Sujet Précédent Sujet Suivant

Onglet intempestifs

Résolu/Fermé
Noch - 6 août 2010 à 13:59
 Utilisateur anonyme - 9 août 2010 à 19:45
Bonjour,

En surfant un peu vite, je suis allé sur un site qui a ouvert et de suite fermé une fenêtre.
Donc ca vient de là.

Depuis, j'ai un onglet qui s'ouvre régulièrement.
Parfois, il s'agit d'un lien directement lié à ce qui est écrit dans ma barre de recherche Google, a droite de la barre d'adresse ...
J'ai eu le "Generic host process for Win 32 services" qui s'est mis à planter.
Une fois planter, je ne pouvais plus lancer aucun *.exe
J'ai aussi le débugueur qui se lance sans cesse (VS7JIT.exe), j'ai beau dire que non, je ne veux pas débuguer. Il revient.

J'ai téléchargé et exécuté CCleaner.
J'ai téléchargé et exécuté Malwarebytes' Anti-Malware.
J'ai téléchargé et exécuté AVG Free 9.0 mis à jour encore ce matin même.
J'ai donc déjà fait un peu de ménage.

Aujourd'hui, le Generic Host ne plante plus, j'ai desactivé le MDM.exe qui devait lancer le débugueur (ca ne résoud pas le pb du virus sous-jacent) et il me reste des onglets intempestifs.
A l'instant, Apres une recherche google, je clique sur un lien menant sur "commentcamarche", je me suis fait rediriger vers un site malveillant.
En copiant et collant le lien, je tombe bien sur ce que je cherchais ...


63 réponses

Réponse 1 / 63
Noch
6 août 2010 à 14:00 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:43, on 06/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NetLimiter\nlsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter\NLClient.exe
C:\WINDOWS\system32\TPSMain.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PrintKey\Printkey 2000 Fr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/meteo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey\Printkey 2000 Fr.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter\nlsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

--
End of file - 7635 bytes
0
Réponse 2 / 63
Utilisateur anonyme
6 août 2010 à 14:02
salut :

tu peux nous remettre le rapport de malwarebytes stp ?
0
Noch
6 août 2010 à 14:08
Voila le rapport que j'ai. Il a 2 semaines, c'est ce que j'ai eu qd j'ai passé le scan la première fois. Je peux en relancer un si tu veux.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4354

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

26/07/2010 21:36:26
mbam-log-2010-07-26 (21-36-26).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 19838
Temps écoulé: 11 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setupupdate70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Fred\Application Data\F3898E87327CBE398D4EE5E2B7E7809D\setupupdate70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Application Data\ogix.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
0
Réponse 3 / 63
Utilisateur anonyme
6 août 2010 à 14:12
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge ici :List_Kill'em

et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

▶ laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶ Fais de même avec more.txt qui se trouve sur ton bureau
0
Noch
6 août 2010 à 14:57
merci, je fais ca !
0
Réponse 4 / 63
Utilisateur anonyme
6 août 2010 à 15:26
ok
0
Noch
Modifié par Noch le 6/08/2010 à 16:22
J'ai lancé la recherche ... l'outil semble ne rien faire ?
Est ce normal ?

edit : c'est bon, le scan est en cours.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 63
Noch
6 août 2010 à 17:58
voici les rapports :
http://www.cijoint.fr/cjlink.php?file=cj201008/cijZUE0WVr.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijAGXJved.txt
0
Réponse 6 / 63
Utilisateur anonyme
6 août 2010 à 18:32
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

c:\windows\system32\drivers\alcxeq.dat
c:\windows\system32\drivers\alcxhweq.dat
C:\WINDOWS\System32\avantd.exe
C:\WINDOWS\System32\CreateReg.exe
C:\WINDOWS\System32\installs.exe
C:\WINDOWS\System32\lmtools.exe
C:\WINDOWS\System32\nuvyuv.dll


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 7 / 63
Noch
6 août 2010 à 18:49
Fichier alcxeq.dat reçu le 2010.08.06 16:46:57 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 176 bytes
MD5...: 81e032386b46908da863f1575f3bf8eb
SHA1..: dd0f03e126501975d0122cdcce24cf03504bd4f7
SHA256: 7cbed99f4147d2f66482e6ec8a64807be1b9191a36fcf2ce3fe27e4d9573c67f
ssdeep: 3:bqEGlEl2maJs6hl+llAH9lvsl8ZaF3l/KstKkl+azasdlkkMo2Jt/k/lJn/k/p<br>lR:bqEG/mis6qodxE8k7tKklT2sdAo2jst+<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 176 bytes
MD5...: 81e032386b46908da863f1575f3bf8eb
SHA1..: dd0f03e126501975d0122cdcce24cf03504bd4f7
SHA256: 7cbed99f4147d2f66482e6ec8a64807be1b9191a36fcf2ce3fe27e4d9573c67f
ssdeep: 3:bqEGlEl2maJs6hl+llAH9lvsl8ZaF3l/KstKkl+azasdlkkMo2Jt/k/lJn/k/p<br>lR:bqEG/mis6qodxE8k7tKklT2sdAo2jst+<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 8 / 63
Utilisateur anonyme
6 août 2010 à 18:52
bon deja celui-ci => poubelle
0
Réponse 9 / 63
Noch
6 août 2010 à 18:55
Fichier alcxhweq.dat reçu le 2010.08.06 16:50:15 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 176 bytes
MD5...: 46af6a1bc90a6aa73af7ba833961573b
SHA1..: 8e35c47cd6ceac584e9fdc585f8233e31e5cf038
SHA256: 1306a537e677793df979f9be53365fdd84514582d1f7a90a3f3d99e57eaac251
ssdeep: 3:bqE/l8kRTlkvvl+l/qf2fau//GNl+lXpE1pzka9Xsy/lollA:bqEtBk3sl/qga<br>u//asl5EjzkmXR4G<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 176 bytes
MD5...: 46af6a1bc90a6aa73af7ba833961573b
SHA1..: 8e35c47cd6ceac584e9fdc585f8233e31e5cf038
SHA256: 1306a537e677793df979f9be53365fdd84514582d1f7a90a3f3d99e57eaac251
ssdeep: 3:bqE/l8kRTlkvvl+l/qf2fau//GNl+lXpE1pzka9Xsy/lollA:bqEtBk3sl/qga<br>u//asl5EjzkmXR4G<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 10 / 63
Noch
6 août 2010 à 18:58
Fichier avantd.exe reçu le 2010.08.06 16:55:40 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 716800 bytes
MD5...: b441444d7da1ffa4c4cf6f5718aaa579
SHA1..: b02a3facfdc615a2144282a4474542e0825254c0
SHA256: 6d3bec3af5f4b1c8e295fe753dd31b330de066b527122e56980997a0e3060969
ssdeep: 12288:WsQ4Upl6K24PZbwZ3Fnk3vGfPCiju38kINzB7DkhCvCY/Lv1MK/V8vzFoa<br>:WAUp02sZ1k3vGfP7C3QFBHfXDV<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5653b<br>timedatestamp.....: 0x3d5a8441 (Wed Aug 14 16:24:33 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x86686 0x87000 6.36 e8009970c6375783a6ac264c3bfb86ee<br>.rdata 0x88000 0x3304 0x4000 4.39 35ee91a22149e0d1458a23c2065bdfd8<br>.data 0x8c000 0x1c068 0x12000 5.40 4054d349d8f426f2e6889b1f171d7922<br>_TEXT_HA 0xa9000 0x108ca 0x11000 6.50 66f3ffffc3325931203c28b73f8638f7<br><br>( 6 imports ) <br>> KERNEL32.dll: GetProcessTimes, GetTickCount, ReleaseSemaphore, OpenSemaphoreA, CreateSemaphoreA, GetLastError, GetCurrentProcess, GetWindowsDirectoryA, GetVolumeInformationA, GetDriveTypeA, GlobalFree, GlobalAlloc, VirtualAlloc, VirtualFree, SetLastError, LoadLibraryA, FindClose, LocalFree, LocalAlloc, GetCurrentThread, CreateFileA, SetThreadPriority, ReadFile, WriteFile, DeviceIoControl, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileStringA, GetPrivateProfileIntA, DuplicateHandle, SetErrorMode, SetEvent, GetProcAddress, GetModuleHandleA, ResetEvent, CreateEventA, WaitForSingleObject, Sleep, FreeLibrary, CloseHandle, FindFirstFileA, FindNextFileA, GetVersionExA, UnhandledExceptionFilter, GetModuleFileNameA, SetFileTime, MoveFileA, UnlockFile, LockFile, SetConsoleTitleA, GetLocaleInfoW, SetEndOfFile, CompareStringW, FileTimeToLocalFileTime, CompareStringA, SetStdHandle, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetOEMCP, GetACP, GetCPInfo, HeapSize, SystemTimeToFileTime, GetVersion, LocalFileTimeToFileTime, SetFilePointer, SetCurrentDirectoryA, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, ResumeThread, CreateThread, TlsSetValue, ExitThread, TerminateProcess, EnterCriticalSection, LeaveCriticalSection, FileTimeToSystemTime, SetEnvironmentVariableW, CreateDirectoryA, GetFileAttributesA, DeleteFileA, GetCurrentProcessId, GetCurrentDirectoryA, GetFullPathNameA, TlsFree, SetEnvironmentVariableA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetCurrentThreadId, TlsAlloc, HeapReAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, RtlUnwind, InitializeCriticalSection, IsBadWritePtr, FatalAppExitA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers<br>> USER32.dll: GetDlgItem, GetParent, MoveWindow, ScreenToClient, ShowWindow, EnableWindow, GetWindowRect, MessageBoxA, SendMessageA, GetWindowLongA, MessageBeep, GetDlgItemTextA, SetDlgItemTextA, EndDialog, DialogBoxIndirectParamA, CreateDialogIndirectParamA, wsprintfA, GetClientRect, SetWindowTextA, GetActiveWindow, GetFocus<br>> NETAPI32.dll: Netbios<br>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegEnumKeyExA, RegEnumValueA<br>> comdlg32.dll: GetOpenFileNameA<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 716800 bytes
MD5...: b441444d7da1ffa4c4cf6f5718aaa579
SHA1..: b02a3facfdc615a2144282a4474542e0825254c0
SHA256: 6d3bec3af5f4b1c8e295fe753dd31b330de066b527122e56980997a0e3060969
ssdeep: 12288:WsQ4Upl6K24PZbwZ3Fnk3vGfPCiju38kINzB7DkhCvCY/Lv1MK/V8vzFoa<br>:WAUp02sZ1k3vGfP7C3QFBHfXDV<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5653b<br>timedatestamp.....: 0x3d5a8441 (Wed Aug 14 16:24:33 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x86686 0x87000 6.36 e8009970c6375783a6ac264c3bfb86ee<br>.rdata 0x88000 0x3304 0x4000 4.39 35ee91a22149e0d1458a23c2065bdfd8<br>.data 0x8c000 0x1c068 0x12000 5.40 4054d349d8f426f2e6889b1f171d7922<br>_TEXT_HA 0xa9000 0x108ca 0x11000 6.50 66f3ffffc3325931203c28b73f8638f7<br><br>( 6 imports ) <br>> KERNEL32.dll: GetProcessTimes, GetTickCount, ReleaseSemaphore, OpenSemaphoreA, CreateSemaphoreA, GetLastError, GetCurrentProcess, GetWindowsDirectoryA, GetVolumeInformationA, GetDriveTypeA, GlobalFree, GlobalAlloc, VirtualAlloc, VirtualFree, SetLastError, LoadLibraryA, FindClose, LocalFree, LocalAlloc, GetCurrentThread, CreateFileA, SetThreadPriority, ReadFile, WriteFile, DeviceIoControl, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileStringA, GetPrivateProfileIntA, DuplicateHandle, SetErrorMode, SetEvent, GetProcAddress, GetModuleHandleA, ResetEvent, CreateEventA, WaitForSingleObject, Sleep, FreeLibrary, CloseHandle, FindFirstFileA, FindNextFileA, GetVersionExA, UnhandledExceptionFilter, GetModuleFileNameA, SetFileTime, MoveFileA, UnlockFile, LockFile, SetConsoleTitleA, GetLocaleInfoW, SetEndOfFile, CompareStringW, FileTimeToLocalFileTime, CompareStringA, SetStdHandle, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetOEMCP, GetACP, GetCPInfo, HeapSize, SystemTimeToFileTime, GetVersion, LocalFileTimeToFileTime, SetFilePointer, SetCurrentDirectoryA, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, ResumeThread, CreateThread, TlsSetValue, ExitThread, TerminateProcess, EnterCriticalSection, LeaveCriticalSection, FileTimeToSystemTime, SetEnvironmentVariableW, CreateDirectoryA, GetFileAttributesA, DeleteFileA, GetCurrentProcessId, GetCurrentDirectoryA, GetFullPathNameA, TlsFree, SetEnvironmentVariableA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetCurrentThreadId, TlsAlloc, HeapReAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, RtlUnwind, InitializeCriticalSection, IsBadWritePtr, FatalAppExitA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers<br>> USER32.dll: GetDlgItem, GetParent, MoveWindow, ScreenToClient, ShowWindow, EnableWindow, GetWindowRect, MessageBoxA, SendMessageA, GetWindowLongA, MessageBeep, GetDlgItemTextA, SetDlgItemTextA, EndDialog, DialogBoxIndirectParamA, CreateDialogIndirectParamA, wsprintfA, GetClientRect, SetWindowTextA, GetActiveWindow, GetFocus<br>> NETAPI32.dll: Netbios<br>> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegEnumKeyExA, RegEnumValueA<br>> comdlg32.dll: GetOpenFileNameA<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 11 / 63
Noch
6 août 2010 à 18:59
Fichier CreateReg.exe reçu le 2010.08.06 16:55:59 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 221184 bytes
MD5...: de1a2134c7c77f469817b2ff8c9f7cb8
SHA1..: cb230e6eadc246b24beb1845a4373ace05a64e63
SHA256: e6a825d029feac0145b54363401a9fc3125dbefbb5ce944e06cfffd330b4b0a9
ssdeep: 3072:5ArqxOQywpizKLGN3dCZVWKpAEGuDHqDaW0tLzFNpS47poZPoMsiC:CXQyw<br>p1LGpdCZVbdWuYwbMs<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaf15<br>timedatestamp.....: 0x42b18928 (Thu Jun 16 14:14:00 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x23c43 0x24000 6.60 097a8993242f4147669f9e663c759587<br>.rdata 0x25000 0x8b0c 0x9000 4.66 aef1b36ff01c704cf6910a006650f1e6<br>.data 0x2e000 0xd348 0x4000 2.56 e935227233c0ebcce65d0df15fcf4310<br>.rsrc 0x3c000 0x3528 0x4000 3.44 acd4fd61145ba6381758545770b1c567<br><br>( 11 imports ) <br>> KERNEL32.dll: FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetTimeZoneInformation, UnhandledExceptionFilter, GetEnvironmentStrings, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, GetEnvironmentStringsW, VirtualAlloc, HeapReAlloc, SetHandleCount, VirtualFree, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, FlushFileBuffers, UnlockFile, GetACP, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapSize, RaiseException, TerminateProcess, HeapAlloc, HeapFree, RtlUnwind, ExitProcess, GetStartupInfoA, GetFileAttributesA, GetFileTime, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, FindClose, GetVolumeInformationA, FindFirstFileA, SetEndOfFile, IsBadWritePtr, LCMapStringA, LockFile, CloseHandle, GetModuleFileNameA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetVersionExA, GlobalLock, GlobalUnlock, GetTickCount, LocalFree, LocalAlloc, lstrlenA, lstrcpyA, ReadFile, SetFilePointer, GetProfileStringA, WriteFile, DuplicateHandle, CreateFileA, GetCurrentProcess, GetCPInfo, SetErrorMode, GetOEMCP, GetProcessVersion, SizeofResource, GetThreadLocale, WritePrivateProfileStringA, GetLastError, GlobalFlags, LocalReAlloc, lstrcpynA, TlsGetValue, GlobalReAlloc, TlsSetValue, EnterCriticalSection, GlobalHandle, LeaveCriticalSection, TlsFree, InitializeCriticalSection, DeleteCriticalSection, TlsAlloc, LoadLibraryA, MulDiv, SetLastError, lstrcatA, FreeLibrary, GetVersion, GlobalFindAtomA, GlobalGetAtomNameA, GlobalAddAtomA, FindResourceA, GetModuleHandleA, GetProcAddress, GlobalFree, LoadResource, LockResource, SetStdHandle, LCMapStringW, GetCommandLineA<br>> USER32.dll: InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, MessageBeep, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, LoadCursorA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, GetTopWindow, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, CharUpperA, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, CopyRect, GetSubMenu, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, UnhookWindowsHookEx, PostMessageA, PostQuitMessage, IsWindow, GetWindowPlacement, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, IsChild, DrawFocusRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode<br>> GDI32.dll: DeleteObject, GetViewportExtEx, GetWindowExtEx, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, GetBkColor, DPtoLP, GetTextColor, LPtoDP, GetMapMode, PatBlt, CreateCompatibleDC, BitBlt, CreateDIBitmap, IntersectClipRect, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, SetViewportOrgEx, SetMapMode, OffsetViewportOrgEx, GetStockObject, SetBkMode, RestoreDC, SaveDC, SelectObject, DeleteDC, GetObjectA, CreateBitmap, GetClipBox, SetBkColor, SetTextColor, GetTextExtentPointA<br>> comdlg32.dll: GetFileTitleA<br>> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>> ADVAPI32.dll: RegCreateKeyExA, SetEntriesInAclA, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegOpenKeyExA, RegSetValueExA, RegSetKeySecurity, RegEnumKeyA<br>> COMCTL32.dll: -<br>> oledlg.dll: -<br>> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, OleInitialize, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoTaskMemAlloc<br>> OLEPRO32.DLL: -<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)<br>Windows Screen Saver (18.4%)<br>Win32 Executable Generic (12.0%)<br>Win32 Dynamic Link Library (generic) (10.6%)<br>Generic Win/DOS Executable (2.8%)
sigcheck:<br>publisher....: <br>copyright....: Copyright (C) 2005<br>product......: Application CreateReg<br>description..: Application MFC CreateReg<br>original name: CreateReg.EXE<br>internal name: CreateReg<br>file version.: 2, 5, 6, 16<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 221184 bytes
MD5...: de1a2134c7c77f469817b2ff8c9f7cb8
SHA1..: cb230e6eadc246b24beb1845a4373ace05a64e63
SHA256: e6a825d029feac0145b54363401a9fc3125dbefbb5ce944e06cfffd330b4b0a9
ssdeep: 3072:5ArqxOQywpizKLGN3dCZVWKpAEGuDHqDaW0tLzFNpS47poZPoMsiC:CXQyw<br>p1LGpdCZVbdWuYwbMs<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xaf15<br>timedatestamp.....: 0x42b18928 (Thu Jun 16 14:14:00 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x23c43 0x24000 6.60 097a8993242f4147669f9e663c759587<br>.rdata 0x25000 0x8b0c 0x9000 4.66 aef1b36ff01c704cf6910a006650f1e6<br>.data 0x2e000 0xd348 0x4000 2.56 e935227233c0ebcce65d0df15fcf4310<br>.rsrc 0x3c000 0x3528 0x4000 3.44 acd4fd61145ba6381758545770b1c567<br><br>( 11 imports ) <br>> KERNEL32.dll: FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetTimeZoneInformation, UnhandledExceptionFilter, GetEnvironmentStrings, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, GetEnvironmentStringsW, VirtualAlloc, HeapReAlloc, SetHandleCount, VirtualFree, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, FlushFileBuffers, UnlockFile, GetACP, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapSize, RaiseException, TerminateProcess, HeapAlloc, HeapFree, RtlUnwind, ExitProcess, GetStartupInfoA, GetFileAttributesA, GetFileTime, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, FindClose, GetVolumeInformationA, FindFirstFileA, SetEndOfFile, IsBadWritePtr, LCMapStringA, LockFile, CloseHandle, GetModuleFileNameA, FormatMessageA, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetVersionExA, GlobalLock, GlobalUnlock, GetTickCount, LocalFree, LocalAlloc, lstrlenA, lstrcpyA, ReadFile, SetFilePointer, GetProfileStringA, WriteFile, DuplicateHandle, CreateFileA, GetCurrentProcess, GetCPInfo, SetErrorMode, GetOEMCP, GetProcessVersion, SizeofResource, GetThreadLocale, WritePrivateProfileStringA, GetLastError, GlobalFlags, LocalReAlloc, lstrcpynA, TlsGetValue, GlobalReAlloc, TlsSetValue, EnterCriticalSection, GlobalHandle, LeaveCriticalSection, TlsFree, InitializeCriticalSection, DeleteCriticalSection, TlsAlloc, LoadLibraryA, MulDiv, SetLastError, lstrcatA, FreeLibrary, GetVersion, GlobalFindAtomA, GlobalGetAtomNameA, GlobalAddAtomA, FindResourceA, GetModuleHandleA, GetProcAddress, GlobalFree, LoadResource, LockResource, SetStdHandle, LCMapStringW, GetCommandLineA<br>> USER32.dll: InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, MessageBeep, GetNextDlgGroupItem, SetRect, CopyAcceleratorTableA, CharNextA, GetSysColorBrush, LoadCursorA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, GetTopWindow, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, CharUpperA, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, CopyRect, GetSubMenu, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, UnhookWindowsHookEx, PostMessageA, PostQuitMessage, IsWindow, GetWindowPlacement, LoadStringA, OpenClipboard, GetClipboardData, CloseClipboard, PeekMessageA, TranslateMessage, DispatchMessageA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, IsChild, DrawFocusRect, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode<br>> GDI32.dll: DeleteObject, GetViewportExtEx, GetWindowExtEx, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, GetBkColor, DPtoLP, GetTextColor, LPtoDP, GetMapMode, PatBlt, CreateCompatibleDC, BitBlt, CreateDIBitmap, IntersectClipRect, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, SetViewportOrgEx, SetMapMode, OffsetViewportOrgEx, GetStockObject, SetBkMode, RestoreDC, SaveDC, SelectObject, DeleteDC, GetObjectA, CreateBitmap, GetClipBox, SetBkColor, SetTextColor, GetTextExtentPointA<br>> comdlg32.dll: GetFileTitleA<br>> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>> ADVAPI32.dll: RegCreateKeyExA, SetEntriesInAclA, FreeSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegOpenKeyExA, RegSetValueExA, RegSetKeySecurity, RegEnumKeyA<br>> COMCTL32.dll: -<br>> oledlg.dll: -<br>> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, OleInitialize, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgOpenStorageOnILockBytes, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoTaskMemAlloc<br>> OLEPRO32.DLL: -<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)<br>Windows Screen Saver (18.4%)<br>Win32 Executable Generic (12.0%)<br>Win32 Dynamic Link Library (generic) (10.6%)<br>Generic Win/DOS Executable (2.8%)
sigcheck:<br>publisher....: <br>copyright....: Copyright (C) 2005<br>product......: Application CreateReg<br>description..: Application MFC CreateReg<br>original name: CreateReg.EXE<br>internal name: CreateReg<br>file version.: 2, 5, 6, 16<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 12 / 63
Noch
6 août 2010 à 19:04
Fichier installs.exe reçu le 2010.08.06 17:00:17 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 73728 bytes
MD5...: 6ba5ff23182f7e2535fd2b2b3e5a1c2c
SHA1..: bf9cce946a205fe01c777418adca8153e02273bc
SHA256: d2093c0230436a9db3a82a07f7d3b45bb6606c262a8e5ba3c05d8ad5ec007e69
ssdeep: 1536:rGYMTArIkM4N9HsaeZ9lVDFptjAt7Wnfqy8ikO15ghoWp:rGIrV9Mam3VLt<br>jAt1/iZ15ghoWp<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1e3f<br>timedatestamp.....: 0x3d5a8440 (Wed Aug 14 16:24:32 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xae94 0xb000 6.60 cc8b6be5fedcd3da57237cc1aa45d728<br>.rdata 0xc000 0x16ec 0x2000 4.26 e9b8f1937c6df4dafde8f529d1ddf0a1<br>.data 0xe000 0x56fc 0x4000 2.49 0dae58aca23db72d05a8037f87109dfa<br><br>( 2 imports ) <br>> KERNEL32.dll: GetCurrentProcess, Sleep, GetLastError, GetStartupInfoA, ExitProcess, TerminateProcess, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, HeapAlloc, InterlockedDecrement, InterlockedIncrement, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetProcAddress, LoadLibraryA, FlushFileBuffers, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA<br>> ADVAPI32.dll: OpenServiceA, RegDeleteValueA, GetFileSecurityA, IsValidSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, DeleteService, GetSecurityDescriptorDacl, GetSecurityDescriptorLength, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, LookupAccountSidA, GetAce, GetAclInformation, IsValidAcl<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 73728 bytes
MD5...: 6ba5ff23182f7e2535fd2b2b3e5a1c2c
SHA1..: bf9cce946a205fe01c777418adca8153e02273bc
SHA256: d2093c0230436a9db3a82a07f7d3b45bb6606c262a8e5ba3c05d8ad5ec007e69
ssdeep: 1536:rGYMTArIkM4N9HsaeZ9lVDFptjAt7Wnfqy8ikO15ghoWp:rGIrV9Mam3VLt<br>jAt1/iZ15ghoWp<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1e3f<br>timedatestamp.....: 0x3d5a8440 (Wed Aug 14 16:24:32 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xae94 0xb000 6.60 cc8b6be5fedcd3da57237cc1aa45d728<br>.rdata 0xc000 0x16ec 0x2000 4.26 e9b8f1937c6df4dafde8f529d1ddf0a1<br>.data 0xe000 0x56fc 0x4000 2.49 0dae58aca23db72d05a8037f87109dfa<br><br>( 2 imports ) <br>> KERNEL32.dll: GetCurrentProcess, Sleep, GetLastError, GetStartupInfoA, ExitProcess, TerminateProcess, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, FatalAppExitA, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, HeapAlloc, InterlockedDecrement, InterlockedIncrement, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetProcAddress, LoadLibraryA, FlushFileBuffers, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA<br>> ADVAPI32.dll: OpenServiceA, RegDeleteValueA, GetFileSecurityA, IsValidSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, CloseServiceHandle, CreateServiceA, RegCreateKeyExA, DeleteService, GetSecurityDescriptorDacl, GetSecurityDescriptorLength, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, LookupAccountSidA, GetAce, GetAclInformation, IsValidAcl<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 13 / 63
Utilisateur anonyme
6 août 2010 à 19:05
c'uila aussi ^^
0
Réponse 14 / 63
Noch
6 août 2010 à 19:05
Fichier lmtools.exe reçu le 2010.08.06 17:00:32 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 658432 bytes
MD5...: 3733796e1555fac2f1fc625faef338a8
SHA1..: cfa8e43e35fe33447fb343c65de43c81e1d9534e
SHA256: 0d314eec842b53bb593f999aa71cb6c9a3d21a388371e9429837a819eb619e30
ssdeep: 12288:vFLiubCKdE4E41Cm7da0ZQtodgHoZ9OFAN+p4XeEcvzFoac:tp5E2zda0Z<br>Qto4oZ90s+p4XeE<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xc1e0<br>timedatestamp.....: 0x3bc3699d (Tue Oct 09 21:18:21 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x665b4 0x66600 6.41 961ddbc932311e924c3fcd5dff235c5a<br>.rdata 0x68000 0x34b8 0x3600 4.16 58a02d6aad73174c4c96f456ec19e4bd<br>.data 0x6c000 0x12030 0xc800 4.59 69122d4f353051bec8e302543eda6c96<br>.idata 0x7f000 0x15e0 0x1600 5.55 adc566f90ffe61f58662f7415d124674<br>_TEXT_HA 0x81000 0x108ca 0x10a00 6.60 b3e07642cf02842377505d1830050849<br>.rsrc 0x92000 0x1830c 0x18400 2.40 a81d82513e59c5e15deb5c11be970ca4<br><br>( 9 imports ) <br>> KERNEL32.dll: GetCurrentProcess, HeapReAlloc, HeapSize, InitializeCriticalSection, TerminateProcess, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetModuleFileNameA, EnterCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, FreeEnvironmentStringsW, GetCurrentThread, LCMapStringW, GetStringTypeA, TlsGetValue, VirtualAlloc, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, GetProcAddress, LoadLibraryA, TlsAlloc, CloseHandle, CreateFileA, GetLocaleInfoA, GetLocaleInfoW, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, TlsSetValue, GetCurrentThreadId, HeapFree, SetLastError, LCMapStringA, GetStringTypeW, GetDriveTypeA, GetFullPathNameA, GetCurrentDirectoryA, GetFileType, PeekNamedPipe, GetFileInformationByHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, ReadFile, HeapAlloc, InterlockedIncrement, InterlockedDecrement, GetCommandLineA, GetStartupInfoA, RaiseException, GetFileAttributesA, GetLastError, GetSystemTime, GetTimeZoneInformation, GetWindowsDirectoryA, GetLocalTime, RtlUnwind, Sleep, CreateProcessA, GetVersion, WriteFile, GetModuleHandleA, GlobalFree, GlobalAlloc, GetCurrentProcessId, DeleteFileA, CreateDirectoryA, ExitThread, CreateThread, SetEnvironmentVariableW, GetVersionExA, ReleaseSemaphore, WaitForSingleObject, OpenSemaphoreA, CreateSemaphoreA, SetErrorMode, DuplicateHandle, GetTickCount, FreeLibrary, ResetEvent, CreateEventA, SetEvent, GetVolumeInformationA, ResumeThread, DeviceIoControl, GetProcessTimes, FindFirstFileA, FindNextFileA, FindClose, LocalFree, LocalAlloc, SetThreadPriority, GetPrivateProfileStringA, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileIntA, FormatMessageA, GetShortPathNameA, GetEnvironmentVariableA<br>> USER32.dll: MessageBeep, SetFocus, GetWindowRect, TranslateMessage, GetMessageA, GetActiveWindow, GetParent, MoveWindow, ScreenToClient, EnableWindow, GetWindowLongA, GetDlgItemTextA, SetDlgItemTextA, EndDialog, GetFocus, SetWindowTextA, GetClientRect, wsprintfA, CreateDialogIndirectParamA, DialogBoxIndirectParamA, RedrawWindow, PostMessageA, DestroyWindow, InvalidateRect, SetForegroundWindow, IsWindowEnabled, GetWindowTextA, IsDialogMessageA, DispatchMessageA, GetDlgItem, PeekMessageA, ReleaseDC, GetDC, CreateDialogParamA, CallWindowProcA, SetWindowLongA, LoadBitmapA, ShowWindow, SetCursor, LoadCursorA, SendMessageA, GetWindowTextLengthA, GetCursor, SetMenuItemInfoA, CheckRadioButton, ShowCursor, SendDlgItemMessageA, MessageBoxA<br>> ADVAPI32.dll: DeleteService, RegSetValueExA, ControlService, StartServiceA, RegDeleteKeyA, RegDeleteValueA, QueryServiceConfigA, OpenSCManagerA, CreateServiceA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, GetUserNameA<br>> GDI32.dll: GetStockObject, CreateFontIndirectA, GetTextMetricsA, SelectObject, DeleteObject<br>> SHELL32.dll: ShellExecuteA<br>> COMCTL32.dll: -, ImageList_Create, ImageList_GetImageCount, ImageList_Add<br>> WSOCK32.dll: -, -, -<br>> NETAPI32.dll: Netbios<br>> comdlg32.dll: GetOpenFileNameA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: InstallShield setup (37.0%)<br>Win32 Executable MS Visual C++ (generic) (32.4%)<br>Windows Screen Saver (11.2%)<br>Win32 Executable Generic (7.3%)<br>Win32 Dynamic Link Library (generic) (6.5%)
sigcheck:<br>publisher....: GLOBEtrotter Software Inc.<br>copyright....: Copyright (c) 2001, 1987<br>product......: <br>description..: <br>original name: LMTOOLS.EXE<br>internal name: LMTOOLS<br>file version.: 7, 2, 9, 0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 658432 bytes
MD5...: 3733796e1555fac2f1fc625faef338a8
SHA1..: cfa8e43e35fe33447fb343c65de43c81e1d9534e
SHA256: 0d314eec842b53bb593f999aa71cb6c9a3d21a388371e9429837a819eb619e30
ssdeep: 12288:vFLiubCKdE4E41Cm7da0ZQtodgHoZ9OFAN+p4XeEcvzFoac:tp5E2zda0Z<br>Qto4oZ90s+p4XeE<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xc1e0<br>timedatestamp.....: 0x3bc3699d (Tue Oct 09 21:18:21 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x665b4 0x66600 6.41 961ddbc932311e924c3fcd5dff235c5a<br>.rdata 0x68000 0x34b8 0x3600 4.16 58a02d6aad73174c4c96f456ec19e4bd<br>.data 0x6c000 0x12030 0xc800 4.59 69122d4f353051bec8e302543eda6c96<br>.idata 0x7f000 0x15e0 0x1600 5.55 adc566f90ffe61f58662f7415d124674<br>_TEXT_HA 0x81000 0x108ca 0x10a00 6.60 b3e07642cf02842377505d1830050849<br>.rsrc 0x92000 0x1830c 0x18400 2.40 a81d82513e59c5e15deb5c11be970ca4<br><br>( 9 imports ) <br>> KERNEL32.dll: GetCurrentProcess, HeapReAlloc, HeapSize, InitializeCriticalSection, TerminateProcess, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetModuleFileNameA, EnterCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, FreeEnvironmentStringsW, GetCurrentThread, LCMapStringW, GetStringTypeA, TlsGetValue, VirtualAlloc, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, GetProcAddress, LoadLibraryA, TlsAlloc, CloseHandle, CreateFileA, GetLocaleInfoA, GetLocaleInfoW, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, TlsSetValue, GetCurrentThreadId, HeapFree, SetLastError, LCMapStringA, GetStringTypeW, GetDriveTypeA, GetFullPathNameA, GetCurrentDirectoryA, GetFileType, PeekNamedPipe, GetFileInformationByHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, ReadFile, HeapAlloc, InterlockedIncrement, InterlockedDecrement, GetCommandLineA, GetStartupInfoA, RaiseException, GetFileAttributesA, GetLastError, GetSystemTime, GetTimeZoneInformation, GetWindowsDirectoryA, GetLocalTime, RtlUnwind, Sleep, CreateProcessA, GetVersion, WriteFile, GetModuleHandleA, GlobalFree, GlobalAlloc, GetCurrentProcessId, DeleteFileA, CreateDirectoryA, ExitThread, CreateThread, SetEnvironmentVariableW, GetVersionExA, ReleaseSemaphore, WaitForSingleObject, OpenSemaphoreA, CreateSemaphoreA, SetErrorMode, DuplicateHandle, GetTickCount, FreeLibrary, ResetEvent, CreateEventA, SetEvent, GetVolumeInformationA, ResumeThread, DeviceIoControl, GetProcessTimes, FindFirstFileA, FindNextFileA, FindClose, LocalFree, LocalAlloc, SetThreadPriority, GetPrivateProfileStringA, SleepEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetPrivateProfileIntA, FormatMessageA, GetShortPathNameA, GetEnvironmentVariableA<br>> USER32.dll: MessageBeep, SetFocus, GetWindowRect, TranslateMessage, GetMessageA, GetActiveWindow, GetParent, MoveWindow, ScreenToClient, EnableWindow, GetWindowLongA, GetDlgItemTextA, SetDlgItemTextA, EndDialog, GetFocus, SetWindowTextA, GetClientRect, wsprintfA, CreateDialogIndirectParamA, DialogBoxIndirectParamA, RedrawWindow, PostMessageA, DestroyWindow, InvalidateRect, SetForegroundWindow, IsWindowEnabled, GetWindowTextA, IsDialogMessageA, DispatchMessageA, GetDlgItem, PeekMessageA, ReleaseDC, GetDC, CreateDialogParamA, CallWindowProcA, SetWindowLongA, LoadBitmapA, ShowWindow, SetCursor, LoadCursorA, SendMessageA, GetWindowTextLengthA, GetCursor, SetMenuItemInfoA, CheckRadioButton, ShowCursor, SendDlgItemMessageA, MessageBoxA<br>> ADVAPI32.dll: DeleteService, RegSetValueExA, ControlService, StartServiceA, RegDeleteKeyA, RegDeleteValueA, QueryServiceConfigA, OpenSCManagerA, CreateServiceA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, RegCreateKeyExA, RegEnumValueA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, RegCloseKey, ReportEventA, RegisterEventSourceA, DeregisterEventSource, GetUserNameA<br>> GDI32.dll: GetStockObject, CreateFontIndirectA, GetTextMetricsA, SelectObject, DeleteObject<br>> SHELL32.dll: ShellExecuteA<br>> COMCTL32.dll: -, ImageList_Create, ImageList_GetImageCount, ImageList_Add<br>> WSOCK32.dll: -, -, -<br>> NETAPI32.dll: Netbios<br>> comdlg32.dll: GetOpenFileNameA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: InstallShield setup (37.0%)<br>Win32 Executable MS Visual C++ (generic) (32.4%)<br>Windows Screen Saver (11.2%)<br>Win32 Executable Generic (7.3%)<br>Win32 Dynamic Link Library (generic) (6.5%)
sigcheck:<br>publisher....: GLOBEtrotter Software Inc.<br>copyright....: Copyright (c) 2001, 1987<br>product......: <br>description..: <br>original name: LMTOOLS.EXE<br>internal name: LMTOOLS<br>file version.: 7, 2, 9, 0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 15 / 63
Noch
6 août 2010 à 19:06
Fichier nuvyuv.dll reçu le 2010.08.06 17:00:52 (UTC)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Information additionnelle
File size: 81920 bytes
MD5...: 84c14a9e550a41902015fc456fbc6b67
SHA1..: b2b1899b7f51f2f4bf8a944eabbcddf6c4ab0257
SHA256: 77bc598f5fc8c8b6fdd0e06b56df2b1fa6d4e220f32f7505a89667ac180274dd
ssdeep: 768:0dluTJiaoITmIq6tFVs+NYo0t7TY/buQeuE9ZEnB1mSrOXWmiB9QZ6lFY6zo<br>Doks:0dluV/x163TYTuQNP3Q6U6UomoOK<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3136<br>timedatestamp.....: 0x3ba481a4 (Sun Sep 16 10:40:36 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x92c2 0xa000 6.43 24c06cc208fcc6befbebbb7372808240<br>.rdata 0xb000 0x1158 0x2000 3.11 49ec1e524ae2297cf5d45b8366a95dfc<br>.data 0xd000 0x48a4 0x4000 1.16 294e7f105a4a5e736160e612fd6a2c12<br>.rsrc 0x12000 0x2a0 0x1000 0.70 50f173c7515ee30ddb8c4bf27d3fb667<br>.reloc 0x13000 0x10bc 0x2000 2.57 9ef5ce7d24bc75944dbb6deeac47971b<br><br>( 3 imports ) <br>> WINMM.dll: DefDriverProc<br>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>> KERNEL32.dll: TlsFree, TlsGetValue, CloseHandle, SetStdHandle, DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetVersionExA, GetLastError, InterlockedDecrement, InterlockedIncrement, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, GetProcAddress, GetModuleHandleA, HeapAlloc, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, ExitProcess, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, VirtualAlloc, FlushFileBuffers, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, SetFilePointer, IsBadWritePtr, GetStringTypeA, GetStringTypeW, GetCPInfo, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, GetACP, GetOEMCP, LoadLibraryA<br><br>( 1 exports ) <br>DriverProc<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Zoran Ltd.<br>copyright....: Copyright (c) 1998-2001, Zoran Ltd.<br>product......: USBVision<br>description..: NUVision YUV Decoder<br>original name: n/a<br>internal name: n/a<br>file version.: 2, 0, 1, 1<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5667 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5347 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6695 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

Information additionnelle
File size: 81920 bytes
MD5...: 84c14a9e550a41902015fc456fbc6b67
SHA1..: b2b1899b7f51f2f4bf8a944eabbcddf6c4ab0257
SHA256: 77bc598f5fc8c8b6fdd0e06b56df2b1fa6d4e220f32f7505a89667ac180274dd
ssdeep: 768:0dluTJiaoITmIq6tFVs+NYo0t7TY/buQeuE9ZEnB1mSrOXWmiB9QZ6lFY6zo<br>Doks:0dluV/x163TYTuQNP3Q6U6UomoOK<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3136<br>timedatestamp.....: 0x3ba481a4 (Sun Sep 16 10:40:36 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x92c2 0xa000 6.43 24c06cc208fcc6befbebbb7372808240<br>.rdata 0xb000 0x1158 0x2000 3.11 49ec1e524ae2297cf5d45b8366a95dfc<br>.data 0xd000 0x48a4 0x4000 1.16 294e7f105a4a5e736160e612fd6a2c12<br>.rsrc 0x12000 0x2a0 0x1000 0.70 50f173c7515ee30ddb8c4bf27d3fb667<br>.reloc 0x13000 0x10bc 0x2000 2.57 9ef5ce7d24bc75944dbb6deeac47971b<br><br>( 3 imports ) <br>> WINMM.dll: DefDriverProc<br>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList<br>> KERNEL32.dll: TlsFree, TlsGetValue, CloseHandle, SetStdHandle, DeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetVersionExA, GetLastError, InterlockedDecrement, InterlockedIncrement, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, GetProcAddress, GetModuleHandleA, HeapAlloc, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, ExitProcess, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, VirtualAlloc, FlushFileBuffers, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, SetFilePointer, IsBadWritePtr, GetStringTypeA, GetStringTypeW, GetCPInfo, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, GetACP, GetOEMCP, LoadLibraryA<br><br>( 1 exports ) <br>DriverProc<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Zoran Ltd.<br>copyright....: Copyright (c) 1998-2001, Zoran Ltd.<br>product......: USBVision<br>description..: NUVision YUV Decoder<br>original name: n/a<br>internal name: n/a<br>file version.: 2, 0, 1, 1<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 16 / 63
Utilisateur anonyme
6 août 2010 à 19:07
cuila tu peux garder
0
Réponse 17 / 63
Noch
Modifié par Noch le 7/08/2010 à 02:12
ci dessous le rapport de listkillem apres le cleaning :

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.3 ¤¤¤¤¤¤¤¤¤¤

User : Fred (Administrateurs)
Update on 05/08/2010 by g3n-h@ckm@n ::::: 17.50
Start at: 00:49:21 | 07/08/2010

Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 35,46 Go (3,91 Go free) [Systeme] | NTFS
D:\ -> Disque fixe local | 39,07 Go (17,94 Go free) [Docs] | NTFS
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

C:\WINDOWS\System32\smss.exe ----400 Ko
C:\WINDOWS\system32\csrss.exe ----3608 Ko
C:\WINDOWS\system32\winlogon.exe ----1540 Ko
C:\WINDOWS\system32\services.exe ----13136 Ko
C:\WINDOWS\system32\lsass.exe ----6516 Ko
C:\WINDOWS\system32\Ati2evxx.exe ----3620 Ko
C:\WINDOWS\system32\svchost.exe ----4908 Ko
C:\WINDOWS\system32\logonui.exe ----3924 Ko
C:\WINDOWS\system32\svchost.exe ----4308 Ko
C:\WINDOWS\System32\svchost.exe ----37540 Ko
C:\WINDOWS\system32\Ati2evxx.exe ----4184 Ko
C:\Program Files\AVG\AVG9\avgchsvx.exe ----2040 Ko
C:\Program Files\AVG\AVG9\avgrsx.exe ----3328 Ko
C:\WINDOWS\system32\svchost.exe ----3484 Ko
C:\Program Files\AVG\AVG9\avgcsrvx.exe ----5780 Ko
C:\WINDOWS\system32\spoolsv.exe ----6112 Ko
C:\WINDOWS\system32\svchost.exe ----3416 Ko
C:\Program Files\NetLimiter\nlsvc.exe ----4424 Ko
C:\WINDOWS\System32\snmp.exe ----4236 Ko
C:\WINDOWS\system32\wdfmgr.exe ----2204 Ko
C:\WINDOWS\System32\alg.exe ----3756 Ko
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE ----3320 Ko
C:\WINDOWS\system32\userinit.exe ----3248 Ko
C:\WINDOWS\Explorer.EXE ----10192 Ko
C:\Program Files\NetLimiter\NLClient.exe ----17152 Ko
C:\WINDOWS\system32\cmd.exe ----2420 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----6872 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE ----3272 Ko
C:\Program Files\List_Kill'em\pv.exe ----3100 Ko

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Internet Explorer\iekey.dll
Quarantined & Deleted !! : C:\Program Files\Radmin

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\reboot.txt
Quarantined & Deleted !! : C:\WINDOWS\Temp\10018c4f4974d1b5a308ba5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\151ecf44346b619eefe572e6.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\166ae75c19816891b33c63c1.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1f5ebe06b084e2c3816d0876.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\21b5eed1f38b0457f85d5be.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\240359b15dec143b806e23fd.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\253a31925d5555c781362a44.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\26badd43fe47c2bfd12f2014.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\29a1442eb46dfacb905ee26b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\347efbd6497389437a4ed36e.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\3a862de38eaed75aebf17d42.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\4288eab95d92fca91d4b5ee4.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\442bc8c68fbb2d16496542c9.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\49beab634f98827ea448c6cb.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\4b607e8a1b928990a218b2ed.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\51d29e0b7faaf3f2198792e2.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\5834550167903b8837f44717.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\58cdbef7de79cae3d8df538.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\5d277c64c6bced0f3de14870.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\5d3d46ba8ad953b27a3b30d.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\6271b705d55dee4a7e96bae5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\687cc61859a395f67f46bf56.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\6aa9f583606fad848229f1ba.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\719f33851de8cca5eec7a559.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\765a746c93797b75dc951e27.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\76ccdac3e03d865d67d64a02.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\7a1b42e9e82e37ccdaa2b4c1.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\7b1ae29373eaa414fb3d5014.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\812eacb6db27b1d6406a4f69.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\90ed69edb4908b4a305490ed.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\9a0319ab2786787cd632a4a7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a3d87b15edd4db9ad2b7fa65.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a40e41108f20d22f71f8a33b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\b530f9a64f7d244d5310db27.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\b5d94211b5a117bdae0e6f9f.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\c2f83ff0c66fbf2365658f33.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\c76c51d725f569c2f0c0561b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\caba24e2908a263ba9e17284.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\d7987857704a2115f0be4eb.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\e0bf05a2a342b680eec1633.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\e1bdaa9037cc6430a6a1ae4b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\e867e2f63d2130f59a1eae67.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\f6ac32813cabda7a51432fff.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\faa6f733573b0140b3da79dc.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\fce9b6157a509535348a903c.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\fd3ebc934ddc8e3f23db50e.tmp
Quarantined & Deleted !! : File

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)

========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

FEATURE_BROWSER_EMULATION | svchost :
====================================

Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87687EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8736e278
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 63
Utilisateur anonyme
7 août 2010 à 02:15
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

Desactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
0
Noch
7 août 2010 à 02:36
C'est en cours.
0
Noch
Modifié par Noch le 7/08/2010 à 09:51
Bon je suis parti me coucher en laissant le scan de GMER tourner.
Ce matin, blue screen : winlogon s'est terminé de facon inattendue ....

J'ai relancé le scan de GMER, c'est en cours.
Il ya déjà au moins une ligne rouge, on verra la suite à la fin de ce scan.

edit : Pas moyen de finir le scan, je tombe indéniablement sur un blue screen.
STOP : c0000021a {Erreur système irrécupérable}
Le procesus windows logon s'est terminé de facon inattendue dans l'état suivant 0xc0000005 (0x00000000 0x00000000)

Du coup, je fais quoi ? je te copie le rapport de scan et l'arrête avant qu'il finisse/plante ?
0
Réponse 19 / 63
Noch
7 août 2010 à 02:17
Ou sont passés les rapports de virus total ?
Il me semblait avoir mis les 7 rapports ??

c:\windows\system32\drivers\alcxeq.dat -> poubelle
c:\windows\system32\drivers\alcxhweq.dat -> poubelle
C:\WINDOWS\System32\avantd.exe -> ou est le rapport ?
C:\WINDOWS\System32\CreateReg.exe -> ou est le rapport ?
C:\WINDOWS\System32\installs.exe -> ou est le rapport ?
C:\WINDOWS\System32\lmtools.exe -> je garde
C:\WINDOWS\System32\nuvyuv.dll -> ou est le rapport ?

je recommence demain pour les 4 dont le rapport a disparu ...
0
Utilisateur anonyme
7 août 2010 à 02:19
j ai demandé la restoration des messages
0
Noch
7 août 2010 à 02:36
Ah oki merci.
0
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 998
7 août 2010 à 08:44
Salut gen.
Bonne continuation ;-).
0
Noch
7 août 2010 à 09:30
Ah super, merci pour la restauration !
0
Réponse 20 / 63
Noch
7 août 2010 à 09:54
Voila deja le rapport initial suite au premier scan exécuté automatiquement à l'ouverture.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-07 09:52:51
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Fred\LOCALS~1\Temp\awrdqkob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 877319B8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] jzioircv <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
0
Noch
7 août 2010 à 11:18
Et voila le log d'un scan plus poussé mais inachevé.
J'ai fait des sauvegardes au fur et à mesure du scan jusqu'à ce que ca plante.

http://www.cijoint.fr/cjlink.php?file=cj201008/cijHex5K2V.txt
0

Discussions similaires

Onglet disposition Excel ne s'affiche pas
dsqalli -
Raymond PENTIER -

5 réponses
Edge ouvir les onglets avec Google moteur de recherche
EG -
pistouri -

17 réponses
Disparition de l'onglet "événements" sur les Groupes FB
WisseWam -
WisseWam -

2 réponses
ouvrir nouvel onglet google
vins -
dan62 -

4 réponses
comment mettre google dans nouvel onglet
biguiline -
pusade -

48 réponses