Trojan win32 -small-JMH [trj] arrivé par MSN
Fermé
tom_777
-
21 avril 2008 à 19:41
dou-l Messages postés 2860 Date d'inscription vendredi 29 février 2008 Statut Membre Dernière intervention 29 décembre 2012 - 22 avril 2008 à 19:21
dou-l Messages postés 2860 Date d'inscription vendredi 29 février 2008 Statut Membre Dernière intervention 29 décembre 2012 - 22 avril 2008 à 19:21
A voir également:
- Trojan win32 -small-JMH [trj] arrivé par MSN
- Msn - Télécharger - Messagerie
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan wacatac ✓ - Forum Virus
- Symbole msn ✓ - Forum MSN / WLM
- Puabundler win32 - Forum Virus
24 réponses
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
22 avril 2008 à 17:58
22 avril 2008 à 17:58
ok d'accord
Voila les différents rapports :
File size: 37376 bytes
MD5...: 3e9f2da6cd3519cb9320f9ba8ed92c72
SHA1..: 688b0c36390a80115f84866928ee2de4af7fc719
SHA256: 356bec767b9e7c1a7b26bba12c7d1561c4578d7057038f0fd5394a88f6d24043
SHA512: 76d0d762ee35fee40f9dd560e9aae30981193940a78a51fa79c6fba97f1165f2
287a2bba00f8620764537ed820ecd8be8131f1c3000a40d5d3b104cd7c231d46
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x43e66d
timedatestamp.....: 0x480cfb81 (Mon Apr 21 20:39:29 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
diDf 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
diDf 0x16000 0x9000 0x8800 7.88 16f75fac12276239a36c390224a7ded1
.rsrc 0x1f000 0x1000 0x600 3.81 92e866bec47380d7577fb5e095010762
( 10 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> MFC42.DLL: -
> MSVCIRT.dll: _fail@ios@@QBEHXZ
> MSVCP60.dll: __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> MSVCRT.dll: atol
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: SHFileOperationA
> USER32.dll: CopyRect
( 0 exports )
packers: UPX
packers: UPX
packers: PE_Patch.Upolyx, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=0A083D7B00FD9FEC92CC00DBCE4FAF0062F19CF1
----------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 33792 bytes
MD5...: f5402cd47b7389ddc21f92119a906eee
SHA1..: 23755a333f5eb21a89a8ff12cd28201acf122b1f
SHA256: 8c81dd179c91f0548c734617b1d368f0905b532652577eb992c5dcb97868fbef
SHA512: 2408c98fdb123495d18dc2c6e7c42b0c654d84200abda0b8467353986b16fe43
5f7b7ef4fcaa6eafa86d4fc4569ad3eff83507855224db3cc9bbe55cc2f758f8
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1001bdc
timedatestamp.....: 0x41107dbc (Wed Aug 04 06:10:04 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x126a 0x1400 5.98 76e24abc49aa0f23153dceefeae8b65e
.data 0x3000 0x38 0x200 0.25 a7f7e8f7f41d7ffb4b369fe282510650
.rsrc 0x4000 0x6814 0x6a00 5.65 69658e622475c8806d8529e23762291f
( 5 imports )
> msvcrt.dll: _except_handler3, _wtoi, _vsnwprintf
> KERNEL32.dll: FreeLibrary, LocalFree, lstrlenA, WideCharToMultiByte, LocalAlloc, lstrlenW, GetProcAddress, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter
> GDI32.dll: GetStockObject
> USER32.dll: RegisterClassW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, MessageBoxW, LoadCursorW, DestroyWindow
> IMAGEHLP.dll: ImageDirectoryEntryToData
( 0 exports )
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f5402cd47b7389ddc21f92119a906eee
---------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 2182144 bytes
MD5...: dff99b97197af4340c0cf991db8cfc09
SHA1..: d2acc36b5419e7a4e2ab63d401e1808a7f93c242
SHA256: c412b5e8fd26823572ee159041c43df0b50fcc439399d6a46800c4b7a534593d
SHA512: afe48bec2691c05bcb4d0384b4cb962cb0a8b68aa25c58f8b2b87856c725f53b
cc80d4f61c9d6a6f2dbd6c42cc72eaddcdadbb0a4646f2b8923739e589413357
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40c238
timedatestamp.....: 0x475ab840 (Sat Dec 08 15:29:04 2007)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ed70 0x1ee00 6.27 0f05b88328e7c13b53ddec30eaaf290c
.data 0x20000 0x1f49f4 0x1f3e00 7.99 475c4931279be77b6187159c1cdcd35e
.rsrc 0x215000 0x1a8c 0x1c00 3.24 963f7d779dce98ff94c3c0408095dd53
( 6 imports )
> comdlg32.dll: ChooseColorA, PrintDlgW, ReplaceTextA, GetSaveFileNameA, ChooseColorW, ChooseFontW, PageSetupDlgW
> GDI32.dll: CreateDIBitmap, GetPixelFormat, EnumFontFamiliesExA, GetBrushOrgEx, GetTextMetricsW, GetGlyphOutline, CreateFontIndirectW, EnumFontFamiliesA, SetMagicColors, CloseFigure, StartDocA, SetStretchBltMode, GdiFlush, Polygon, GetKerningPairs, GetEnhMetaFileW, SetTextCharacterExtra, InvertRgn, GetPixel, GetTextCharsetInfo, GetTextExtentExPointA, GetTextAlign, EnumFontsA, GetOutlineTextMetricsA, GetPath
> USER32.dll: DlgDirListComboBoxA, AttachThreadInput, IsCharLowerA, MapDialogRect, ShowCursor, ValidateRect, LoadStringA, EnumDisplayMonitors, InternalGetWindowText, wvsprintfW, GetFocus, MsgWaitForMultipleObjects, GetListBoxInfo, GetWindowTextA, IsDialogMessageA, IsDialogMessage, EnableScrollBar, IsDlgButtonChecked, GetInputDesktop, SetClassWord, DdeQueryConvInfo, DdeGetLastError, ModifyMenuA, SetRectEmpty, LoadCursorA
> ADVAPI32.dll: RegDeleteKeyW, RegRestoreKeyA, CryptEncrypt, RegCreateKeyExW, RegEnumKeyA, CryptExportKey, InitializeSecurityDescriptor, LookupPrivilegeNameA, RegConnectRegistryW, LookupPrivilegeDisplayNameW
> KERNEL32.dll: GetACP, RtlUnwind, GetStringTypeA, GetFileType, HeapSize, GetCurrentProcessId, GetProcessHeap, GetCommandLineW, GetStdHandle, TlsSetValue, ReadConsoleInputW, IsValidCodePage, HeapCreate, DebugActiveProcess, WriteFile, GetStartupInfoA, GetLastError, GetDateFormatA, CompareStringA, VirtualQuery, GetCommandLineA, SetLastError, ExitProcess, HeapReAlloc, SetEnvironmentVariableA, GetLocaleInfoW, DeleteCriticalSection, EnumSystemLocalesA, GetProcAddress, InterlockedExchange, TlsGetValue, IsDebuggerPresent, GetCurrentProcess, GetCurrentThreadId, GetUserDefaultLCID, VirtualFree, SetHandleCount, GetModuleFileNameW, GetEnvironmentStrings, GetVersionExA, InterlockedDecrement, MultiByteToWideChar, GetEnvironmentStringsW, EnterCriticalSection, GetModuleFileNameA, TerminateProcess, CompareStringW, LCMapStringW, UnhandledExceptionFilter, QueryPerformanceCounter, GetCPInfo, VirtualAlloc, WideCharToMultiByte, Sleep, GetTickCount, InterlockedIncrement, GetSystemTimeAsFileTime, LoadLibraryA, GetConsoleTitleW, SetConsoleCtrlHandler, GetStringTypeW, LockFileEx, FreeLibrary, HeapAlloc, GetTimeZoneInformation, GetLocaleInfoA, GetModuleHandleA, FreeEnvironmentStringsA, GetConsoleTitleA, TlsAlloc, GlobalFix, HeapFree, SetUnhandledExceptionFilter, LeaveCriticalSection, HeapDestroy, GetTimeFormatA, InitializeCriticalSection, FreeEnvironmentStringsW, SystemTimeToFileTime, LCMapStringA, GetCurrentThread, IsValidLocale, TlsFree, GetStartupInfoW, GetOEMCP
> SHELL32.dll: SHFileOperationA, SHGetDataFromIDListW, ShellExecuteExW, SHGetFileInfo, SHGetDataFromIDListA
( 0 exports )
----------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 2387288 bytes
MD5...: 812ab9585a5829f601d4ffdc6af8b5c5
SHA1..: b03a2984b2257ff75630bed8887513c2bcbb11eb
SHA256: ad8daf014248c50eac8c896bb113bf378abfc5b20aa7a120f77cd2c50720f95b
SHA512: 7b6c0baa760c43189da476cdd4acbe3f4a5b2aca754d2180603246d990874367
edffbdc81cd19f0af8019eeba4f17b77fb8d300d5c0ac4c85f741f269dcc9dbd
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10127427
timedatestamp.....: 0x468917c6 (Mon Jul 02 15:20:38 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x137b67 0x137c00 6.26 9d5ca74caaa4878c8218b9176c5eeb8e
.rdata 0x139000 0x1d329 0x1d400 4.66 0eace4bc4fbc90b1220070c95d72a0b4
.data 0x157000 0x69f34 0x68200 5.51 a43fd5e3b309428a42f54e6a1ac31a64
.rsrc 0x1c1000 0x6ec98 0x6ee00 4.39 f64e28c1874febe0608710dffc945351
.reloc 0x230000 0x19222 0x19400 6.40 567252d7e534cfb5b09af8e269cd565c
( 14 imports )
> KERNEL32.dll: GetFileSize, MulDiv, GlobalReAlloc, EnumUILanguagesA, VirtualProtect, ReleaseMutex, ExpandEnvironmentStringsA, LocalAlloc, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetPriorityClass, GetModuleHandleW, GetCurrentThread, GetProcessHeap, HeapAlloc, HeapFree, OpenProcess, TerminateProcess, DeleteFileA, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, RemoveDirectoryA, MoveFileA, GetTempPathA, ReadFile, FindFirstFileA, FindNextFileA, FindClose, OutputDebugStringA, SetLastError, GetLocalTime, QueryPerformanceCounter, QueryPerformanceFrequency, VirtualAlloc, VirtualFree, GetSystemInfo, VirtualQuery, CreateFileA, WriteFile, CreateMutexA, LeaveCriticalSection, CreateDirectoryA, GetTempFileNameA, GetCurrentProcessId, WaitForSingleObject, CloseHandle, CreateThread, FormatMessageA, LocalFree, GetTickCount, lstrcatA, DeleteCriticalSection, HeapDestroy, InitializeCriticalSection, IsDBCSLeadByte, LoadLibraryExA, GetLastError, SizeofResource, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, GetShortPathNameA, CompareStringA, lstrcmpiA, lstrcpyA, LoadLibraryA, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, GetCurrentProcess, FlushInstructionCache, lstrcmpA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, MultiByteToWideChar, lstrlenA, lstrlenW, GlobalAlloc, FindResourceA, LoadResource, LockResource, GlobalHandle, GlobalFree, FreeResource, GetCurrentThreadId, EnterCriticalSection, OpenMutexA
> USER32.dll: RedrawWindow, PeekMessageA, SendMessageA, GetActiveWindow, LoadStringA, RegisterWindowMessageA, MapWindowPoints, EnableWindow, ScreenToClient, SetRectEmpty, CopyRect, IsRectEmpty, KillTimer, DestroyIcon, GetIconInfo, GetWindowDC, LoadImageA, DrawIconEx, ClientToScreen, GetCursorPos, GetWindowRect, IsWindowVisible, IsWindow, ShowWindow, SetWindowPos, GetSystemMetrics, GetClientRect, GetParent, MessageBoxA, DialogBoxParamA, CreateDialogIndirectParamA, RegisterClassExA, LoadCursorA, LoadBitmapA, SetTimer, MoveWindow, SetWindowRgn, PostMessageA, InflateRect, PtInRect, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, DrawFrameControl, DrawTextA, GetTopWindow, EndDialog, SetCursor, GetCapture, GetDlgCtrlID, CharNextA, IsWindowEnabled, DrawFocusRect, DrawTextExA, FrameRect, UpdateWindow, GetClassLongA, SetClassLongA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, TranslateMessage, DispatchMessageA, CreateWindowExA, wsprintfA, CallWindowProcA, DestroyWindow, GetDlgItem, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetDesktopWindow, GetClassNameA, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild, GetFocus, SetFocus, GetSysColor, MonitorFromPoint, GetMonitorInfoA, DestroyMenu, TrackPopupMenu, GetSubMenu, LoadMenuA, DialogBoxIndirectParamA, GetWindowTextLengthA, GetWindowTextA, SetForegroundWindow, EnumChildWindows, EnumWindows, SetRect, SetScrollPos, SetScrollRange, ShowScrollBar, SetWindowTextA, SetWindowLongA, GetWindow, GetWindowLongA, DefWindowProcA, GetClassInfoExA
> GDI32.dll: Rectangle, CreateBrushIndirect, GetTextMetricsA, CreateBitmap, OffsetRgn, EqualRgn, CombineRgn, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CreateFontIndirectA, GetDeviceCaps, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush, GetObjectA, GetStockObject, GetDCOrgEx, GetClipBox, SetStretchBltMode, SetWindowOrgEx, FrameRgn, StretchBlt, ExtTextOutA, SetBkColor, SetBkMode, FloodFill, DPtoLP, SaveDC, GetTextExtentPoint32A, RestoreDC, GetTextColor, GetPixel, MaskBlt, CreateDIBSection, ExtCreateRegion, GetDIBits, SetTextColor, GetViewportOrgEx, SetViewportOrgEx, ExcludeClipRect
> ADVAPI32.dll: RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CopySid, GetLengthSid, IsValidSid, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, OpenProcessToken, OpenThreadToken, GetUserNameA, RegRestoreKeyA, RegDeleteValueW, RegDeleteValueA, RegCreateKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegEnumValueA, RegQueryValueExA
> SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA
> ole32.dll: OleRun, CoInitialize, CoUninitialize, CoTaskMemRealloc, OleLockRunning, CoTaskMemAlloc, StringFromCLSID, StringFromGUID2, CoCreateGuid, CoTaskMemFree, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, OleInitialize, CreateStreamOnHGlobal, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathRemoveFileSpecA
> WININET.dll: InternetCanonicalizeUrlA, InternetGetConnectedState, InternetSetOptionA, InternetQueryOptionA, InternetCloseHandle, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetCrackUrlA
> OLEPRO32.DLL: -
> COMCTL32.dll: ImageList_Create, ImageList_AddMasked, ImageList_GetIcon, ImageList_Add, ImageList_GetImageCount, ImageList_SetBkColor, ImageList_GetIconSize, ImageList_Draw, _TrackMouseEvent, InitCommonControlsEx, ImageList_Destroy
> MSIMG32.dll: AlphaBlend
> MSVCP60.dll: __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _eof@ios_base@std@@QBE_NXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@XZ, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXPBDH@Z, __7ios_base@std@@QBE_NXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z, _close@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __Ostd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _length@_$char_traits@D@std@@SAIPBD@Z, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV01@@Z, __0logic_error@std@@QAE@ABV01@@Z, __1logic_error@std@@UAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD0@Z, __1bad_alloc@std@@UAE@XZ, _what@logic_error@std@@UBEPBDXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_NXZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Mstd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, _size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHABV12@@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _find_last_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHPBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _length@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __Xlen@std@@YAXXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIID@Z, ___7bad_alloc@std@@6B@, wctype, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADPAD0@Z, __0bad_alloc@std@@QAE@PBD@Z, __0bad_alloc@std@@QAE@ABV01@@Z, ___7logic_error@std@@6B@, __Xran@std@@YAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z
> MSVCRT.dll: __CxxFrameHandler, _purecall, __2@YAPAXI@Z, memset, strcmp, strlen, strcpy, strstr, memcpy, memcmp, wcscpy, abs, free, malloc, atoi, realloc, _mbsstr, _mbslwr, time, rand, srand, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABV0@@Z, _CxxThrowException, _except_handler3, mktime, strncpy, atof, _ftol, _strupr, _close, _write, _open, _strtime, _strdate, _vsnprintf, _mbschr, isalnum, tolower, isdigit, isxdigit, strchr, toupper, strncmp, _strlwr, wcslen, strtok, sscanf, atol, _itoa, _ismbcspace, _mbsnbicmp, isspace, __1exception@@UAE@XZ, memmove, __0exception@@QAE@ABQBD@Z, _isctype, _strnicmp, _terminate@@YAXXZ, __dllonexit, _onexit, __1type_info@@UAE@XZ, _initterm, _adjust_fdiv, _stricmp, _ltoa, _ultoa
( 6 exports )
DealioDllRegisterServer, DealioDllUnregisterServer, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Note : je n'ai pas réussi à trouver tout les fichiers.
Je poste en meme temps la rapport OTMoveIt :
C:\WINDOWS\system32\nstBC.dll unregistered successfully.
C:\WINDOWS\system32\nstBC.dll moved successfully.
C:\WINDOWS\mrofinu1423.exe moved successfully.
C:\WINDOWS\system32\mysidesearch_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\mysidesearch_sidebar.dll moved successfully.
Created on 04/22/2008 18:57:18
File size: 37376 bytes
MD5...: 3e9f2da6cd3519cb9320f9ba8ed92c72
SHA1..: 688b0c36390a80115f84866928ee2de4af7fc719
SHA256: 356bec767b9e7c1a7b26bba12c7d1561c4578d7057038f0fd5394a88f6d24043
SHA512: 76d0d762ee35fee40f9dd560e9aae30981193940a78a51fa79c6fba97f1165f2
287a2bba00f8620764537ed820ecd8be8131f1c3000a40d5d3b104cd7c231d46
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x43e66d
timedatestamp.....: 0x480cfb81 (Mon Apr 21 20:39:29 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
diDf 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
diDf 0x16000 0x9000 0x8800 7.88 16f75fac12276239a36c390224a7ded1
.rsrc 0x1f000 0x1000 0x600 3.81 92e866bec47380d7577fb5e095010762
( 10 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> MFC42.DLL: -
> MSVCIRT.dll: _fail@ios@@QBEHXZ
> MSVCP60.dll: __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> MSVCRT.dll: atol
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: SHFileOperationA
> USER32.dll: CopyRect
( 0 exports )
packers: UPX
packers: UPX
packers: PE_Patch.Upolyx, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=0A083D7B00FD9FEC92CC00DBCE4FAF0062F19CF1
----------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 33792 bytes
MD5...: f5402cd47b7389ddc21f92119a906eee
SHA1..: 23755a333f5eb21a89a8ff12cd28201acf122b1f
SHA256: 8c81dd179c91f0548c734617b1d368f0905b532652577eb992c5dcb97868fbef
SHA512: 2408c98fdb123495d18dc2c6e7c42b0c654d84200abda0b8467353986b16fe43
5f7b7ef4fcaa6eafa86d4fc4569ad3eff83507855224db3cc9bbe55cc2f758f8
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1001bdc
timedatestamp.....: 0x41107dbc (Wed Aug 04 06:10:04 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x126a 0x1400 5.98 76e24abc49aa0f23153dceefeae8b65e
.data 0x3000 0x38 0x200 0.25 a7f7e8f7f41d7ffb4b369fe282510650
.rsrc 0x4000 0x6814 0x6a00 5.65 69658e622475c8806d8529e23762291f
( 5 imports )
> msvcrt.dll: _except_handler3, _wtoi, _vsnwprintf
> KERNEL32.dll: FreeLibrary, LocalFree, lstrlenA, WideCharToMultiByte, LocalAlloc, lstrlenW, GetProcAddress, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter
> GDI32.dll: GetStockObject
> USER32.dll: RegisterClassW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, MessageBoxW, LoadCursorW, DestroyWindow
> IMAGEHLP.dll: ImageDirectoryEntryToData
( 0 exports )
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f5402cd47b7389ddc21f92119a906eee
---------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 2182144 bytes
MD5...: dff99b97197af4340c0cf991db8cfc09
SHA1..: d2acc36b5419e7a4e2ab63d401e1808a7f93c242
SHA256: c412b5e8fd26823572ee159041c43df0b50fcc439399d6a46800c4b7a534593d
SHA512: afe48bec2691c05bcb4d0384b4cb962cb0a8b68aa25c58f8b2b87856c725f53b
cc80d4f61c9d6a6f2dbd6c42cc72eaddcdadbb0a4646f2b8923739e589413357
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40c238
timedatestamp.....: 0x475ab840 (Sat Dec 08 15:29:04 2007)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ed70 0x1ee00 6.27 0f05b88328e7c13b53ddec30eaaf290c
.data 0x20000 0x1f49f4 0x1f3e00 7.99 475c4931279be77b6187159c1cdcd35e
.rsrc 0x215000 0x1a8c 0x1c00 3.24 963f7d779dce98ff94c3c0408095dd53
( 6 imports )
> comdlg32.dll: ChooseColorA, PrintDlgW, ReplaceTextA, GetSaveFileNameA, ChooseColorW, ChooseFontW, PageSetupDlgW
> GDI32.dll: CreateDIBitmap, GetPixelFormat, EnumFontFamiliesExA, GetBrushOrgEx, GetTextMetricsW, GetGlyphOutline, CreateFontIndirectW, EnumFontFamiliesA, SetMagicColors, CloseFigure, StartDocA, SetStretchBltMode, GdiFlush, Polygon, GetKerningPairs, GetEnhMetaFileW, SetTextCharacterExtra, InvertRgn, GetPixel, GetTextCharsetInfo, GetTextExtentExPointA, GetTextAlign, EnumFontsA, GetOutlineTextMetricsA, GetPath
> USER32.dll: DlgDirListComboBoxA, AttachThreadInput, IsCharLowerA, MapDialogRect, ShowCursor, ValidateRect, LoadStringA, EnumDisplayMonitors, InternalGetWindowText, wvsprintfW, GetFocus, MsgWaitForMultipleObjects, GetListBoxInfo, GetWindowTextA, IsDialogMessageA, IsDialogMessage, EnableScrollBar, IsDlgButtonChecked, GetInputDesktop, SetClassWord, DdeQueryConvInfo, DdeGetLastError, ModifyMenuA, SetRectEmpty, LoadCursorA
> ADVAPI32.dll: RegDeleteKeyW, RegRestoreKeyA, CryptEncrypt, RegCreateKeyExW, RegEnumKeyA, CryptExportKey, InitializeSecurityDescriptor, LookupPrivilegeNameA, RegConnectRegistryW, LookupPrivilegeDisplayNameW
> KERNEL32.dll: GetACP, RtlUnwind, GetStringTypeA, GetFileType, HeapSize, GetCurrentProcessId, GetProcessHeap, GetCommandLineW, GetStdHandle, TlsSetValue, ReadConsoleInputW, IsValidCodePage, HeapCreate, DebugActiveProcess, WriteFile, GetStartupInfoA, GetLastError, GetDateFormatA, CompareStringA, VirtualQuery, GetCommandLineA, SetLastError, ExitProcess, HeapReAlloc, SetEnvironmentVariableA, GetLocaleInfoW, DeleteCriticalSection, EnumSystemLocalesA, GetProcAddress, InterlockedExchange, TlsGetValue, IsDebuggerPresent, GetCurrentProcess, GetCurrentThreadId, GetUserDefaultLCID, VirtualFree, SetHandleCount, GetModuleFileNameW, GetEnvironmentStrings, GetVersionExA, InterlockedDecrement, MultiByteToWideChar, GetEnvironmentStringsW, EnterCriticalSection, GetModuleFileNameA, TerminateProcess, CompareStringW, LCMapStringW, UnhandledExceptionFilter, QueryPerformanceCounter, GetCPInfo, VirtualAlloc, WideCharToMultiByte, Sleep, GetTickCount, InterlockedIncrement, GetSystemTimeAsFileTime, LoadLibraryA, GetConsoleTitleW, SetConsoleCtrlHandler, GetStringTypeW, LockFileEx, FreeLibrary, HeapAlloc, GetTimeZoneInformation, GetLocaleInfoA, GetModuleHandleA, FreeEnvironmentStringsA, GetConsoleTitleA, TlsAlloc, GlobalFix, HeapFree, SetUnhandledExceptionFilter, LeaveCriticalSection, HeapDestroy, GetTimeFormatA, InitializeCriticalSection, FreeEnvironmentStringsW, SystemTimeToFileTime, LCMapStringA, GetCurrentThread, IsValidLocale, TlsFree, GetStartupInfoW, GetOEMCP
> SHELL32.dll: SHFileOperationA, SHGetDataFromIDListW, ShellExecuteExW, SHGetFileInfo, SHGetDataFromIDListA
( 0 exports )
----------------------------------------------------------------------------------------------------------------------------------------------------------------
File size: 2387288 bytes
MD5...: 812ab9585a5829f601d4ffdc6af8b5c5
SHA1..: b03a2984b2257ff75630bed8887513c2bcbb11eb
SHA256: ad8daf014248c50eac8c896bb113bf378abfc5b20aa7a120f77cd2c50720f95b
SHA512: 7b6c0baa760c43189da476cdd4acbe3f4a5b2aca754d2180603246d990874367
edffbdc81cd19f0af8019eeba4f17b77fb8d300d5c0ac4c85f741f269dcc9dbd
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10127427
timedatestamp.....: 0x468917c6 (Mon Jul 02 15:20:38 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x137b67 0x137c00 6.26 9d5ca74caaa4878c8218b9176c5eeb8e
.rdata 0x139000 0x1d329 0x1d400 4.66 0eace4bc4fbc90b1220070c95d72a0b4
.data 0x157000 0x69f34 0x68200 5.51 a43fd5e3b309428a42f54e6a1ac31a64
.rsrc 0x1c1000 0x6ec98 0x6ee00 4.39 f64e28c1874febe0608710dffc945351
.reloc 0x230000 0x19222 0x19400 6.40 567252d7e534cfb5b09af8e269cd565c
( 14 imports )
> KERNEL32.dll: GetFileSize, MulDiv, GlobalReAlloc, EnumUILanguagesA, VirtualProtect, ReleaseMutex, ExpandEnvironmentStringsA, LocalAlloc, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetPriorityClass, GetModuleHandleW, GetCurrentThread, GetProcessHeap, HeapAlloc, HeapFree, OpenProcess, TerminateProcess, DeleteFileA, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, RemoveDirectoryA, MoveFileA, GetTempPathA, ReadFile, FindFirstFileA, FindNextFileA, FindClose, OutputDebugStringA, SetLastError, GetLocalTime, QueryPerformanceCounter, QueryPerformanceFrequency, VirtualAlloc, VirtualFree, GetSystemInfo, VirtualQuery, CreateFileA, WriteFile, CreateMutexA, LeaveCriticalSection, CreateDirectoryA, GetTempFileNameA, GetCurrentProcessId, WaitForSingleObject, CloseHandle, CreateThread, FormatMessageA, LocalFree, GetTickCount, lstrcatA, DeleteCriticalSection, HeapDestroy, InitializeCriticalSection, IsDBCSLeadByte, LoadLibraryExA, GetLastError, SizeofResource, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, GetShortPathNameA, CompareStringA, lstrcmpiA, lstrcpyA, LoadLibraryA, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, GetCurrentProcess, FlushInstructionCache, lstrcmpA, InterlockedDecrement, InterlockedIncrement, GlobalLock, GlobalUnlock, MultiByteToWideChar, lstrlenA, lstrlenW, GlobalAlloc, FindResourceA, LoadResource, LockResource, GlobalHandle, GlobalFree, FreeResource, GetCurrentThreadId, EnterCriticalSection, OpenMutexA
> USER32.dll: RedrawWindow, PeekMessageA, SendMessageA, GetActiveWindow, LoadStringA, RegisterWindowMessageA, MapWindowPoints, EnableWindow, ScreenToClient, SetRectEmpty, CopyRect, IsRectEmpty, KillTimer, DestroyIcon, GetIconInfo, GetWindowDC, LoadImageA, DrawIconEx, ClientToScreen, GetCursorPos, GetWindowRect, IsWindowVisible, IsWindow, ShowWindow, SetWindowPos, GetSystemMetrics, GetClientRect, GetParent, MessageBoxA, DialogBoxParamA, CreateDialogIndirectParamA, RegisterClassExA, LoadCursorA, LoadBitmapA, SetTimer, MoveWindow, SetWindowRgn, PostMessageA, InflateRect, PtInRect, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, DrawFrameControl, DrawTextA, GetTopWindow, EndDialog, SetCursor, GetCapture, GetDlgCtrlID, CharNextA, IsWindowEnabled, DrawFocusRect, DrawTextExA, FrameRect, UpdateWindow, GetClassLongA, SetClassLongA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, TranslateMessage, DispatchMessageA, CreateWindowExA, wsprintfA, CallWindowProcA, DestroyWindow, GetDlgItem, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableA, GetDesktopWindow, GetClassNameA, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild, GetFocus, SetFocus, GetSysColor, MonitorFromPoint, GetMonitorInfoA, DestroyMenu, TrackPopupMenu, GetSubMenu, LoadMenuA, DialogBoxIndirectParamA, GetWindowTextLengthA, GetWindowTextA, SetForegroundWindow, EnumChildWindows, EnumWindows, SetRect, SetScrollPos, SetScrollRange, ShowScrollBar, SetWindowTextA, SetWindowLongA, GetWindow, GetWindowLongA, DefWindowProcA, GetClassInfoExA
> GDI32.dll: Rectangle, CreateBrushIndirect, GetTextMetricsA, CreateBitmap, OffsetRgn, EqualRgn, CombineRgn, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CreateFontIndirectA, GetDeviceCaps, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush, GetObjectA, GetStockObject, GetDCOrgEx, GetClipBox, SetStretchBltMode, SetWindowOrgEx, FrameRgn, StretchBlt, ExtTextOutA, SetBkColor, SetBkMode, FloodFill, DPtoLP, SaveDC, GetTextExtentPoint32A, RestoreDC, GetTextColor, GetPixel, MaskBlt, CreateDIBSection, ExtCreateRegion, GetDIBits, SetTextColor, GetViewportOrgEx, SetViewportOrgEx, ExcludeClipRect
> ADVAPI32.dll: RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegDeleteKeyA, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CopySid, GetLengthSid, IsValidSid, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, OpenProcessToken, OpenThreadToken, GetUserNameA, RegRestoreKeyA, RegDeleteValueW, RegDeleteValueA, RegCreateKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegEnumValueA, RegQueryValueExA
> SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA
> ole32.dll: OleRun, CoInitialize, CoUninitialize, CoTaskMemRealloc, OleLockRunning, CoTaskMemAlloc, StringFromCLSID, StringFromGUID2, CoCreateGuid, CoTaskMemFree, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, OleInitialize, CreateStreamOnHGlobal, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathRemoveFileSpecA
> WININET.dll: InternetCanonicalizeUrlA, InternetGetConnectedState, InternetSetOptionA, InternetQueryOptionA, InternetCloseHandle, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetCrackUrlA
> OLEPRO32.DLL: -
> COMCTL32.dll: ImageList_Create, ImageList_AddMasked, ImageList_GetIcon, ImageList_Add, ImageList_GetImageCount, ImageList_SetBkColor, ImageList_GetIconSize, ImageList_Draw, _TrackMouseEvent, InitCommonControlsEx, ImageList_Destroy
> MSIMG32.dll: AlphaBlend
> MSVCP60.dll: __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _eof@ios_base@std@@QBE_NXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@XZ, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXPBDH@Z, __7ios_base@std@@QBE_NXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z, _close@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __Ostd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _length@_$char_traits@D@std@@SAIPBD@Z, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV01@@Z, __0logic_error@std@@QAE@ABV01@@Z, __1logic_error@std@@UAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD0@Z, __1bad_alloc@std@@UAE@XZ, _what@logic_error@std@@UBEPBDXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_NXZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Mstd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, _size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHABV12@@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _find_last_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHPBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _length@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __Xlen@std@@YAXXZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIID@Z, ___7bad_alloc@std@@6B@, wctype, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADPAD0@Z, __0bad_alloc@std@@QAE@PBD@Z, __0bad_alloc@std@@QAE@ABV01@@Z, ___7logic_error@std@@6B@, __Xran@std@@YAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z
> MSVCRT.dll: __CxxFrameHandler, _purecall, __2@YAPAXI@Z, memset, strcmp, strlen, strcpy, strstr, memcpy, memcmp, wcscpy, abs, free, malloc, atoi, realloc, _mbsstr, _mbslwr, time, rand, srand, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABV0@@Z, _CxxThrowException, _except_handler3, mktime, strncpy, atof, _ftol, _strupr, _close, _write, _open, _strtime, _strdate, _vsnprintf, _mbschr, isalnum, tolower, isdigit, isxdigit, strchr, toupper, strncmp, _strlwr, wcslen, strtok, sscanf, atol, _itoa, _ismbcspace, _mbsnbicmp, isspace, __1exception@@UAE@XZ, memmove, __0exception@@QAE@ABQBD@Z, _isctype, _strnicmp, _terminate@@YAXXZ, __dllonexit, _onexit, __1type_info@@UAE@XZ, _initterm, _adjust_fdiv, _stricmp, _ltoa, _ultoa
( 6 exports )
DealioDllRegisterServer, DealioDllUnregisterServer, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Note : je n'ai pas réussi à trouver tout les fichiers.
Je poste en meme temps la rapport OTMoveIt :
C:\WINDOWS\system32\nstBC.dll unregistered successfully.
C:\WINDOWS\system32\nstBC.dll moved successfully.
C:\WINDOWS\mrofinu1423.exe moved successfully.
C:\WINDOWS\system32\mysidesearch_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\mysidesearch_sidebar.dll moved successfully.
Created on 04/22/2008 18:57:18
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
22 avril 2008 à 19:21
22 avril 2008 à 19:21
ok pour otmoveit mais tes rapport virustotal ne sont pas bon
ca devrait ressembler a ca :
plus le nom du fichier
recommence donc
a+
ca devrait ressembler a ca :
Antivirus Version Dernière mise à jour Résultat AhnLab-V3 - - - AntiVir - - TR/Crypt.XPACK.Gen Authentium - - - Avast - - - AVG - - Downloader.Obfuskated BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - FileAdvisor - - - Fortinet - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - Trojan:Win32/Busky.EC NOD32v2 - - a variant of Win32/TrojanDownloader.FakeAlert.BP Norman - - - Panda - - - Prevx1 - - Downloader.Zlob Rising - - - Sophos - - - Sunbelt - - - Symantec - - Downloader.MisleadApp TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
plus le nom du fichier
recommence donc
a+