A voir également:
- Aucun moteur de recherches ne fonctionne
- Recherche automatique des chaînes ne fonctionne pas - Guide
- Google moteur de recherche page d'accueil - Guide
- Safari moteur de recherche - Télécharger - Navigateurs
- Copernic moteur de recherche - Télécharger - Navigateurs
- Installer qwant moteur de recherche - Télécharger - Navigateurs
11 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
18 janv. 2011 à 12:06
18 janv. 2011 à 12:06
Bonjour,
Bienvenue sur CCM !
Nous allons essayer de régler ton problème ensemble. D'abord, quelques rappels :
- N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)
- N'hésite pas à poser des questions en cas de besoin ;)
- Sois patient(e) quand tu postes un message, je ne réponds pas instantanément : je suis bénévole et je ne suis pas en permanence devant mon ordinateur. Mais rassure toi, je ne laisse jamais tomber personne ;)
- La désinfection (si nécessaire) va se dérouler en plusieurs étapes. Même si les symptômes de l'infection disparaissent, la désinfection ne sera terminée que quand je te le confirmerai --> Merci de revenir jusqu'au bout, sinon ce qu'on a fait n'aura servi à rien.
Commence par utiliser ce logiciel de diagnostic stp, ça me permettra de t'aider :
* Télécharge ZHPDiag (de Nicolas Coolman)
* Laisse toi guider lors de l'installation
* Il se lancera automatiquement à la fin de l'installation
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Peux-tu aussi me préciser quels fichiers ont été détectés par Avast ?
Bienvenue sur CCM !
Nous allons essayer de régler ton problème ensemble. D'abord, quelques rappels :
- N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)
- N'hésite pas à poser des questions en cas de besoin ;)
- Sois patient(e) quand tu postes un message, je ne réponds pas instantanément : je suis bénévole et je ne suis pas en permanence devant mon ordinateur. Mais rassure toi, je ne laisse jamais tomber personne ;)
- La désinfection (si nécessaire) va se dérouler en plusieurs étapes. Même si les symptômes de l'infection disparaissent, la désinfection ne sera terminée que quand je te le confirmerai --> Merci de revenir jusqu'au bout, sinon ce qu'on a fait n'aura servi à rien.
Commence par utiliser ce logiciel de diagnostic stp, ça me permettra de t'aider :
* Télécharge ZHPDiag (de Nicolas Coolman)
* Laisse toi guider lors de l'installation
* Il se lancera automatiquement à la fin de l'installation
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Peux-tu aussi me préciser quels fichiers ont été détectés par Avast ?
Voilà le rapport : http://cjoint.com/?1bsmvcDgHEg
Je n'ai malheureusement plus les noms des fichiers que j'ai supprimés :/
Je n'ai malheureusement plus les noms des fichiers que j'ai supprimés :/
juste une petite précision et pas des moindre, google fonctionne à nouveau (mais pour combien de temps ??!) en ayant rien touché...
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
18 janv. 2011 à 13:54
18 janv. 2011 à 13:54
Ton problème vient du fait que le fichier Hosts de ton ordinateur a été détourné par une infection, nous allons le restaurer :
* Télécharge RstHosts (de Xplode) sur ton Bureau.
* Fais un clic-droit dessus et choisis "Exécuter en temps qu'administrateur"
* Clique sur Restaurer
* Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.
Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\RstHosts.txt )
Ensuite, utilise ce logiciel de désinfection généraliste stp :
* Télécharge et installe Malwarebytes' Anti-Malware
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
* A la fin de l'analyse, clique sur Afficher les résultats
* Coche tous les éléments détectés puis clique sur Supprimer la sélection
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp
Puis fais redémarrer ton ordinateur et poste un nouveau rapport de ZHPDiag stp
* Télécharge RstHosts (de Xplode) sur ton Bureau.
* Fais un clic-droit dessus et choisis "Exécuter en temps qu'administrateur"
* Clique sur Restaurer
* Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.
Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\RstHosts.txt )
Ensuite, utilise ce logiciel de désinfection généraliste stp :
* Télécharge et installe Malwarebytes' Anti-Malware
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
* A la fin de l'analyse, clique sur Afficher les résultats
* Coche tous les éléments détectés puis clique sur Supprimer la sélection
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp
Puis fais redémarrer ton ordinateur et poste un nouveau rapport de ZHPDiag stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le rapport de RstHosts :
Rapport RstHosts v1.5 - 18/01/2011 à 16:03
Mis à jour le 30/11/10 à 19h30 par Xplode
Système d'exploitation : Windows 7 Home Premium (64 bits) [version 6.1.7600]
Nom d'utilisateur : Aurelie - AURELIE-PC (Administrateur)
Exécuté depuis : C:\Users\Aurelie\Desktop\RstHosts.exe
Option : [Restaurer]
++++++++++ [[Restauration du fichier hosts]] ++++++++++
-> Suppression... OK !
-> BackUp sauvegardé sous C:\RstHostsBkp.bak ... OK !
-> Copie du fichier hosts sain vers C:\Windows\system32\drivers\etc\hosts ... OK !
-> Fichier Hosts restauré avec succès !
++++++++++ [[Propriétés du fichier hosts]] ++++++++++
Emplacement : C:\Windows\system32\drivers\etc\hosts
Attribut(s) : RASH
Taille : 89 octets
Date de création : 14/07/2009 - 03:34
Date de modification : 21/11/2010 - 14:59
Date de dernier accès : 18/01/2011 - 16:03
++++++++++ [[Contenu du fichier hosts ( Avant restauration )]] ++++++++++
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
217.23.15.124 google.com
217.23.15.124 google.com.au
217.23.15.124 www.google.com.au
217.23.15.124 google.be
217.23.15.124 www.google.be
217.23.15.124 google.com.br
217.23.15.124 www.google.com.br
217.23.15.124 google.ca
217.23.15.124 www.google.ca
217.23.15.124 google.ch
217.23.15.124 www.google.ch
217.23.15.124 google.de
217.23.15.124 www.google.de
217.23.15.124 google.dk
217.23.15.124 www.google.dk
217.23.15.124 google.fr
217.23.15.124 www.google.fr
217.23.15.124 google.ie
217.23.15.124 www.google.ie
217.23.15.124 google.it
217.23.15.124 www.google.it
217.23.15.124 google.co.jp
217.23.15.124 www.google.co.jp
217.23.15.124 google.nl
217.23.15.124 www.google.nl
217.23.15.124 google.no
217.23.15.124 www.google.no
217.23.15.124 google.co.nz
217.23.15.124 www.google.co.nz
217.23.15.124 google.pl
217.23.15.124 www.google.pl
217.23.15.124 google.se
217.23.15.124 www.google.se
217.23.15.124 google.co.uk
217.23.15.124 google.co.za
217.23.15.124 www.google.co.za
217.23.15.124 www.bing.com
217.23.15.124 search.yahoo.com
217.23.15.124 www.search.yahoo.com
217.23.15.124 uk.search.yahoo.com
217.23.15.124 ca.search.yahoo.com
217.23.15.124 de.search.yahoo.com
217.23.15.124 fr.search.yahoo.com
217.23.15.124 au.search.yahoo.com
++++++++++ [[Contenu du fichier hosts ( Après restauration )]] ++++++++++
# Fichier Hosts créé par RstHosts
127.0.0.1 localhost
::1 localhost
########## EOF - "C:\RstHosts.txt" - [3309 octets] ##########
Et voici le rapport après la suppression des éléments infectés :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5544
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18/01/2011 16:19:35
mbam-log-2011-01-18 (16-19-35).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 165631
Temps écoulé: 4 minute(s), 14 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570B07659573EAB90 (Malware.Trace) -> Value: SRS_IT_E8790570B07659573EAB90 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files (x86)\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
Rapport RstHosts v1.5 - 18/01/2011 à 16:03
Mis à jour le 30/11/10 à 19h30 par Xplode
Système d'exploitation : Windows 7 Home Premium (64 bits) [version 6.1.7600]
Nom d'utilisateur : Aurelie - AURELIE-PC (Administrateur)
Exécuté depuis : C:\Users\Aurelie\Desktop\RstHosts.exe
Option : [Restaurer]
++++++++++ [[Restauration du fichier hosts]] ++++++++++
-> Suppression... OK !
-> BackUp sauvegardé sous C:\RstHostsBkp.bak ... OK !
-> Copie du fichier hosts sain vers C:\Windows\system32\drivers\etc\hosts ... OK !
-> Fichier Hosts restauré avec succès !
++++++++++ [[Propriétés du fichier hosts]] ++++++++++
Emplacement : C:\Windows\system32\drivers\etc\hosts
Attribut(s) : RASH
Taille : 89 octets
Date de création : 14/07/2009 - 03:34
Date de modification : 21/11/2010 - 14:59
Date de dernier accès : 18/01/2011 - 16:03
++++++++++ [[Contenu du fichier hosts ( Avant restauration )]] ++++++++++
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
217.23.15.124 google.com
217.23.15.124 google.com.au
217.23.15.124 www.google.com.au
217.23.15.124 google.be
217.23.15.124 www.google.be
217.23.15.124 google.com.br
217.23.15.124 www.google.com.br
217.23.15.124 google.ca
217.23.15.124 www.google.ca
217.23.15.124 google.ch
217.23.15.124 www.google.ch
217.23.15.124 google.de
217.23.15.124 www.google.de
217.23.15.124 google.dk
217.23.15.124 www.google.dk
217.23.15.124 google.fr
217.23.15.124 www.google.fr
217.23.15.124 google.ie
217.23.15.124 www.google.ie
217.23.15.124 google.it
217.23.15.124 www.google.it
217.23.15.124 google.co.jp
217.23.15.124 www.google.co.jp
217.23.15.124 google.nl
217.23.15.124 www.google.nl
217.23.15.124 google.no
217.23.15.124 www.google.no
217.23.15.124 google.co.nz
217.23.15.124 www.google.co.nz
217.23.15.124 google.pl
217.23.15.124 www.google.pl
217.23.15.124 google.se
217.23.15.124 www.google.se
217.23.15.124 google.co.uk
217.23.15.124 google.co.za
217.23.15.124 www.google.co.za
217.23.15.124 www.bing.com
217.23.15.124 search.yahoo.com
217.23.15.124 www.search.yahoo.com
217.23.15.124 uk.search.yahoo.com
217.23.15.124 ca.search.yahoo.com
217.23.15.124 de.search.yahoo.com
217.23.15.124 fr.search.yahoo.com
217.23.15.124 au.search.yahoo.com
++++++++++ [[Contenu du fichier hosts ( Après restauration )]] ++++++++++
# Fichier Hosts créé par RstHosts
127.0.0.1 localhost
::1 localhost
########## EOF - "C:\RstHosts.txt" - [3309 octets] ##########
Et voici le rapport après la suppression des éléments infectés :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5544
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18/01/2011 16:19:35
mbam-log-2011-01-18 (16-19-35).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 165631
Temps écoulé: 4 minute(s), 14 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570B07659573EAB90 (Malware.Trace) -> Value: SRS_IT_E8790570B07659573EAB90 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\program files (x86)\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.536.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
18 janv. 2011 à 17:12
18 janv. 2011 à 17:12
* Rends toi sur le site https://www.virustotal.com/gui/
* Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\ProgramData\a7d80cf\sqlite3.dll
* Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
* Fais un copier/coller du rapport sur le forum.
Si tu ne trouves pas le fichier, fais ceci :
* Menu Démarrer --> Panneau de configuration --> Apparence et personnalisation --> Options des dossiers --> Affichage
* Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
* Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.
Fais la même chose pour ce fichier : C:\ProgramData\a7d80cf\mozcrt19.dll
* Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\ProgramData\a7d80cf\sqlite3.dll
* Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
* Fais un copier/coller du rapport sur le forum.
Si tu ne trouves pas le fichier, fais ceci :
* Menu Démarrer --> Panneau de configuration --> Apparence et personnalisation --> Options des dossiers --> Affichage
* Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
* Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.
Fais la même chose pour ce fichier : C:\ProgramData\a7d80cf\mozcrt19.dll
rapport pour C:\ProgramData\a7d80cf\sqlite3.dll
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: sqlite3.dll
Submission date: 2011-01-18 17:32:38 (UTC)
Current status: queued (#11) queued (#11) analysing finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.174 2011.01.18 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.18 -
Avast5 5.0.677.0 2011.01.18 -
AVG 10.0.0.1190 2011.01.18 -
BitDefender 7.2 2011.01.18 -
CAT-QuickHeal 11.00 2011.01.18 -
ClamAV 0.96.4.0 2011.01.18 -
Commtouch 5.2.11.5 2011.01.18 -
Comodo 7432 2011.01.18 -
DrWeb 5.0.2.03300 2011.01.18 -
Emsisoft 5.1.0.1 2011.01.18 -
eSafe 7.0.17.0 2011.01.18 -
eTrust-Vet 36.1.8106 2011.01.18 -
F-Prot 4.6.2.117 2011.01.17 -
F-Secure 9.0.16160.0 2011.01.18 -
Fortinet 4.2.254.0 2011.01.16 -
GData 21 2011.01.18 -
Ikarus T3.1.1.97.0 2011.01.18 -
Jiangmin 13.0.900 2011.01.18 -
K7AntiVirus 9.77.3570 2011.01.18 -
Kaspersky 7.0.0.125 2011.01.18 -
McAfee 5.400.0.1158 2011.01.18 -
McAfee-GW-Edition 2010.1C 2011.01.18 -
Microsoft 1.6402 2011.01.18 -
NOD32 5797 2011.01.18 -
Norman 6.06.12 2011.01.18 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.18 -
PCTools 7.0.3.5 2011.01.18 -
Prevx 3.0 2011.01.18 -
Rising 22.83.01.03 2011.01.18 -
Sophos 4.61.0 2011.01.18 -
SUPERAntiSpyware 4.40.0.1006 2011.01.18 -
Symantec 20101.3.0.103 2011.01.18 -
TheHacker 6.7.0.1.116 2011.01.18 -
TrendMicro 9.120.0.1004 2011.01.18 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.18 -
VBA32 3.12.14.2 2011.01.18 -
VIPRE 8113 2011.01.18 -
ViRobot 2011.1.18.4261 2011.01.18 -
VirusBuster 13.6.152.1 2011.01.18 -
Additional informationShow all
MD5 : 8dc342d557e10579089f6d49c0c40375
SHA1 : be03ff44e579b3cc1018a4f1e2413fb353f78753
SHA256: 1e97634ea04f1ebd6aa9598b98cf7241bae125e93908e315220aff3ed4fb59b7
ssdeep: 6144:kt/VEWKpcHNvV/+9ObrQxZ7nt1N6agI/hsV1vfZz6mXx+W2F/mxFxaw+JJI80xwL:o9EWK
INvw9ObmjazxF2gx2IvudwQ3/+o
File size : 467928 bytes
First seen: 2010-06-27 05:38:02
Last seen : 2011-01-18 17:32:38
TrID:
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: sqlite.org
copyright....: n/a
product......: SQLite Database Library
description..: SQLite Database Library
original name: sqlite3.dll
internal name: sqlite3
file version.: 3.6.22
comments.....: n/a
signers......: Mozilla Corporation
Thawte Code Signing CA
Thawte Premium Server CA
signing date.: 9:41 AM 6/26/2010
verified.....: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x644E0
timedatestamp....: 0x4C259450 (Sat Jun 26 05:46:56 2010)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x63B2E, 0x63C00, 6.61, d5d6262f6b411b90d5d331223acfd260
.rdata, 0x65000, 0x97DD, 0x9800, 6.17, aa005398efc7cf99e9e28e09cc6e5515
.data, 0x6F000, 0x10EC, 0xA00, 2.65, d5f5dfd0d1f3d360ed9abf1d292676d1
.rsrc, 0x71000, 0x2F0, 0x400, 2.50, 94567ac27b0cd62aeb210cec615dd3ec
.reloc, 0x72000, 0x2670, 0x2800, 6.32, bd81f3d951cbbbd9623a928808d113d6
[[ 2 import(s) ]]
KERNEL32.dll: Sleep, InitializeCriticalSection, InterlockedCompareExchange, DeleteCriticalSection, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, AreFileApisANSI, CloseHandle, ReadFile, GetLastError, SetFilePointer, WriteFile, SetEndOfFile, FlushFileBuffers, GetFileSize, UnlockFile, LockFile, GetFileAttributesA, DeleteFileA, GetFileAttributesW, DeleteFileW, LoadLibraryA, LoadLibraryW, GetProcAddress, FreeLibrary, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTime, GetSystemTimeAsFileTime, GetTempPathA, GetTempPathW, LocalFree, FormatMessageA, FormatMessageW, GetFullPathNameA, GetFullPathNameW, GetDiskFreeSpaceA, GetDiskFreeSpaceW, CreateFileA, CreateFileW, LockFileEx, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedExchange, DisableThreadLibraryCalls
MOZCRT19.dll: isspace, strncmp, isalnum, tolower, memmove, qsort, _encode_pointer, _malloc_crt, _encoded_null, _decode_pointer, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, __clean_type_info_names_internal, _unlock, __dllonexit, _lock, _onexit, _except_handler4_common, memcpy, memset, realloc, free, malloc, _localtime64_s, atoi
[[ 141 export(s) ]]
sqlite3_aggregate_context, sqlite3_aggregate_count, sqlite3_auto_extension, sqlite3_bind_blob, sqlite3_bind_double, sqlite3_bind_int, sqlite3_bind_int64, sqlite3_bind_null, sqlite3_bind_parameter_count, sqlite3_bind_parameter_index, sqlite3_bind_parameter_name, sqlite3_bind_text, sqlite3_bind_text16, sqlite3_bind_value, sqlite3_busy_handler, sqlite3_busy_timeout, sqlite3_changes, sqlite3_clear_bindings, sqlite3_close, sqlite3_collation_needed, sqlite3_collation_needed16, sqlite3_column_blob, sqlite3_column_bytes, sqlite3_column_bytes16, sqlite3_column_count, sqlite3_column_decltype, sqlite3_column_decltype16, sqlite3_column_double, sqlite3_column_int, sqlite3_column_int64, sqlite3_column_name, sqlite3_column_name16, sqlite3_column_text, sqlite3_column_text16, sqlite3_column_type, sqlite3_column_value, sqlite3_commit_hook, sqlite3_complete, sqlite3_complete16, sqlite3_config, sqlite3_create_collation, sqlite3_create_collation16, sqlite3_create_function, sqlite3_create_function16, sqlite3_create_module, sqlite3_data_count, sqlite3_db_handle, sqlite3_db_mutex, sqlite3_declare_vtab, sqlite3_enable_load_extension, sqlite3_enable_shared_cache, sqlite3_errcode, sqlite3_errmsg, sqlite3_errmsg16, sqlite3_exec, sqlite3_expired, sqlite3_extended_result_codes, sqlite3_file_control, sqlite3_finalize, sqlite3_free, sqlite3_free_table, sqlite3_get_autocommit, sqlite3_get_auxdata, sqlite3_get_table, sqlite3_global_recover, sqlite3_initialize, sqlite3_interrupt, sqlite3_last_insert_rowid, sqlite3_libversion, sqlite3_libversion_number, sqlite3_load_extension, sqlite3_malloc, sqlite3_memory_alarm, sqlite3_memory_highwater, sqlite3_memory_used, sqlite3_mprintf, sqlite3_mutex_alloc, sqlite3_mutex_enter, sqlite3_mutex_free, sqlite3_mutex_leave, sqlite3_mutex_try, sqlite3_next_stmt, sqlite3_open, sqlite3_open16, sqlite3_open_v2, sqlite3_overload_function, sqlite3_prepare, sqlite3_prepare16, sqlite3_prepare16_v2, sqlite3_prepare_v2, sqlite3_profile, sqlite3_progress_handler, sqlite3_realloc, sqlite3_release_memory, sqlite3_reset, sqlite3_reset_auto_extension, sqlite3_result_blob, sqlite3_result_double, sqlite3_result_error, sqlite3_result_error16, sqlite3_result_error_nomem, sqlite3_result_int, sqlite3_result_int64, sqlite3_result_null, sqlite3_result_text, sqlite3_result_text16, sqlite3_result_text16be, sqlite3_result_text16le, sqlite3_result_value, sqlite3_rollback_hook, sqlite3_set_authorizer, sqlite3_set_auxdata, sqlite3_shutdown, sqlite3_sleep, sqlite3_snprintf, sqlite3_sql, sqlite3_step, sqlite3_stmt_status, sqlite3_thread_cleanup, sqlite3_total_changes, sqlite3_trace, sqlite3_transfer_bindings, sqlite3_update_hook, sqlite3_user_data, sqlite3_value_blob, sqlite3_value_bytes, sqlite3_value_bytes16, sqlite3_value_double, sqlite3_value_int, sqlite3_value_int64, sqlite3_value_numeric_type, sqlite3_value_text, sqlite3_value_text16, sqlite3_value_text16be, sqlite3_value_text16le, sqlite3_value_type, sqlite3_version, sqlite3_vfs_find, sqlite3_vfs_register, sqlite3_vfs_unregister, sqlite3_vmprintf
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 408576
CompanyName: sqlite.org
EntryPoint: 0x644e0
FileDescription: SQLite Database Library
FileFlagsMask: 0x0000
FileOS: Windows NT 32-bit
FileSize: 457 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 3.6.22
FileVersionNumber: 3.6.22.0
ImageVersion: 0.0
InitializedDataSize: 54784
InternalName: sqlite3
LanguageCode: English (U.S.)
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: sqlite3.dll
PEType: PE32
ProductName: SQLite Database Library
ProductVersion: 3.6.22
ProductVersionNumber: 3.6.22.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:06:26 07:46:56+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: sqlite3.dll
Submission date: 2011-01-18 17:32:38 (UTC)
Current status: queued (#11) queued (#11) analysing finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.174 2011.01.18 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.18 -
Avast5 5.0.677.0 2011.01.18 -
AVG 10.0.0.1190 2011.01.18 -
BitDefender 7.2 2011.01.18 -
CAT-QuickHeal 11.00 2011.01.18 -
ClamAV 0.96.4.0 2011.01.18 -
Commtouch 5.2.11.5 2011.01.18 -
Comodo 7432 2011.01.18 -
DrWeb 5.0.2.03300 2011.01.18 -
Emsisoft 5.1.0.1 2011.01.18 -
eSafe 7.0.17.0 2011.01.18 -
eTrust-Vet 36.1.8106 2011.01.18 -
F-Prot 4.6.2.117 2011.01.17 -
F-Secure 9.0.16160.0 2011.01.18 -
Fortinet 4.2.254.0 2011.01.16 -
GData 21 2011.01.18 -
Ikarus T3.1.1.97.0 2011.01.18 -
Jiangmin 13.0.900 2011.01.18 -
K7AntiVirus 9.77.3570 2011.01.18 -
Kaspersky 7.0.0.125 2011.01.18 -
McAfee 5.400.0.1158 2011.01.18 -
McAfee-GW-Edition 2010.1C 2011.01.18 -
Microsoft 1.6402 2011.01.18 -
NOD32 5797 2011.01.18 -
Norman 6.06.12 2011.01.18 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.18 -
PCTools 7.0.3.5 2011.01.18 -
Prevx 3.0 2011.01.18 -
Rising 22.83.01.03 2011.01.18 -
Sophos 4.61.0 2011.01.18 -
SUPERAntiSpyware 4.40.0.1006 2011.01.18 -
Symantec 20101.3.0.103 2011.01.18 -
TheHacker 6.7.0.1.116 2011.01.18 -
TrendMicro 9.120.0.1004 2011.01.18 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.18 -
VBA32 3.12.14.2 2011.01.18 -
VIPRE 8113 2011.01.18 -
ViRobot 2011.1.18.4261 2011.01.18 -
VirusBuster 13.6.152.1 2011.01.18 -
Additional informationShow all
MD5 : 8dc342d557e10579089f6d49c0c40375
SHA1 : be03ff44e579b3cc1018a4f1e2413fb353f78753
SHA256: 1e97634ea04f1ebd6aa9598b98cf7241bae125e93908e315220aff3ed4fb59b7
ssdeep: 6144:kt/VEWKpcHNvV/+9ObrQxZ7nt1N6agI/hsV1vfZz6mXx+W2F/mxFxaw+JJI80xwL:o9EWK
INvw9ObmjazxF2gx2IvudwQ3/+o
File size : 467928 bytes
First seen: 2010-06-27 05:38:02
Last seen : 2011-01-18 17:32:38
TrID:
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: sqlite.org
copyright....: n/a
product......: SQLite Database Library
description..: SQLite Database Library
original name: sqlite3.dll
internal name: sqlite3
file version.: 3.6.22
comments.....: n/a
signers......: Mozilla Corporation
Thawte Code Signing CA
Thawte Premium Server CA
signing date.: 9:41 AM 6/26/2010
verified.....: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x644E0
timedatestamp....: 0x4C259450 (Sat Jun 26 05:46:56 2010)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x63B2E, 0x63C00, 6.61, d5d6262f6b411b90d5d331223acfd260
.rdata, 0x65000, 0x97DD, 0x9800, 6.17, aa005398efc7cf99e9e28e09cc6e5515
.data, 0x6F000, 0x10EC, 0xA00, 2.65, d5f5dfd0d1f3d360ed9abf1d292676d1
.rsrc, 0x71000, 0x2F0, 0x400, 2.50, 94567ac27b0cd62aeb210cec615dd3ec
.reloc, 0x72000, 0x2670, 0x2800, 6.32, bd81f3d951cbbbd9623a928808d113d6
[[ 2 import(s) ]]
KERNEL32.dll: Sleep, InitializeCriticalSection, InterlockedCompareExchange, DeleteCriticalSection, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, AreFileApisANSI, CloseHandle, ReadFile, GetLastError, SetFilePointer, WriteFile, SetEndOfFile, FlushFileBuffers, GetFileSize, UnlockFile, LockFile, GetFileAttributesA, DeleteFileA, GetFileAttributesW, DeleteFileW, LoadLibraryA, LoadLibraryW, GetProcAddress, FreeLibrary, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTime, GetSystemTimeAsFileTime, GetTempPathA, GetTempPathW, LocalFree, FormatMessageA, FormatMessageW, GetFullPathNameA, GetFullPathNameW, GetDiskFreeSpaceA, GetDiskFreeSpaceW, CreateFileA, CreateFileW, LockFileEx, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedExchange, DisableThreadLibraryCalls
MOZCRT19.dll: isspace, strncmp, isalnum, tolower, memmove, qsort, _encode_pointer, _malloc_crt, _encoded_null, _decode_pointer, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, __clean_type_info_names_internal, _unlock, __dllonexit, _lock, _onexit, _except_handler4_common, memcpy, memset, realloc, free, malloc, _localtime64_s, atoi
[[ 141 export(s) ]]
sqlite3_aggregate_context, sqlite3_aggregate_count, sqlite3_auto_extension, sqlite3_bind_blob, sqlite3_bind_double, sqlite3_bind_int, sqlite3_bind_int64, sqlite3_bind_null, sqlite3_bind_parameter_count, sqlite3_bind_parameter_index, sqlite3_bind_parameter_name, sqlite3_bind_text, sqlite3_bind_text16, sqlite3_bind_value, sqlite3_busy_handler, sqlite3_busy_timeout, sqlite3_changes, sqlite3_clear_bindings, sqlite3_close, sqlite3_collation_needed, sqlite3_collation_needed16, sqlite3_column_blob, sqlite3_column_bytes, sqlite3_column_bytes16, sqlite3_column_count, sqlite3_column_decltype, sqlite3_column_decltype16, sqlite3_column_double, sqlite3_column_int, sqlite3_column_int64, sqlite3_column_name, sqlite3_column_name16, sqlite3_column_text, sqlite3_column_text16, sqlite3_column_type, sqlite3_column_value, sqlite3_commit_hook, sqlite3_complete, sqlite3_complete16, sqlite3_config, sqlite3_create_collation, sqlite3_create_collation16, sqlite3_create_function, sqlite3_create_function16, sqlite3_create_module, sqlite3_data_count, sqlite3_db_handle, sqlite3_db_mutex, sqlite3_declare_vtab, sqlite3_enable_load_extension, sqlite3_enable_shared_cache, sqlite3_errcode, sqlite3_errmsg, sqlite3_errmsg16, sqlite3_exec, sqlite3_expired, sqlite3_extended_result_codes, sqlite3_file_control, sqlite3_finalize, sqlite3_free, sqlite3_free_table, sqlite3_get_autocommit, sqlite3_get_auxdata, sqlite3_get_table, sqlite3_global_recover, sqlite3_initialize, sqlite3_interrupt, sqlite3_last_insert_rowid, sqlite3_libversion, sqlite3_libversion_number, sqlite3_load_extension, sqlite3_malloc, sqlite3_memory_alarm, sqlite3_memory_highwater, sqlite3_memory_used, sqlite3_mprintf, sqlite3_mutex_alloc, sqlite3_mutex_enter, sqlite3_mutex_free, sqlite3_mutex_leave, sqlite3_mutex_try, sqlite3_next_stmt, sqlite3_open, sqlite3_open16, sqlite3_open_v2, sqlite3_overload_function, sqlite3_prepare, sqlite3_prepare16, sqlite3_prepare16_v2, sqlite3_prepare_v2, sqlite3_profile, sqlite3_progress_handler, sqlite3_realloc, sqlite3_release_memory, sqlite3_reset, sqlite3_reset_auto_extension, sqlite3_result_blob, sqlite3_result_double, sqlite3_result_error, sqlite3_result_error16, sqlite3_result_error_nomem, sqlite3_result_int, sqlite3_result_int64, sqlite3_result_null, sqlite3_result_text, sqlite3_result_text16, sqlite3_result_text16be, sqlite3_result_text16le, sqlite3_result_value, sqlite3_rollback_hook, sqlite3_set_authorizer, sqlite3_set_auxdata, sqlite3_shutdown, sqlite3_sleep, sqlite3_snprintf, sqlite3_sql, sqlite3_step, sqlite3_stmt_status, sqlite3_thread_cleanup, sqlite3_total_changes, sqlite3_trace, sqlite3_transfer_bindings, sqlite3_update_hook, sqlite3_user_data, sqlite3_value_blob, sqlite3_value_bytes, sqlite3_value_bytes16, sqlite3_value_double, sqlite3_value_int, sqlite3_value_int64, sqlite3_value_numeric_type, sqlite3_value_text, sqlite3_value_text16, sqlite3_value_text16be, sqlite3_value_text16le, sqlite3_value_type, sqlite3_version, sqlite3_vfs_find, sqlite3_vfs_register, sqlite3_vfs_unregister, sqlite3_vmprintf
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 408576
CompanyName: sqlite.org
EntryPoint: 0x644e0
FileDescription: SQLite Database Library
FileFlagsMask: 0x0000
FileOS: Windows NT 32-bit
FileSize: 457 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 3.6.22
FileVersionNumber: 3.6.22.0
ImageVersion: 0.0
InitializedDataSize: 54784
InternalName: sqlite3
LanguageCode: English (U.S.)
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: sqlite3.dll
PEType: PE32
ProductName: SQLite Database Library
ProductVersion: 3.6.22
ProductVersionNumber: 3.6.22.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:06:26 07:46:56+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
18 janv. 2011 à 22:52
18 janv. 2011 à 22:52
D'accord, ces fichiers ne sont donc pas néfastes :)
As-tu encore des problèmes ? Sinon il reste à sécuriser ton ordinateur.
As-tu encore des problèmes ? Sinon il reste à sécuriser ton ordinateur.