBlt, CreateDIBitmap, IntersectClipRect, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, SetViewportOrgEx, SetMapMode, OffsetViewportOrgEx, GetStockObject, SetBkMode, RestoreDC, SaveDC, SelectObject, DeleteDC, GetObjectA, CreateBitmap, GetClipBox, SetBkColor, SetTextColor, GetTextExtentPointA<br>> comdlg32.dll: GetFileTitleA<br>> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>> ADVAPI32.dll: RegCreateKeyExA, SetEntriesInAclA, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegOpenKeyExA, RegSetValueExA, RegSetKeySecurity, RegEnumKeyA<br>> COMCTL32.dll: -<br>> oledlg.dll: -<br>> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, OleInitialize, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoTaskMemAlloc<br>> OLEPRO32.DLL: -<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (53.1%)<br>Windows Screen Saver (18.4%)<br>Win32 Executable Generic (12.0%)<br>Win32 Dynamic Link Library (generic) (10.6%)<br>Generic Win/DOS Executable (2.8%)
    sigcheck:<br>publisher....: <br>copyright....: Copyright (C) 2005<br>product......: Application CreateReg<br>description..: Application MFC CreateReg<br>original name: CreateReg.EXE<br>internal name: CreateReg<br>file version.: 2, 5, 6, 16<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  12. Noch
     
    Fichier installs.exe reçu le 2010.08.06 17:00:17 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 73728 bytes
    MD5...: 6ba5ff23182f7e2535fd2b2b3e5a1c2c
    SHA1..: bf9cce946a205fe01c777418adca8153e02273bc
    SHA256: d2093c0230436a9db3a82a07f7d3b45bb6606c262a8e5ba3c05d8ad5ec007e69
    ssdeep: 1536:rGYMTArIkM4N9HsaeZ9lVDFptjAt7Wnfqy8ikO15ghoWp:rGIrV9Mam3VLt<br>jAt1/iZ15ghoWp<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1e3f<br>timedatestamp.....: 0x3d5a8440 (Wed Aug 14 16:24:32 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xae94 0xb000 6.60 cc8b6be5fedcd3da57237cc1aa45d728<br>.rdata 0xc000 0x16ec 0x2000 4.26 e9b8f1937c6df4dafde8f529d1ddf0a1<br>.data 0xe000 0x56fc 0x4000 2.49 0dae58aca23db72d05a8037f87109dfa<br><br>( 2 imports ) <br>> KERNEL32.dll: GetCurrentProcess, Sleep, GetLastError, GetStartupInfoA, ExitProcess, TerminateProcess, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, HeapAlloc, InterlockedDecrement, InterlockedIncrement, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetProcAddress, LoadLibraryA, FlushFileBuffers, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA<br>> ADVAPI32.dll: OpenServiceA, RegDeleteValueA, GetFileSecurityA, IsValidSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, DeleteService, GetSecurityDescriptorDacl, GetSecurityDescriptorLength, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, LookupAccountSidA, GetAce, GetAclInformation, IsValidAcl<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 73728 bytes
    MD5...: 6ba5ff23182f7e2535fd2b2b3e5a1c2c
    SHA1..: bf9cce946a205fe01c777418adca8153e02273bc
    SHA256: d2093c0230436a9db3a82a07f7d3b45bb6606c262a8e5ba3c05d8ad5ec007e69
    ssdeep: 1536:rGYMTArIkM4N9HsaeZ9lVDFptjAt7Wnfqy8ikO15ghoWp:rGIrV9Mam3VLt<br>jAt1/iZ15ghoWp<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1e3f<br>timedatestamp.....: 0x3d5a8440 (Wed Aug 14 16:24:32 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xae94 0xb000 6.60 cc8b6be5fedcd3da57237cc1aa45d728<br>.rdata 0xc000 0x16ec 0x2000 4.26 e9b8f1937c6df4dafde8f529d1ddf0a1<br>.data 0xe000 0x56fc 0x4000 2.49 0dae58aca23db72d05a8037f87109dfa<br><br>( 2 imports ) <br>> KERNEL32.dll: GetCurrentProcess, Sleep, GetLastError, GetStartupInfoA, ExitProcess, TerminateProcess, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, HeapAlloc, InterlockedDecrement, InterlockedIncrement, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetProcAddress, LoadLibraryA, FlushFileBuffers, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA<br>> ADVAPI32.dll: OpenServiceA, RegDeleteValueA, GetFileSecurityA, IsValidSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, DeleteService, GetSecurityDescriptorDacl, GetSecurityDescriptorLength, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, LookupAccountSidA, GetAce, GetAclInformation, IsValidAcl<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  13. Noch
     
    Fichier lmtools.exe reçu le 2010.08.06 17:00:32 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 658432 bytes
    MD5...: 3733796e1555fac2f1fc625faef338a8
    SHA1..: cfa8e43e35fe33447fb343c65de43c81e1d9534e
    SHA256: 0d314eec842b53bb593f999aa71cb6c9a3d21a388371e9429837a819eb619e30
    ssdeep: 12288:vFLiubCKdE4E41Cm7da0ZQtodgHoZ9OFAN+p4XeEcvzFoac:tp5E2zda0Z<br>Qto4oZ90s+p4XeE<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xc1e0<br>timedatestamp.....: 0x3bc3699d (Tue Oct 09 21:18:21 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x665b4 0x66600 6.41 961ddbc932311e924c3fcd5dff235c5a<br>.rdata 0x68000 0x34b8 0x3600 4.16 58a02d6aad73174c4c96f456ec19e4bd<br>.data 0x6c000 0x12030 0xc800 4.59 69122d4f353051bec8e302543eda6c96<br>.idata 0x7f000 0x15e0 0x1600 5.55 adc566f90ffe61f58662f7415d124674<br>_TEXT_HA 0x81000 0x108ca 0x10a00 6.60 b3e07642cf02842377505d1830050849<br>.rsrc 0x92000 0x1830c 0x18400 2.40 a81d82513e59c5e15deb5c11be970ca4<br><br>( 9 imports ) <br>> KERNEL32.dll: GetCurrentProcess, HeapReAlloc, HeapSize, InitializeCriticalSection, TerminateProcess, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetModuleFileNameA, EnterCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, FreeEnvironmentStringsW, GetCurrentThread, LCMapStringW, GetStringTypeA, TlsGetValue, VirtualAlloc, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, GetProcAddress, LoadLibraryA, TlsAlloc, CloseHandle, CreateFileA, GetLocaleInfoA, GetLocaleInfoW, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, TlsSetValue, GetCurrentThreadId, HeapFree, SetLastError, LCMapStringA, GetStringTypeW, GetDriveTypeA, GetFullPathNameA, GetCurrentDirectoryA, GetFileType, PeekNamedPipe, GetFileInformationByHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, ReadFile, HeapAlloc, InterlockedIncrement, InterlockedDecrement, GetCommandLineA, GetStartupInfoA, RaiseException, GetFileAttributesA, GetLastError, GetSystemTime, GetTimeZoneInformation, GetWindowsDirectoryA, GetLocalTime, RtlUnwind, Sleep, CreateProcessA, GetVersion, WriteFile, GetModuleHandleA, GlobalFree, GlobalAlloc, GetCurrentProcessId, DeleteFileA, CreateDirectoryA, ExitThread, CreateThread, SetEnvironmentVariableW, GetVersionExA, ReleaseSemaphore, WaitForSingleObject, OpenSemaphoreA, CreateSemaphoreA, SetErrorMode, DuplicateHandle, GetTickCount, FreeLibrary, ResetEvent, CreateEventA, SetEvent, GetVolumeInformationA, ResumeThread, DeviceIoControl, GetProcessTimes, FindFirstFileA, FindNextFileA, FindClose, LocalFree, LocalAlloc, SetThreadPriority, GetPrivateProfileStringA, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileIntA, FormatMessageA, GetShortPathNameA, GetEnvironmentVariableA<br>> USER32.dll: MessageBeep, SetFocus, GetWindowRect, TranslateMessage, GetMessageA, GetActiveWindow, GetParent, MoveWindow, ScreenToClient, EnableWindow, GetWindowLongA, GetDlgItemTextA, SetDlgItemTextA, EndDialog, GetFocus, SetWindowTextA, GetClientRect, wsprintfA, CreateDialogIndirectParamA, DialogBoxIndirectParamA, RedrawWindow, PostMessageA, DestroyWindow, InvalidateRect, SetForegroundWindow, IsWindowEnabled, GetWindowTextA, IsDialogMessageA, DispatchMessageA, GetDlgItem, PeekMessageA, ReleaseDC, GetDC, CreateDialogParamA, CallWindowProcA, SetWindowLongA, LoadBitmapA, ShowWindow, SetCursor, LoadCursorA, SendMessageA, GetWindowTextLengthA, GetCursor, SetMenuItemInfoA, CheckRadioButton, ShowCursor, SendDlgItemMessageA, MessageBoxA<br>> ADVAPI32.dll: DeleteService, RegSetValueExA, ControlService, StartServiceA, RegDeleteKeyA, RegDeleteValueA, QueryServiceConfigA, OpenSCManagerA, CreateServiceA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, GetUserNameA<br>> GDI32.dll: GetStockObject, CreateFontIndirectA, GetTextMetricsA, SelectObject, DeleteObject<br>> SHELL32.dll: ShellExecuteA<br>> COMCTL32.dll: -, ImageList_Create, ImageList_GetImageCount, ImageList_Add<br>> WSOCK32.dll: -, -, -<br>> NETAPI32.dll: Netbios<br>> comdlg32.dll: GetOpenFileNameA<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: InstallShield setup (37.0%)<br>Win32 Executable MS Visual C++ (generic) (32.4%)<br>Windows Screen Saver (11.2%)<br>Win32 Executable Generic (7.3%)<br>Win32 Dynamic Link Library (generic) (6.5%)
    sigcheck:<br>publisher....: GLOBEtrotter Software Inc.<br>copyright....: Copyright (c) 2001, 1987<br>product......: <br>description..: <br>original name: LMTOOLS.EXE<br>internal name: LMTOOLS<br>file version.: 7, 2, 9, 0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 658432 bytes
    MD5...: 3733796e1555fac2f1fc625faef338a8
    SHA1..: cfa8e43e35fe33447fb343c65de43c81e1d9534e
    SHA256: 0d314eec842b53bb593f999aa71cb6c9a3d21a388371e9429837a819eb619e30
    ssdeep: 12288:vFLiubCKdE4E41Cm7da0ZQtodgHoZ9OFAN+p4XeEcvzFoac:tp5E2zda0Z<br>Qto4oZ90s+p4XeE<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xc1e0<br>timedatestamp.....: 0x3bc3699d (Tue Oct 09 21:18:21 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x665b4 0x66600 6.41 961ddbc932311e924c3fcd5dff235c5a<br>.rdata 0x68000 0x34b8 0x3600 4.16 58a02d6aad73174c4c96f456ec19e4bd<br>.data 0x6c000 0x12030 0xc800 4.59 69122d4f353051bec8e302543eda6c96<br>.idata 0x7f000 0x15e0 0x1600 5.55 adc566f90ffe61f58662f7415d124674<br>_TEXT_HA 0x81000 0x108ca 0x10a00 6.60 b3e07642cf02842377505d1830050849<br>.rsrc 0x92000 0x1830c 0x18400 2.40 a81d82513e59c5e15deb5c11be970ca4<br><br>( 9 imports ) <br>> KERNEL32.dll: GetCurrentProcess, HeapReAlloc, HeapSize, InitializeCriticalSection, TerminateProcess, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetModuleFileNameA, EnterCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, FreeEnvironmentStringsW, GetCurrentThread, LCMapStringW, GetStringTypeA, TlsGetValue, VirtualAlloc, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, GetProcAddress, LoadLibraryA, TlsAlloc, CloseHandle, CreateFileA, GetLocaleInfoA, GetLocaleInfoW, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, TlsSetValue, GetCurrentThreadId, HeapFree, SetLastError, LCMapStringA, GetStringTypeW, GetDriveTypeA, GetFullPathNameA, GetCurrentDirectoryA, GetFileType, PeekNamedPipe, GetFileInformationByHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, ReadFile, HeapAlloc, InterlockedIncrement, InterlockedDecrement, GetCommandLineA, GetStartupInfoA, RaiseException, GetFileAttributesA, GetLastError, GetSystemTime, GetTimeZoneInformation, GetWindowsDirectoryA, GetLocalTime, RtlUnwind, Sleep, CreateProcessA, GetVersion, WriteFile, GetModuleHandleA, GlobalFree, GlobalAlloc, GetCurrentProcessId, DeleteFileA, CreateDirectoryA, ExitThread, CreateThread, SetEnvironmentVariableW, GetVersionExA, ReleaseSemaphore, WaitForSingleObject, OpenSemaphoreA, CreateSemaphoreA, SetErrorMode, DuplicateHandle, GetTickCount, FreeLibrary, ResetEvent, CreateEventA, SetEvent, GetVolumeInformationA, ResumeThread, DeviceIoControl, GetProcessTimes, FindFirstFileA, FindNextFileA, FindClose, LocalFree, LocalAlloc, SetThreadPriority, GetPrivateProfileStringA, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileIntA, FormatMessageA, GetShortPathNameA, GetEnvironmentVariableA<br>> USER32.dll: MessageBeep, SetFocus, GetWindowRect, TranslateMessage, GetMessageA, GetActiveWindow, GetParent, MoveWindow, ScreenToClient, EnableWindow, GetWindowLongA, GetDlgItemTextA, SetDlgItemTextA, EndDialog, GetFocus, SetWindowTextA, GetClientRect, wsprintfA, CreateDialogIndirectParamA, DialogBoxIndirectParamA, RedrawWindow, PostMessageA, DestroyWindow, InvalidateRect, SetForegroundWindow, IsWindowEnabled, GetWindowTextA, IsDialogMessageA, DispatchMessageA, GetDlgItem, PeekMessageA, ReleaseDC, GetDC, CreateDialogParamA, CallWindowProcA, SetWindowLongA, LoadBitmapA, ShowWindow, SetCursor, LoadCursorA, SendMessageA, GetWindowTextLengthA, GetCursor, SetMenuItemInfoA, CheckRadioButton, ShowCursor, SendDlgItemMessageA, MessageBoxA<br>> ADVAPI32.dll: DeleteService, RegSetValueExA, ControlService, StartServiceA, RegDeleteKeyA, RegDeleteValueA, QueryServiceConfigA, OpenSCManagerA, CreateServiceA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, GetUserNameA<br>> GDI32.dll: GetStockObject, CreateFontIndirectA, GetTextMetricsA, SelectObject, DeleteObject<br>> SHELL32.dll: ShellExecuteA<br>> COMCTL32.dll: -, ImageList_Create, ImageList_GetImageCount, ImageList_Add<br>> WSOCK32.dll: -, -, -<br>> NETAPI32.dll: Netbios<br>> comdlg32.dll: GetOpenFileNameA<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: InstallShield setup (37.0%)<br>Win32 Executable MS Visual C++ (generic) (32.4%)<br>Windows Screen Saver (11.2%)<br>Win32 Executable Generic (7.3%)<br>Win32 Dynamic Link Library (generic) (6.5%)
    sigcheck:<br>publisher....: GLOBEtrotter Software Inc.<br>copyright....: Copyright (c) 2001, 1987<br>product......: <br>description..: <br>original name: LMTOOLS.EXE<br>internal name: LMTOOLS<br>file version.: 7, 2, 9, 0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  14. Noch
     
    Fichier nuvyuv.dll reçu le 2010.08.06 17:00:52 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 84c14a9e550a41902015fc456fbc6b67
    SHA1..: b2b1899b7f51f2f4bf8a944eabbcddf6c4ab0257
    SHA256: 77bc598f5fc8c8b6fdd0e06b56df2b1fa6d4e220f32f7505a89667ac180274dd
    ssdeep: 768:0dluTJiaoITmIq6tFVs+NYo0t7TY/buQeuE9ZEnB1mSrOXWmiB9QZ6lFY6zo<br>Doks:0dluV/x163TYTuQNP3Q6U6UomoOK<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3136<br>timedatestamp.....: 0x3ba481a4 (Sun Sep 16 10:40:36 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x92c2 0xa000 6.43 24c06cc208fcc6befbebbb7372808240<br>.rdata 0xb000 0x1158 0x2000 3.11 49ec1e524ae2297cf5d45b8366a95dfc<br>.data 0xd000 0x48a4 0x4000 1.16 294e7f105a4a5e736160e612fd6a2c12<br>.rsrc 0x12000 0x2a0 0x1000 0.70 50f173c7515ee30ddb8c4bf27d3fb667<br>.reloc 0x13000 0x10bc 0x2000 2.57 9ef5ce7d24bc75944dbb6deeac47971b<br><br>( 3 imports ) <br>> WINMM.dll: DefDriverProc<br>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>> KERNEL32.dll: TlsFree, TlsGetValue, CloseHandle, SetStdHandle, DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetVersionExA, GetLastError, InterlockedDecrement, InterlockedIncrement, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, GetProcAddress, GetModuleHandleA, HeapAlloc, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, ExitProcess, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, VirtualAlloc, FlushFileBuffers, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, SetFilePointer, IsBadWritePtr, GetStringTypeA, GetStringTypeW, GetCPInfo, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, GetACP, GetOEMCP, LoadLibraryA<br><br>( 1 exports ) <br>DriverProc<br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    sigcheck:<br>publisher....: Zoran Ltd.<br>copyright....: Copyright (c) 1998-2001, Zoran Ltd.<br>product......: USBVision<br>description..: NUVision YUV Decoder<br>original name: n/a<br>internal name: n/a<br>file version.: 2, 0, 1, 1<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2010.08.06.01 2010.08.06 -
    AntiVir 8.2.4.32 2010.08.06 -
    Antiy-AVL 2.0.3.7 2010.08.06 -
    Authentium 5.2.0.5 2010.08.06 -
    Avast 4.8.1351.0 2010.08.06 -
    Avast5 5.0.332.0 2010.08.06 -
    AVG 9.0.0.851 2010.08.06 -
    BitDefender 7.2 2010.08.06 -
    CAT-QuickHeal 11.00 2010.08.06 -
    ClamAV 0.96.0.3-git 2010.08.06 -
    Comodo 5667 2010.08.06 -
    DrWeb 5.0.2.03300 2010.08.06 -
    Emsisoft 5.0.0.36 2010.08.06 -
    eSafe 7.0.17.0 2010.08.05 -
    eTrust-Vet 36.1.7771 2010.08.06 -
    F-Prot 4.6.1.107 2010.08.05 -
    F-Secure 9.0.15370.0 2010.08.06 -
    Fortinet 4.1.143.0 2010.08.06 -
    GData 21 2010.08.06 -
    Ikarus T3.1.1.84.0 2010.08.06 -
    Jiangmin 13.0.900 2010.08.03 -
    Kaspersky 7.0.0.125 2010.08.06 -
    McAfee 5.400.0.1158 2010.08.06 -
    McAfee-GW-Edition 2010.1 2010.08.06 -
    Microsoft 1.6004 2010.08.06 -
    NOD32 5347 2010.08.06 -
    Norman 6.05.11 2010.08.06 -
    nProtect 2010-08-06.01 2010.08.06 -
    Panda 10.0.2.7 2010.08.06 -
    PCTools 7.0.3.5 2010.08.06 -
    Prevx 3.0 2010.08.06 -
    Rising 22.59.04.04 2010.08.06 -
    Sophos 4.56.0 2010.08.06 -
    Sunbelt 6695 2010.08.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
    Symantec 20101.1.1.7 2010.08.06 -
    TheHacker 6.5.2.1.334 2010.08.06 -
    TrendMicro 9.120.0.1004 2010.08.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
    VBA32 3.12.12.8 2010.08.04 -
    ViRobot 2010.7.29.3961 2010.08.06 -
    VirusBuster 5.0.27.0 2010.08.06 -

    Information additionnelle
    File size: 81920 bytes
    MD5...: 84c14a9e550a41902015fc456fbc6b67
    SHA1..: b2b1899b7f51f2f4bf8a944eabbcddf6c4ab0257
    SHA256: 77bc598f5fc8c8b6fdd0e06b56df2b1fa6d4e220f32f7505a89667ac180274dd
    ssdeep: 768:0dluTJiaoITmIq6tFVs+NYo0t7TY/buQeuE9ZEnB1mSrOXWmiB9QZ6lFY6zo<br>Doks:0dluV/x163TYTuQNP3Q6U6UomoOK<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3136<br>timedatestamp.....: 0x3ba481a4 (Sun Sep 16 10:40:36 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x92c2 0xa000 6.43 24c06cc208fcc6befbebbb7372808240<br>.rdata 0xb000 0x1158 0x2000 3.11 49ec1e524ae2297cf5d45b8366a95dfc<br>.data 0xd000 0x48a4 0x4000 1.16 294e7f105a4a5e736160e612fd6a2c12<br>.rsrc 0x12000 0x2a0 0x1000 0.70 50f173c7515ee30ddb8c4bf27d3fb667<br>.reloc 0x13000 0x10bc 0x2000 2.57 9ef5ce7d24bc75944dbb6deeac47971b<br><br>( 3 imports ) <br>> WINMM.dll: DefDriverProc<br>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>> KERNEL32.dll: TlsFree, TlsGetValue, CloseHandle, SetStdHandle, DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetVersionExA, GetLastError, InterlockedDecrement, InterlockedIncrement, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, GetProcAddress, GetModuleHandleA, HeapAlloc, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, ExitProcess, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, VirtualAlloc, FlushFileBuffers, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, SetFilePointer, IsBadWritePtr, GetStringTypeA, GetStringTypeW, GetCPInfo, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, GetACP, GetOEMCP, LoadLibraryA<br><br>( 1 exports ) <br>DriverProc<br>
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    sigcheck:<br>publisher....: Zoran Ltd.<br>copyright....: Copyright (c) 1998-2001, Zoran Ltd.<br>product......: USBVision<br>description..: NUVision YUV Decoder<br>original name: n/a<br>internal name: n/a<br>file version.: 2, 0, 1, 1<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    0
  15. Noch
     
    ci dessous le rapport de listkillem apres le cleaning :

    ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.3 ¤¤¤¤¤¤¤¤¤¤

    User : Fred (Administrateurs)
    Update on 05/08/2010 by g3n-h@ckm@n ::::: 17.50
    Start at: 00:49:21 | 07/08/2010

    Intel(R) Pentium(R) M processor 1.73GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 35,46 Go (3,91 Go free) [Systeme] | NTFS
    D:\ -> Disque fixe local | 39,07 Go (17,94 Go free) [Docs] | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

    C:\WINDOWS\System32\smss.exe ----400 Ko
    C:\WINDOWS\system32\csrss.exe ----3608 Ko
    C:\WINDOWS\system32\winlogon.exe ----1540 Ko
    C:\WINDOWS\system32\services.exe ----13136 Ko
    C:\WINDOWS\system32\lsass.exe ----6516 Ko
    C:\WINDOWS\system32\Ati2evxx.exe ----3620 Ko
    C:\WINDOWS\system32\svchost.exe ----4908 Ko
    C:\WINDOWS\system32\logonui.exe ----3924 Ko
    C:\WINDOWS\system32\svchost.exe ----4308 Ko
    C:\WINDOWS\System32\svchost.exe ----37540 Ko
    C:\WINDOWS\system32\Ati2evxx.exe ----4184 Ko
    C:\Program Files\AVG\AVG9\avgchsvx.exe ----2040 Ko
    C:\Program Files\AVG\AVG9\avgrsx.exe ----3328 Ko
    C:\WINDOWS\system32\svchost.exe ----3484 Ko
    C:\Program Files\AVG\AVG9\avgcsrvx.exe ----5780 Ko
    C:\WINDOWS\system32\spoolsv.exe ----6112 Ko
    C:\WINDOWS\system32\svchost.exe ----3416 Ko
    C:\Program Files\NetLimiter\nlsvc.exe ----4424 Ko
    C:\WINDOWS\System32\snmp.exe ----4236 Ko
    C:\WINDOWS\system32\wdfmgr.exe ----2204 Ko
    C:\WINDOWS\System32\alg.exe ----3756 Ko
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE ----3320 Ko
    C:\WINDOWS\system32\userinit.exe ----3248 Ko
    C:\WINDOWS\Explorer.EXE ----10192 Ko
    C:\Program Files\NetLimiter\NLClient.exe ----17152 Ko
    C:\WINDOWS\system32\cmd.exe ----2420 Ko
    C:\WINDOWS\system32\wbem\wmiprvse.exe ----6872 Ko
    C:\Program Files\List_Kill'em\ERUNT.EXE ----3272 Ko
    C:\Program Files\List_Kill'em\pv.exe ----3100 Ko

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Program Files\Internet Explorer\iekey.dll
    Quarantined & Deleted !! : C:\Program Files\Radmin

    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Quarantined & Deleted !! : C:\WINDOWS\System32\reboot.txt
    Quarantined & Deleted !! : C:\WINDOWS\Temp\10018c4f4974d1b5a308ba5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\151ecf44346b619eefe572e6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\166ae75c19816891b33c63c1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\1f5ebe06b084e2c3816d0876.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\21b5eed1f38b0457f85d5be.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\240359b15dec143b806e23fd.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\253a31925d5555c781362a44.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\26badd43fe47c2bfd12f2014.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\29a1442eb46dfacb905ee26b.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\347efbd6497389437a4ed36e.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\3a862de38eaed75aebf17d42.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\4288eab95d92fca91d4b5ee4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\442bc8c68fbb2d16496542c9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\49beab634f98827ea448c6cb.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\4b607e8a1b928990a218b2ed.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\51d29e0b7faaf3f2198792e2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\5834550167903b8837f44717.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\58cdbef7de79cae3d8df538.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\5d277c64c6bced0f3de14870.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\5d3d46ba8ad953b27a3b30d.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\6271b705d55dee4a7e96bae5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\687cc61859a395f67f46bf56.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\6aa9f583606fad848229f1ba.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\719f33851de8cca5eec7a559.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\765a746c93797b75dc951e27.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\76ccdac3e03d865d67d64a02.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\7a1b42e9e82e37ccdaa2b4c1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\7b1ae29373eaa414fb3d5014.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\812eacb6db27b1d6406a4f69.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\90ed69edb4908b4a305490ed.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\9a0319ab2786787cd632a4a7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\a3d87b15edd4db9ad2b7fa65.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\a40e41108f20d22f71f8a33b.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\b530f9a64f7d244d5310db27.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\b5d94211b5a117bdae0e6f9f.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\c2f83ff0c66fbf2365658f33.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\c76c51d725f569c2f0c0561b.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\caba24e2908a263ba9e17284.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\d7987857704a2115f0be4eb.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\e0bf05a2a342b680eec1633.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\e1bdaa9037cc6430a6a1ae4b.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\e867e2f63d2130f59a1eae67.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\f6ac32813cabda7a51432fff.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\faa6f733573b0140b3da79dc.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\fce9b6157a509535348a903c.tmp
    Quarantined & Deleted !! : C:\WINDOWS\Temp\fd3ebc934ddc8e3f23db50e.tmp
    Quarantined & Deleted !! : File

    =======
    Hosts :
    =======

    127.0.0.1 localhost

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
    Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    =================
    Internet Explorer
    =================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ===============
    Security Center
    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled = 1 (0x1)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 1 (0x1)
    FirewallOverride = 1 (0x1)
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)

    ========
    Services
    =========

    Ndisuio : Start = 3
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ================

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87687EC5]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x8736e278
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  16. gen-hackman
     
    ▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

    Desactive toutes tes protections le temps du scan de gMer

    Pour XP => double clique sur gmer.exe
    Pour Vista et 7 => clique droit "executer en tant que...."

    ▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

    ▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

    Ensuite

    ▶ sur les lignes rouge:

    ▶ Services:cliques droit delete service
    ▶ Process:cliques droit kill process
    ▶ Adl ,file:cliques droit delete files
    0
    1. Noch
       
      C'est en cours.
      0
    2. Noch
       
      Bon je suis parti me coucher en laissant le scan de GMER tourner.
      Ce matin, blue screen : winlogon s'est terminé de facon inattendue ....

      J'ai relancé le scan de GMER, c'est en cours.
      Il ya déjà au moins une ligne rouge, on verra la suite à la fin de ce scan.

      edit : Pas moyen de finir le scan, je tombe indéniablement sur un blue screen.
      STOP : c0000021a {Erreur système irrécupérable}
      Le procesus windows logon s'est terminé de facon inattendue dans l'état suivant 0xc0000005 (0x00000000 0x00000000)

      Du coup, je fais quoi ? je te copie le rapport de scan et l'arrête avant qu'il finisse/plante ?
      0
  17. Noch
     
    Ou sont passés les rapports de virus total ?
    Il me semblait avoir mis les 7 rapports ??

    c:\windows\system32\drivers\alcxeq.dat -> poubelle
    c:\windows\system32\drivers\alcxhweq.dat -> poubelle
    C:\WINDOWS\System32\avantd.exe -> ou est le rapport ?
    C:\WINDOWS\System32\CreateReg.exe -> ou est le rapport ?
    C:\WINDOWS\System32\installs.exe -> ou est le rapport ?
    C:\WINDOWS\System32\lmtools.exe -> je garde
    C:\WINDOWS\System32\nuvyuv.dll -> ou est le rapport ?

    je recommence demain pour les 4 dont le rapport a disparu ...
    0
    1. gen-hackman
       
      j ai demandé la restoration des messages
      0
    2. Noch
       
      Ah oki merci.
      0
    3. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
       
      Salut gen.
      Bonne continuation ;-).
      0
    4. Noch
       
      Ah super, merci pour la restauration !
      0
  18. Noch
     
    Voila deja le rapport initial suite au premier scan exécuté automatiquement à l'ouverture.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-07 09:52:51
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\Fred\LOCALS~1\Temp\awrdqkob.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 877319B8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [BOOT] jzioircv <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
    0
    1. Noch
       
      Et voila le log d'un scan plus poussé mais inachevé.
      J'ai fait des sauvegardes au fur et à mesure du scan jusqu'à ce que ca plante.

      http://www.cijoint.fr/cjlink.php?file=cj201008/cijHex5K2V.txt
      0
  • 1
  • 2
  • 3
  • 4