Sujet Précédent Sujet Suivant

Fenêtres intempestives

Résolu/Fermé
kitsiba - 28 juin 2008 à 20:25
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 1 juil. 2008 à 20:45
Bonjour,
ma gamine a touché l'ordi et accepté un téléchargement.... depuis j'ai des fenêtres intempestives que ce soit avec explorer ou mozilla firfox, notamment pour me vendre des antivirus...

sous XP avec avast

highjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:21, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\eric martel\Local Settings\Temporary Internet Files\Content.IE5\ODWP8DIP\install_sbd_fr[1].exe
C:\Program Files\Fichiers communs\ProtectionConue\bm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0496CA23-3F33-4FDC-986F-4463A84D94E9} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - C:\WINDOWS\system32\jkkJcDtR.dll
O2 - BHO: (no name) - {25104D78-C56B-456E-A377-F6E652008F93} - (no file)
O2 - BHO: (no name) - {41FB7E1E-62E8-45F1-8140-EFBCDDA8B87F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C281629-FA6E-43E2-9833-5086A7B8BFA2} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B9788AE3-7CD3-4479-877B-4DA774A0107E} - C:\WINDOWS\system32\cbXQkHAS.dll
O2 - BHO: {6c36f3c2-8f3b-db9a-3534-4cddbabd917f} - {f719dbab-ddc4-4353-a9bd-b3f82c3f63c6} - C:\WINDOWS\system32\tewhpp.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [BMeff8f590] Rundll32.exe "C:\WINDOWS\system32\mvndbitv.dll",s
O4 - HKLM\..\Run: [eccbc60c] rundll32.exe "C:\WINDOWS\system32\ifyvitcp.dll",b
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\eric martel\Local Settings\Temporary Internet Files\Content.IE5\ODWP8DIP\install_sbd_fr[1].exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\ProtectionConue\bm.exe" dm=http://protectionconue.com ad=http://protectionconue.com sd=http://gregistre.protectionconue.com
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-21-1051883994-2243295628-4263318276-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'claire martel')
O4 - HKUS\S-1-5-21-1051883994-2243295628-4263318276-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" (User 'claire martel')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: jkkJcDtR - C:\WINDOWS\SYSTEM32\jkkJcDtR.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 juin 2008 à 20:26
une liste eu été préferable,
si j'ai bien compris il sont tous infécté ou alors on O de taille

donc

fais ceci:








Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\WINDOWS\system32\msturbcr.dll
C:\WINDOWS\system32\qbcntg.dll
C:\WINDOWS\system32\algbqcxa.dll
C:\WINDOWS\system32\thapsoeq.dll
C:\WINDOWS\system32\fluvieva.dll
C:\WINDOWS\system32\yvnnyrvt.dll
C:\WINDOWS\system32\aqcwbs.dll
C:\WINDOWS\system32\piuyshct.dll
C:\WINDOWS\system32\tmkvycyu.dll
C:\WINDOWS\system32\tewhpp.dll
C:\WINDOWS\system32\ifyvitcp.dll
C:\WINDOWS\system32\mvndbitv.dll
C:\WINDOWS\system32\onujxe.dll
C:\WINDOWS\system32\buareren.dll
C:\WINDOWS\system32\dxuqrrna.dll
C:\WINDOWS\system32\uniijj.dll
C:\WINDOWS\system32\khoyxyhu.dll
C:\WINDOWS\system32\ibahqygk.dll
C:\WINDOWS\system32\rswdwgnb.dll
C:\WINDOWS\system32\olpegckr.dll
C:\WINDOWS\system32\fycnkkos.dll
C:\WINDOWS\system32\jkkJcDtR.dll
C:\WINDOWS\system32\ikwaedrh.dll
C:\WINDOWS\system32\acplneoe.dll



Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0496CA23-3F33-4FDC-986F-4463A84D94E9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25104D78-C56B-456E-A377-F6E652008F93}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37815406-B964-4322-BC9C-FEEC807130A3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41FB7E1E-62E8-45F1-8140-EFBCDDA8B87F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C281629-FA6E-43E2-9833-5086A7B8BFA2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9788AE3-7CD3-4479-877B-4DA774A0107E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eccbc60c"=-
"BMeff8f590"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJcDtR]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis
et dis tes soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
1
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 20:47
combofix ne démarre pas car renommé killbagle - instruction de jfkpresident
0
Réponse 2 / 12
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
28 juin 2008 à 20:36
salut , ton pc est bien touché .

Télécharge smitfraudfix
Utilitaire de S!Ri: Moe et balltrap34

Installe le à la racine de C : tuto d'utilisation
Double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation option 1 Recherche :
Double clique sur smitfraudfix.cmd
Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

Ne fais rien d'autre sans notre avis

Copie/colle le RAPPORT sur ta prochaine réponse sur ce post stp.

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
28 juin 2008 à 22:12
SmitFraudFix v2.328

Rapport fait à 22:08:29,71, 28/06/2008
Executé à partir de C:\WINDOWS\BDOSCAN8\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\eric martel\Local Settings\Temporary Internet Files\Content.IE5\ODWP8DIP\install_sbd_fr[1].exe
C:\Program Files\Fichiers communs\ProtectionConue\bm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\ProtectionConue\bm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\eric martel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\eric martel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ERICMA~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WPN311 RangeMax(TM) Wireless PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7991FD21-610E-4D8F-8AF1-239E3A86118A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7991FD21-610E-4D8F-8AF1-239E3A86118A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7991FD21-610E-4D8F-8AF1-239E3A86118A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


merci, moi aussi je ne suis pas tjrs sur le pc
0
Réponse 3 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 juin 2008 à 00:07
pour avancer jfk president:


désactive tes protections (antivirus, anti espion...) puis

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
29 juin 2008 à 10:24
ComboFix 08-06-20.4 - eric martel 2008-06-29 10:13:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1418 [GMT 2:00]
Endroit: C:\Documents and Settings\eric martel\Bureau\killbagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMeff8f590.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anrrquxd.ini
C:\WINDOWS\system32\aveivulf.ini
C:\WINDOWS\system32\cbXQkHAS.dll
C:\WINDOWS\system32\eoenlpca.ini
C:\WINDOWS\system32\jSDLlUtv.ini
C:\WINDOWS\system32\jSDLlUtv.ini2
C:\WINDOWS\system32\kgyqhabi.ini
C:\WINDOWS\system32\KRuDJRqr.ini
C:\WINDOWS\system32\KRuDJRqr.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqrYycfe.ini
C:\WINDOWS\system32\nqrYycfe.ini2
C:\WINDOWS\system32\nXxyxyay.ini
C:\WINDOWS\system32\nXxyxyay.ini2
C:\WINDOWS\system32\pctivyfi.ini
C:\WINDOWS\system32\pmnligHw.dll
C:\WINDOWS\system32\qAKTAcfe.ini
C:\WINDOWS\system32\qAKTAcfe.ini2
C:\WINDOWS\system32\qslwniwq.ini
C:\WINDOWS\system32\rcbrutsm.ini
C:\WINDOWS\system32\rqRJDuRK.dll
C:\WINDOWS\system32\SAHkQXbc.ini
C:\WINDOWS\system32\SAHkQXbc.ini2
C:\WINDOWS\system32\vtUlLDSj.dll
C:\WINDOWS\system32\yayxyxXn.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
.

2008-06-28 23:04 . 2008-06-28 23:04 81,920 --a------ C:\WINDOWS\system32\msturbcr.dll
2008-06-28 23:02 . 2008-06-28 23:02 103,424 --a------ C:\WINDOWS\system32\qbcntg.dll
2008-06-28 23:02 . 2008-06-28 23:02 103,424 --a------ C:\WINDOWS\system32\algbqcxa.dll
2008-06-28 23:01 . 2008-06-28 23:01 90,624 --a------ C:\WINDOWS\system32\thapsoeq.dll
2008-06-28 22:08 . 2008-06-28 22:08 3,922 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-28 22:06 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-28 22:06 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-28 22:06 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-28 22:06 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-28 22:06 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-28 22:06 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-28 22:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-28 22:06 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-28 22:06 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-28 21:45 . 2008-06-28 21:45 81,920 --a------ C:\WINDOWS\system32\fluvieva.dll
2008-06-28 21:42 . 2008-06-28 21:42 103,424 --a------ C:\WINDOWS\system32\yvnnyrvt.dll
2008-06-28 21:42 . 2008-06-28 21:42 103,424 --a------ C:\WINDOWS\system32\aqcwbs.dll
2008-06-28 21:40 . 2008-06-28 21:40 90,624 --a------ C:\WINDOWS\system32\piuyshct.dll
2008-06-28 19:54 . 2008-06-28 20:15 <REP> d-------- C:\Program Files\Navilog1
2008-06-28 19:12 . 2008-06-28 19:12 <REP> d-------- C:\WINDOWS\AU_Temp
2008-06-28 19:12 . 2008-06-28 19:12 24,993,473 --a------ C:\WINDOWS\VPTNFILE.373
2008-06-28 19:12 . 2008-06-28 19:12 24,993,473 --a------ C:\WINDOWS\LPT$VPN.373
2008-06-28 15:15 . 2008-06-28 19:10 <REP> d-------- C:\Program Files\ProtectionConue
2008-06-28 15:15 . 2008-06-28 19:10 <REP> d-------- C:\Program Files\Fichiers communs\ProtectionConue
2008-06-28 15:15 . 2008-06-28 15:15 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-28 15:15 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-06-28 15:15 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-28 14:25 . 2008-06-28 22:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-06-28 11:37 . 2008-06-28 11:37 103,424 --a------ C:\WINDOWS\system32\tmkvycyu.dll
2008-06-28 11:37 . 2008-06-28 11:37 103,424 --a------ C:\WINDOWS\system32\tewhpp.dll
2008-06-28 11:34 . 2008-06-28 11:34 81,920 --------- C:\WINDOWS\system32\ifyvitcp.dll
2008-06-28 11:32 . 2008-06-28 11:32 90,624 --a------ C:\WINDOWS\system32\mvndbitv.dll
2008-06-28 10:00 . 2008-06-28 10:00 <REP> d-------- C:\Program Files\Smart PC Solutions
2008-06-28 10:00 . 2008-06-28 10:00 <REP> d-------- C:\Documents and Settings\eric martel\Application Data\Smart PC Solutions
2008-06-28 09:53 . 2008-06-28 09:54 <REP> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-06-28 09:42 . 2008-06-28 09:42 <REP> d-------- C:\Program Files\Quicksys
2008-06-28 08:50 . 2008-06-28 08:50 102,912 --a------ C:\WINDOWS\system32\onujxe.dll
2008-06-28 08:50 . 2008-06-28 08:50 102,912 --a------ C:\WINDOWS\system32\buareren.dll
2008-06-28 08:47 . 2008-06-28 08:47 81,920 --a------ C:\WINDOWS\system32\dxuqrrna.dll
2008-06-27 22:01 . 2008-06-27 22:01 102,912 --a------ C:\WINDOWS\system32\uniijj.dll
2008-06-27 22:01 . 2008-06-27 22:01 102,912 --a------ C:\WINDOWS\system32\khoyxyhu.dll
2008-06-27 17:51 . 2008-06-28 08:40 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-06-27 10:23 . 2008-06-27 10:23 106,496 --a------ C:\WINDOWS\system32\eelihthr.dll
2008-06-27 10:20 . 2008-06-27 10:20 81,408 --a------ C:\WINDOWS\system32\ibahqygk.dll
2008-06-27 10:18 . 2008-06-27 10:18 91,648 --a------ C:\WINDOWS\system32\rswdwgnb.dll
2008-06-27 07:53 . 2008-06-27 07:53 106,496 --a------ C:\WINDOWS\system32\olpegckr.dll
2008-06-26 20:12 . 2008-06-26 20:12 106,496 --a------ C:\WINDOWS\system32\fycnkkos.dll
2008-06-26 17:54 . 2008-06-26 17:54 <REP> d-------- C:\Program Files\FLV Player
2008-06-26 07:43 . 2008-06-26 07:43 25,088 --------- C:\WINDOWS\system32\jkkJcDtR.dll
2008-06-24 00:09 . 2008-06-24 00:09 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Application Data\vlc
2008-06-23 23:15 . 2008-06-23 23:15 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Application Data\OpenOffice.org2
2008-06-18 23:39 . 2008-06-23 22:55 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\Voisinage r‚seau
2008-06-18 23:39 . 2006-08-30 15:13 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\Voisinage d'impression
2008-06-18 23:39 . 2006-08-30 17:58 <REP> d---s---- C:\Documents and Settings\fouzia lahbil martel\UserData
2008-06-18 23:39 . 2006-08-30 14:33 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\ModŠles
2008-06-18 23:39 . 2008-06-23 23:21 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Mes documents
2008-06-18 23:39 . 2006-08-30 15:13 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Menu D‚marrer
2008-06-18 23:39 . 2008-06-26 09:47 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Favoris
2008-06-18 23:39 . 2008-06-19 00:07 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Bureau
2008-06-18 23:39 . 2008-06-18 23:39 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel
2008-06-18 22:54 . 2008-06-18 22:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-18 22:53 . 2008-06-27 17:43 <REP> d-------- C:\Documents and Settings\eric martel\.housecall6.6
2008-06-18 22:17 . 2008-06-28 19:13 517 --a------ C:\WINDOWS\TSC.INI
2008-06-18 22:12 . 2008-06-27 07:48 <REP> d-------- C:\WINDOWS\AU_Backup
2008-06-18 22:12 . 2008-06-28 19:12 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-06-18 22:12 . 2008-06-28 19:12 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-06-18 19:22 . 2008-06-18 19:22 <REP> d-------- C:\WINDOWS\AU_Log
2008-06-18 19:22 . 2008-06-28 19:12 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-06-18 19:22 . 2008-06-28 19:12 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-06-18 19:22 . 2008-06-28 19:12 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-06-18 19:22 . 2008-06-28 19:12 170 --a------ C:\WINDOWS\GetServer.ini
2008-06-18 19:15 . 2008-06-18 19:15 <REP> d-------- C:\Program Files\Panda Security
2008-06-18 17:42 . 2008-06-18 17:42 <REP> d-------- C:\Documents and Settings\Mes documents
2008-06-18 15:18 . 2008-06-18 16:14 <REP> dr------- C:\Documents and Settings\TEMP\Mes documents
2008-06-18 15:17 . 2008-06-18 15:17 <REP> d-------- C:\Documents and Settings\TEMP\Menu D‚marrer
2008-06-18 15:17 . 2008-06-18 15:20 <REP> dr------- C:\Documents and Settings\TEMP\Favoris
2008-06-18 15:17 . 2008-06-18 20:19 <REP> d-------- C:\Documents and Settings\TEMP\Bureau
2008-06-18 15:14 . 2008-06-18 15:14 <REP> d--h----- C:\Documents and Settings\TEMP\ModŠles
2008-06-18 15:12 . 2008-06-18 17:44 <REP> d-------- C:\Documents and Settings\TEMP
2008-06-12 12:37 . 2008-06-12 12:37 <REP> d-------- C:\Program Files\DNA
2008-06-12 12:37 . 2008-06-29 10:17 <REP> d-------- C:\Documents and Settings\eric martel\Application Data\DNA
2008-06-11 12:34 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:34 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 08:17 --------- d-----w C:\Documents and Settings\eric martel\Application Data\BitTorrent
2008-06-29 08:04 --------- d-----w C:\Documents and Settings\eric martel\Application Data\OpenOffice.org2
2008-06-29 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-28 09:14 --------- d-----w C:\Program Files\Google
2008-06-20 12:58 --------- d-----w C:\Program Files\Picasa2
2008-06-18 09:59 --------- d-----w C:\Documents and Settings\fouzia martel\Application Data\OpenOffice.org2
2008-06-13 08:06 --------- d-----w C:\Program Files\Microsoft Publisher
2008-06-12 22:31 --------- d-----w C:\Documents and Settings\fouzia martel\Application Data\BitTorrent
2008-06-12 14:48 --------- d-----w C:\Documents and Settings\claire martel\Application Data\BitTorrent
2008-06-12 10:45 --------- d-----w C:\Program Files\BitTorrent
2008-05-24 18:05 --------- d-----w C:\Program Files\IrfanView
2008-05-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-05-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 18:25 --------- d-----w C:\Documents and Settings\fouzia martel\Application Data\U3
2008-04-30 15:50 --------- d-----w C:\Program Files\Conduit
2008-04-30 15:50 --------- d-----w C:\Program Files\ChrisTV_Add-on
2008-04-30 09:46 --------- d-----w C:\Program Files\ChrisTV Lite
2007-09-19 20:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2003-03-21 12:45 250,544 ----a-w C:\Program Files\Fichiers communs\keyhelp.ocx
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0496CA23-3F33-4FDC-986F-4463A84D94E9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}]
2008-06-26 07:43 25088 --------- C:\WINDOWS\system32\jkkJcDtR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25104D78-C56B-456E-A377-F6E652008F93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37815406-B964-4322-BC9C-FEEC807130A3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41FB7E1E-62E8-45F1-8140-EFBCDDA8B87F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C281629-FA6E-43E2-9833-5086A7B8BFA2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9788AE3-7CD3-4479-877B-4DA774A0107E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-17 19:48 1460560]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-12 12:37 289088]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-04-29 19:51 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 23:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 23:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 23:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 16:46 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
"RegistryMechanic"="" []
"eccbc60c"="C:\WINDOWS\system32\acplneoe.dll" [ ]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-06-03 12:37 2131600]
"BMeff8f590"="C:\WINDOWS\system32\ikwaedrh.dll" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}"= C:\WINDOWS\system32\jkkJcDtR.dll [2008-06-26 07:43 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJcDtR]
jkkJcDtR.dll 2008-06-26 07:43 25088 C:\WINDOWS\system32\jkkJcDtR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651dff0b-3827-11db-9ea3-806d6172696f}]
\Shell\AutoRun\command - H:\ASUSACPI.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-20 13:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 10:19:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-29 10:21:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 08:21:54

Pre-Run: 13,946,114,048 octets libres
Post-Run: 17,658,372,096 octets libres

243 --- E O F --- 2008-06-20 13:35:59




de plus maintenant à l'ouverture il signale un manque de fichier dll...
0
Réponse 4 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 juin 2008 à 11:50
analyse ces fichiers sur virus total et enumere nous lesquels sont considérés comme infectés:

https://www.virustotal.com/gui/



C:\WINDOWS\system32\msturbcr.dll
C:\WINDOWS\system32\qbcntg.dll
C:\WINDOWS\system32\algbqcxa.dll
C:\WINDOWS\system32\thapsoeq.dll
C:\WINDOWS\system32\fluvieva.dll
C:\WINDOWS\system32\yvnnyrvt.dll
C:\WINDOWS\system32\aqcwbs.dll
C:\WINDOWS\system32\piuyshct.dll
C:\WINDOWS\system32\tmkvycyu.dll
C:\WINDOWS\system32\tewhpp.dll
C:\WINDOWS\system32\ifyvitcp.dll
C:\WINDOWS\system32\mvndbitv.dll
C:\WINDOWS\system32\onujxe.dll
C:\WINDOWS\system32\buareren.dll
C:\WINDOWS\system32\dxuqrrna.dll
C:\WINDOWS\system32\uniijj.dll
C:\WINDOWS\system32\khoyxyhu.dll
C:\WINDOWS\system32\ibahqygk.dll
C:\WINDOWS\system32\rswdwgnb.dll
C:\WINDOWS\system32\olpegckr.dll
C:\WINDOWS\system32\fycnkkos.dll
C:\WINDOWS\system32\jkkJcDtR.dll
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 19:50
voici les résultats que j'ai essayé de détailler.... car débutant..

C:\WINDOWS\system32\msturbcr.dll

0 bytes size received / Se ha recibido un archivo vacio



C:\WINDOWS\system32\qbcntg.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.29 14:44:23 (CET) [+1D]
Résultats 5/33
Permalink: analisis/c09ae48470db14ecd499b7e3e7d1cde6

Fichier rempwh.dll reçu le 2008.06.29 14:44:23 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan.Vundo.EWZ
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: d8232454150401f83a7c25e13894a3fc
SHA1: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
Nouvelle analyse
Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\algbqcxa.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:11:03 (CET) [<1D]
Résultats 11/33
Permalink: analisis/87e5e00df099b1647dd40e023543e529

Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\thapsoeq.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.29 18:58:16 (CET) [+1D]
Résultats 5/33
Permalink: analisis/6a661c5e79e16e38b5c971b81021eec3

Fichier thapsoeq.dll reçu le 2008.06.29 18:58:16 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic10.AUJB
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5e7ea7663b811c201cb736d2305d2e1f
SHA1: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1Nouvelle analyse
Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

C:\WINDOWS\system32\fluvieva.dll
Le fichier a déjà été analysé:
MD5: 539170c045bd45ebf3f3d137d63048ed
First received: 2008.06.28 12:14:46 (CET)
Date 2008.06.28 22:43:14 (CET) [+1D]
Résultats 5/33
Permalink: analisis/bc60a67f6825e8eeaae8775d8e35fb10

Fichier mphqhhqu.dll reçu le 2008.06.28 22:42:47 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.28 -
Authentium 5.1.0.4 2008.06.28 -
Avast 4.8.1195.0 2008.06.28 -
AVG 7.5.0.516 2008.06.28 -
BitDefender 7.2 2008.06.28 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.28 -
DrWeb 4.44.0.09170 2008.06.28 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.28 -
GData 2.0.7306.1023 2008.06.28 -
Ikarus T3.1.1.26.0 2008.06.28 -
Kaspersky 7.0.0.125 2008.06.28 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.28 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.28 -
Prevx1 V2 2008.06.28 Cloaked Malware
Rising 20.50.52.00 2008.06.28 -
Sophos 4.30.0 2008.06.28 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.28 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.27 -
VBA32 3.12.6.8 2008.06.28 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.28 -
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

Nouvelle analyse

Fichier fluvieva.dll reçu le 2008.06.30 19:18:12 (CET)
Situation actuelle: terminé
Résultat: 16/33 (48.49%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.2
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Rootkit-gen
AVG 7.5.0.516 2008.06.30 Generic10.AUJC
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 Trojan.Monder.wh
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 Virtum!tr
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wh
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wh
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.2
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

C:\WINDOWS\system32\yvnnyrvt.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:14:38 (CET) [<1D]
Résultats 11/33
Permalink: analisis/a62c040b2eeb8e549efc6283d7e3d17a

Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\aqcwbs.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:22:15 (CET) [<1D]
Résultats 11/33
Permalink: analisis/0bdb6d73d2eedb5808e9006d2ec14847

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\piuyshct.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.30 19:17:02 (CET) [<1D]
Résultats 12/33
Permalink: analisis/09793919de38c31c157c19ee8cf618fc

Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.36%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

Fichier piuyshct.dll reçu le 2008.06.30 19:25:45 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72


C:\WINDOWS\system32\tmkvycyu.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:24:48 (CET) [<1D]
Résultats 11/33
Permalink: analisis/1ca8b5d4d1e6b84d5cebfd367e630190
Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\tewhpp.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:28:22 (CET) [<1D]
Résultats 11/33
Permalink: analisis/8b6d54915095c4edd1a023a44cfb3b67

Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tewhpp.dll reçu le 2008.06.30 19:29:17 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\ifyvitcp.dll

0 bytes size received / Se ha recibido un archivo vacio


C:\WINDOWS\system32\mvndbitv.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\onujxe.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\buareren.dll

Le fichier a déjà été analysé:
MD5: d46dabbdd0daad970488c55f3b76a4b5
First received: 2008.06.28 00:40:05 (CET)
Date 2008.06.30 16:59:03 (CET) [<1D]
Résultats 13/33
Permalink: analisis/88c50442644d0a759ac7a5f6220d5e6f

Fichier ydfijl.dll reçu le 2008.06.30 16:57:55 (CET)
Situation actuelle: terminé
Résultat: 13/33 (39.39%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.24
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUER
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.29 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3227 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Trojan.Vundo
TheHacker 6.2.96.364 2008.06.28 -
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
30 juin 2008 à 18:12
salut ,

jlpjlp : tu ne veux pas répondre a mon MP ? si c'est le cas je te laisse la main .

@+
0
Réponse 6 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 juin 2008 à 18:21
si mais je n'ai pas eu de message privé...
0
Réponse 7 / 12
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
30 juin 2008 à 18:27
apparement les MP sont modérés ??

Je réessaye .
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 19:52
voici les rapports demandés par jlpjlp...

Si cela peut être util

avec virus total


C:\WINDOWS\system32\msturbcr.dll

0 bytes size received / Se ha recibido un archivo vacio



C:\WINDOWS\system32\qbcntg.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.29 14:44:23 (CET) [+1D]
Résultats 5/33
Permalink: analisis/c09ae48470db14ecd499b7e3e7d1cde6

Fichier rempwh.dll reçu le 2008.06.29 14:44:23 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan.Vundo.EWZ
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: d8232454150401f83a7c25e13894a3fc
SHA1: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
Nouvelle analyse
Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\algbqcxa.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:11:03 (CET) [<1D]
Résultats 11/33
Permalink: analisis/87e5e00df099b1647dd40e023543e529

Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\thapsoeq.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.29 18:58:16 (CET) [+1D]
Résultats 5/33
Permalink: analisis/6a661c5e79e16e38b5c971b81021eec3

Fichier thapsoeq.dll reçu le 2008.06.29 18:58:16 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic10.AUJB
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5e7ea7663b811c201cb736d2305d2e1f
SHA1: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1Nouvelle analyse
Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

C:\WINDOWS\system32\fluvieva.dll
Le fichier a déjà été analysé:
MD5: 539170c045bd45ebf3f3d137d63048ed
First received: 2008.06.28 12:14:46 (CET)
Date 2008.06.28 22:43:14 (CET) [+1D]
Résultats 5/33
Permalink: analisis/bc60a67f6825e8eeaae8775d8e35fb10

Fichier mphqhhqu.dll reçu le 2008.06.28 22:42:47 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.28 -
Authentium 5.1.0.4 2008.06.28 -
Avast 4.8.1195.0 2008.06.28 -
AVG 7.5.0.516 2008.06.28 -
BitDefender 7.2 2008.06.28 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.28 -
DrWeb 4.44.0.09170 2008.06.28 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.28 -
GData 2.0.7306.1023 2008.06.28 -
Ikarus T3.1.1.26.0 2008.06.28 -
Kaspersky 7.0.0.125 2008.06.28 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.28 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.28 -
Prevx1 V2 2008.06.28 Cloaked Malware
Rising 20.50.52.00 2008.06.28 -
Sophos 4.30.0 2008.06.28 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.28 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.27 -
VBA32 3.12.6.8 2008.06.28 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.28 -
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

Nouvelle analyse

Fichier fluvieva.dll reçu le 2008.06.30 19:18:12 (CET)
Situation actuelle: terminé
Résultat: 16/33 (48.49%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.2
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Rootkit-gen
AVG 7.5.0.516 2008.06.30 Generic10.AUJC
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 Trojan.Monder.wh
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 Virtum!tr
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wh
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wh
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.2
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

C:\WINDOWS\system32\yvnnyrvt.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:14:38 (CET) [<1D]
Résultats 11/33
Permalink: analisis/a62c040b2eeb8e549efc6283d7e3d17a

Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\aqcwbs.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:22:15 (CET) [<1D]
Résultats 11/33
Permalink: analisis/0bdb6d73d2eedb5808e9006d2ec14847

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\piuyshct.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.30 19:17:02 (CET) [<1D]
Résultats 12/33
Permalink: analisis/09793919de38c31c157c19ee8cf618fc

Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.36%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

Fichier piuyshct.dll reçu le 2008.06.30 19:25:45 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72


C:\WINDOWS\system32\tmkvycyu.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:24:48 (CET) [<1D]
Résultats 11/33
Permalink: analisis/1ca8b5d4d1e6b84d5cebfd367e630190
Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\tewhpp.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:28:22 (CET) [<1D]
Résultats 11/33
Permalink: analisis/8b6d54915095c4edd1a023a44cfb3b67

Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tewhpp.dll reçu le 2008.06.30 19:29:17 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\ifyvitcp.dll

0 bytes size received / Se ha recibido un archivo vacio


C:\WINDOWS\system32\mvndbitv.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\onujxe.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\buareren.dll

Le fichier a déjà été analysé:
MD5: d46dabbdd0daad970488c55f3b76a4b5
First received: 2008.06.28 00:40:05 (CET)
Date 2008.06.30 16:59:03 (CET) [<1D]
Résultats 13/33
Permalink: analisis/88c50442644d0a759ac7a5f6220d5e6f

Fichier ydfijl.dll reçu le 2008.06.30 16:57:55 (CET)
Situation actuelle: terminé
Résultat: 13/33 (39.39%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.24
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUER
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.29 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3227 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Trojan.
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 19:53
voici les rapports demandés par jlpjlp...

Si cela peut être util

avec virus total


C:\WINDOWS\system32\msturbcr.dll

0 bytes size received / Se ha recibido un archivo vacio



C:\WINDOWS\system32\qbcntg.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.29 14:44:23 (CET) [+1D]
Résultats 5/33
Permalink: analisis/c09ae48470db14ecd499b7e3e7d1cde6

Fichier rempwh.dll reçu le 2008.06.29 14:44:23 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan.Vundo.EWZ
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: d8232454150401f83a7c25e13894a3fc
SHA1: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
Nouvelle analyse
Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\algbqcxa.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:11:03 (CET) [<1D]
Résultats 11/33
Permalink: analisis/87e5e00df099b1647dd40e023543e529

Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\thapsoeq.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.29 18:58:16 (CET) [+1D]
Résultats 5/33
Permalink: analisis/6a661c5e79e16e38b5c971b81021eec3

Fichier thapsoeq.dll reçu le 2008.06.29 18:58:16 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic10.AUJB
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5e7ea7663b811c201cb736d2305d2e1f
SHA1: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1Nouvelle analyse
Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

C:\WINDOWS\system32\fluvieva.dll
Le fichier a déjà été analysé:
MD5: 539170c045bd45ebf3f3d137d63048ed
First received: 2008.06.28 12:14:46 (CET)
Date 2008.06.28 22:43:14 (CET) [+1D]
Résultats 5/33
Permalink: analisis/bc60a67f6825e8eeaae8775d8e35fb10

Fichier mphqhhqu.dll reçu le 2008.06.28 22:42:47 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.28 -
Authentium 5.1.0.4 2008.06.28 -
Avast 4.8.1195.0 2008.06.28 -
AVG 7.5.0.516 2008.06.28 -
BitDefender 7.2 2008.06.28 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.28 -
DrWeb 4.44.0.09170 2008.06.28 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.28 -
GData 2.0.7306.1023 2008.06.28 -
Ikarus T3.1.1.26.0 2008.06.28 -
Kaspersky 7.0.0.125 2008.06.28 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.28 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.28 -
Prevx1 V2 2008.06.28 Cloaked Malware
Rising 20.50.52.00 2008.06.28 -
Sophos 4.30.0 2008.06.28 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.28 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.27 -
VBA32 3.12.6.8 2008.06.28 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.28 -
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

Nouvelle analyse

Fichier fluvieva.dll reçu le 2008.06.30 19:18:12 (CET)
Situation actuelle: terminé
Résultat: 16/33 (48.49%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.2
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Rootkit-gen
AVG 7.5.0.516 2008.06.30 Generic10.AUJC
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 Trojan.Monder.wh
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 Virtum!tr
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wh
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wh
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.2
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

C:\WINDOWS\system32\yvnnyrvt.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:14:38 (CET) [<1D]
Résultats 11/33
Permalink: analisis/a62c040b2eeb8e549efc6283d7e3d17a

Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\aqcwbs.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:22:15 (CET) [<1D]
Résultats 11/33
Permalink: analisis/0bdb6d73d2eedb5808e9006d2ec14847

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\piuyshct.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.30 19:17:02 (CET) [<1D]
Résultats 12/33
Permalink: analisis/09793919de38c31c157c19ee8cf618fc

Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.36%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

Fichier piuyshct.dll reçu le 2008.06.30 19:25:45 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72


C:\WINDOWS\system32\tmkvycyu.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:24:48 (CET) [<1D]
Résultats 11/33
Permalink: analisis/1ca8b5d4d1e6b84d5cebfd367e630190
Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\tewhpp.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:28:22 (CET) [<1D]
Résultats 11/33
Permalink: analisis/8b6d54915095c4edd1a023a44cfb3b67

Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tewhpp.dll reçu le 2008.06.30 19:29:17 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\ifyvitcp.dll

0 bytes size received / Se ha recibido un archivo vacio


C:\WINDOWS\system32\mvndbitv.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\onujxe.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\buareren.dll

Le fichier a déjà été analysé:
MD5: d46dabbdd0daad970488c55f3b76a4b5
First received: 2008.06.28 00:40:05 (CET)
Date 2008.06.30 16:59:03 (CET) [<1D]
Résultats 13/33
Permalink: analisis/88c50442644d0a759ac7a5f6220d5e6f

Fichier ydfijl.dll reçu le 2008.06.30 16:57:55 (CET)
Situation actuelle: terminé
Résultat: 13/33 (39.39%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.24
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUER
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.29 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3227 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Trojan.
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 19:53
voici les rapports demandés par jlpjlp...

Si cela peut être util

avec virus total


C:\WINDOWS\system32\msturbcr.dll

0 bytes size received / Se ha recibido un archivo vacio



C:\WINDOWS\system32\qbcntg.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.29 14:44:23 (CET) [+1D]
Résultats 5/33
Permalink: analisis/c09ae48470db14ecd499b7e3e7d1cde6

Fichier rempwh.dll reçu le 2008.06.29 14:44:23 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Trojan.Vundo.EWZ
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: d8232454150401f83a7c25e13894a3fc
SHA1: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
Nouvelle analyse
Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\algbqcxa.dll
Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:11:03 (CET) [<1D]
Résultats 11/33
Permalink: analisis/87e5e00df099b1647dd40e023543e529

Fichier qbcntg.dll reçu le 2008.06.30 19:07:42 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\thapsoeq.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.29 18:58:16 (CET) [+1D]
Résultats 5/33
Permalink: analisis/6a661c5e79e16e38b5c971b81021eec3

Fichier thapsoeq.dll reçu le 2008.06.29 18:58:16 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic10.AUJB
BitDefender - - Trojan.Vundo.EWZ
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Vundo.gen192
Panda - - -
Prevx1 - - Fraudulent Security Program
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5e7ea7663b811c201cb736d2305d2e1f
SHA1: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1Nouvelle analyse
Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

C:\WINDOWS\system32\fluvieva.dll
Le fichier a déjà été analysé:
MD5: 539170c045bd45ebf3f3d137d63048ed
First received: 2008.06.28 12:14:46 (CET)
Date 2008.06.28 22:43:14 (CET) [+1D]
Résultats 5/33
Permalink: analisis/bc60a67f6825e8eeaae8775d8e35fb10

Fichier mphqhhqu.dll reçu le 2008.06.28 22:42:47 (CET)
Situation actuelle: terminé
Résultat: 5/33 (15.15%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.27 -
AntiVir 7.8.0.59 2008.06.28 -
Authentium 5.1.0.4 2008.06.28 -
Avast 4.8.1195.0 2008.06.28 -
AVG 7.5.0.516 2008.06.28 -
BitDefender 7.2 2008.06.28 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.28 -
DrWeb 4.44.0.09170 2008.06.28 -
eSafe 7.0.17.0 2008.06.26 Suspicious File
eTrust-Vet 31.6.5911 2008.06.27 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.27 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.28 -
GData 2.0.7306.1023 2008.06.28 -
Ikarus T3.1.1.26.0 2008.06.28 -
Kaspersky 7.0.0.125 2008.06.28 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.28 -
NOD32v2 3224 2008.06.27 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.28 -
Prevx1 V2 2008.06.28 Cloaked Malware
Rising 20.50.52.00 2008.06.28 -
Sophos 4.30.0 2008.06.28 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.28 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.27 -
VBA32 3.12.6.8 2008.06.28 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.28 -
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

Nouvelle analyse

Fichier fluvieva.dll reçu le 2008.06.30 19:18:12 (CET)
Situation actuelle: terminé
Résultat: 16/33 (48.49%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.2
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Rootkit-gen
AVG 7.5.0.516 2008.06.30 Generic10.AUJC
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 Trojan.Monder.wh
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 Virtum!tr
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wh
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wh
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 Troj/Virtum-Gen
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.2
Information additionnelle
File size: 81920 bytes
MD5...: 539170c045bd45ebf3f3d137d63048ed
SHA1..: c8d72dcf2d7daa59c3297c3257ecaca987d6b045
SHA256: 389e4ad73d8634def7e604f7c900c9fd1f14a2e83b31318b2c30ff828ef1a2a3
SHA512: 3580c4b424417d6f1ad16459b43e0edb2b9856457b106a3012a18585787e707201c0f1a10edb0f12932970e13601c3556eb495b07fed086728e1ebacbf9b3e90
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002692btimedatestamp.....: 0xb23c8842L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x26000 0x1004 0x1200 6.05 678d030c734cc09d3362bb17c5f7c9a1.rdata 0x28000 0x12000 0x12000 7.99 19d82869d5f3a5f19d24b9b749c886a5.idata 0x3a000 0x1000 0x600 3.56 923d4d934e912826c55cd532e7cf4ce6.reloc 0x3b000 0x1000 0x400 0.82 d21b277c3aa340a20b87e54c07d84625( 4 imports ) > kernel32.dll: HeapUnlock, ExpandEnvironmentStringsA, CancelWaitableTimer, GetStringTypeW, CreateMutexW, LocalLock, LocalCompact, ExpandEnvironmentStringsW, EnterCriticalSection, lstrcatA, MultiByteToWideChar> user32.dll: DrawEdge, GetWindowDC, SetDlgItemTextA, DefDlgProcA, DrawFocusRect, GetMessageA, AppendMenuA, DrawAnimatedRects, GetMenu, wvsprintfA, DefWindowProcA, DrawIcon, SendMessageCallbackA> advapi32.dll: GetSecurityInfo, ConvertSidToStringSidA, CreateWellKnownSid, ConvertSecurityDescriptorToAccessA, ElfChangeNotify, CryptSetHashParam, ConvertAccessToSecurityDescriptorA, IsTextUnicode> shell32.dll: ExtractIconA, StrRChrW, DragAcceptFiles, Shell_NotifyIcon, StrRStrIW( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=785464D000329F1B40ED013B3C2E0700E122A42E

C:\WINDOWS\system32\yvnnyrvt.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:14:38 (CET) [<1D]
Résultats 11/33
Permalink: analisis/a62c040b2eeb8e549efc6283d7e3d17a

Fichier algbqcxa.dll reçu le 2008.06.30 19:13:27 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\aqcwbs.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:22:15 (CET) [<1D]
Résultats 11/33
Permalink: analisis/0bdb6d73d2eedb5808e9006d2ec14847

Fichier yvnnyrvt.dll reçu le 2008.06.30 19:21:12 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse

Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\piuyshct.dll

Le fichier a déjà été analysé:
MD5: 5e7ea7663b811c201cb736d2305d2e1f
First received: 2008.06.28 12:25:10 (CET)
Date 2008.06.30 19:17:02 (CET) [<1D]
Résultats 12/33
Permalink: analisis/09793919de38c31c157c19ee8cf618fc

Fichier thapsoeq.dll reçu le 2008.06.30 19:15:38 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.36%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72

Fichier piuyshct.dll reçu le 2008.06.30 19:25:45 (CET)
Situation actuelle: terminé
Résultat: 12/33 (36.37%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.5
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUJB
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 -
GData 2.0.7306.1023 2008.06.30 Trojan.Win32.Monder.wj
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 Trojan.Win32.Monder.wj
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3228 2008.06.30 -
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Fraudulent Security Program
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.5
Information additionnelle
File size: 90624 bytes
MD5...: 5e7ea7663b811c201cb736d2305d2e1f
SHA1..: fb52fc72201abb5d1c36ef274fa73be12e9783e6
SHA256: 5716a40724021b4eb29fac31affc9d26b518b8a85b8975ef4042f20ca4809de3
SHA512: b82b06705cea1c15e92b66a87bcb086b38c494c696cf0f22779d3cc740b822ee8af2ae4cf474dabc01e53c7b3dcc01018012a8afbcaf9f5d77a3565bdef08fd1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1002a97btimedatestamp.....: 0x161e9932 (Mon Oct 05 04:27:30 1981)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x29000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x2a000 0x113c 0x1200 6.23 e8a8c49ee67c762618de7fa2cbae300b.rdata 0x2c000 0x15000 0x14200 8.00 29e40cad691dd10b1270a6d8d97847df.idata 0x41000 0x1000 0x600 3.95 9bd76a2c6021954736415bc9e1155562.reloc 0x42000 0x1000 0x400 0.85 570d5e9ac888b713cd30244a866833b8( 4 imports ) > kernel32.dll: CreateSemaphoreW, CreateWaitableTimerA, PulseEvent, WaitForMultipleObjects, lstrcmpi, GetEnvironmentStringsW, lstrcatA, GetLocaleInfoA> user32.dll: PostThreadMessageA, AppendMenuW, CharToOemA, MsgWaitForMultipleObjects, AlignRects, AllowSetForegroundWindow, UpdateWindow, CallWindowProcA, ReleaseDC, CallMsgFilter, SetLastErrorEx> advapi32.dll: GetSecurityInfo, BackupEventLogA, CancelOverlappedAccess, ConvertStringSidToSidA, ConvertSidToStringSidA, CopySid, IsWellKnownSid, CloseTrace, CryptDestroyHash, ElfChangeNotify, FreeSid, DeleteAce, ConvertAccessToSecurityDescriptorA, CryptGetKeyParam> comdlg32.dll: LoadAlterBitmap, CommDlgExtendedError, GetSaveFileNameA, PrintDlgExA, PageSetupDlgA, FindTextA, WantArrows, ChooseFontA, dwOKSubclass, GetFileTitleA, dwLBSubclass( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=454FDC6100F2CDA76263013B3C2E0700252C0F72


C:\WINDOWS\system32\tmkvycyu.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:24:48 (CET) [<1D]
Résultats 11/33
Permalink: analisis/1ca8b5d4d1e6b84d5cebfd367e630190
Fichier aqcwbs.dll reçu le 2008.06.30 19:23:02 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\tewhpp.dll

Le fichier a déjà été analysé:
MD5: d8232454150401f83a7c25e13894a3fc
First received: 2008.06.28 18:24:07 (CET)
Date 2008.06.30 19:28:22 (CET) [<1D]
Résultats 11/33
Permalink: analisis/8b6d54915095c4edd1a023a44cfb3b67

Fichier tmkvycyu.dll reçu le 2008.06.30 19:27:35 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.33%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

Nouvelle analyse
Fichier tewhpp.dll reçu le 2008.06.30 19:29:17 (CET)
Situation actuelle: terminé
Résultat: 11/33 (33.34%)
Formaté
Impression des résultats
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.26
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 -
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo.EWZ
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo
NOD32v2 3228 2008.06.30 Win32/Adware.Virtumonde
Norman 5.80.02 2008.06.30 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 -
TheHacker 6.2.96.364 2008.06.28 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Trojan.Vundo.ewz.26
Information additionnelle
File size: 103424 bytes
MD5...: d8232454150401f83a7c25e13894a3fc
SHA1..: 430964c2ec464fb241af5a169ff44d6255bf2261
SHA256: 6175f2e4426563de3ad7ecc3fd17308fd599fd4440ec2fbb50cde71286bb1537
SHA512: 33fdcde42649587f9c3d1d94d72fd54f972274df1fb1a1ee57ab729ac020bc10010d5c5a7c0d301b0a0d2be78a0362ff322faebbfa897fe2fe36a84462a55bc1
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x100358e6timedatestamp.....: 0xda73ad89L (invalid)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.text 0x35000 0x1077 0x1200 6.10 dc6700cd350786d3b25accf7b3691e1b.rdata 0x37000 0x18000 0x17400 8.00 cd9e5884357cde24e79b325d19c745a3.idata 0x4f000 0x1000 0x600 3.87 bdc08363117387a3fcf8188d76365a0d.reloc 0x50000 0x1000 0x400 0.92 3469620e81d077beeef91dce397777d7( 5 imports ) > kernel32.dll: LocalFree, CloseHandle, lstrcmpA, GetEnvironmentStringsW, CreateWaitableTimerA, VirtualFree, lstrcpy, HeapReAlloc, lstrcpynA> comctl32.dll: ImageList_Destroy, ImageList_SetIconSize, ImageList_Add, ImageList_LoadImage, DrawInsert, ImageList_Copy> advapi32.dll: BackupEventLogA, GetSecurityInfo, CryptSetHashParam, CloseEventLog, CopySid, GetEventLogInformation> comdlg32.dll: ReplaceTextA, PageSetupDlgA, dwOKSubclass, GetFileTitleA, PrintDlgExA, ChooseColorA, LoadAlterBitmap, GetSaveFileNameA, CommDlgExtendedError, dwLBSubclass, PrintDlgA, ChooseFontA> shell32.dll: DragQueryPoint, FreeIconList, StrRStrA, StrCmpNIA, CommandLineToArgvW, StrChrW, Shell_NotifyIcon, StrRChrIA, StrStrW, ExtractIconEx, DragFinish, ExtractAssociatedIconA( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=769E654100329F1B94ED013B3C2E0700EBCC15EA

C:\WINDOWS\system32\ifyvitcp.dll

0 bytes size received / Se ha recibido un archivo vacio


C:\WINDOWS\system32\mvndbitv.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\onujxe.dll

0 bytes size received / Se ha recibido un archivo vacio

C:\WINDOWS\system32\buareren.dll

Le fichier a déjà été analysé:
MD5: d46dabbdd0daad970488c55f3b76a4b5
First received: 2008.06.28 00:40:05 (CET)
Date 2008.06.30 16:59:03 (CET) [<1D]
Résultats 13/33
Permalink: analisis/88c50442644d0a759ac7a5f6220d5e6f

Fichier ydfijl.dll reçu le 2008.06.30 16:57:55 (CET)
Situation actuelle: terminé
Résultat: 13/33 (39.39%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.27.1 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.ewz.24
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.30 Generic10.AUER
BitDefender 7.2 2008.06.30 Trojan.Vundo.EWZ
CAT-QuickHeal 9.50 2008.06.28 -
ClamAV 0.93.1 2008.06.30 -
DrWeb 4.44.0.09170 2008.06.30 -
eSafe 7.0.17.0 2008.06.29 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 W32/Virtumonde.AB!Eldorado
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.06.30 PossibleThreat
GData 2.0.7306.1023 2008.06.30 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.30 -
Kaspersky 7.0.0.125 2008.06.30 -
McAfee 5327 2008.06.27 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Vundo.gen!Q
NOD32v2 3227 2008.06.30 -
Norman 5.80.02 2008.06.27 Vundo.gen192
Panda 9.0.0.4 2008.06.29 -
Prevx1 V2 2008.06.30 Cloaked Malware
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.06.30 -
Sunbelt 3.0.1176.1 2008.06.26 -
Symantec 10 2008.06.30 Trojan.
0
Réponse 8 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 juin 2008 à 20:55
renomme le combofix alors meme si en killbagle cela devrait marcher

a plus
0
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
30 juin 2008 à 21:03
au fait, merci....

voici les rapports s'ils peuvent t'éclairer ? :

ComboFix 08-06-20.4 - eric martel 2008-06-30 20:57:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1564 [GMT 2:00]
Endroit: C:\Documents and Settings\eric martel\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\eric martel\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\acplneoe.dll
C:\WINDOWS\system32\algbqcxa.dll
C:\WINDOWS\system32\aqcwbs.dll
C:\WINDOWS\system32\buareren.dll
C:\WINDOWS\system32\dxuqrrna.dll
C:\WINDOWS\system32\fluvieva.dll
C:\WINDOWS\system32\fycnkkos.dll
C:\WINDOWS\system32\ibahqygk.dll
C:\WINDOWS\system32\ifyvitcp.dll
C:\WINDOWS\system32\ikwaedrh.dll
C:\WINDOWS\system32\jkkJcDtR.dll
C:\WINDOWS\system32\khoyxyhu.dll
C:\WINDOWS\system32\msturbcr.dll
C:\WINDOWS\system32\mvndbitv.dll
C:\WINDOWS\system32\olpegckr.dll
C:\WINDOWS\system32\onujxe.dll
C:\WINDOWS\system32\piuyshct.dll
C:\WINDOWS\system32\qbcntg.dll
C:\WINDOWS\system32\rswdwgnb.dll
C:\WINDOWS\system32\tewhpp.dll
C:\WINDOWS\system32\thapsoeq.dll
C:\WINDOWS\system32\tmkvycyu.dll
C:\WINDOWS\system32\uniijj.dll
C:\WINDOWS\system32\yvnnyrvt.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\algbqcxa.dll
C:\WINDOWS\system32\aqcwbs.dll
C:\WINDOWS\system32\buareren.dll
C:\WINDOWS\system32\dxuqrrna.dll
C:\WINDOWS\system32\fluvieva.dll
C:\WINDOWS\system32\fycnkkos.dll
C:\WINDOWS\system32\ibahqygk.dll
C:\WINDOWS\system32\ifyvitcp.dll
C:\WINDOWS\system32\khoyxyhu.dll
C:\WINDOWS\system32\msturbcr.dll
C:\WINDOWS\system32\mvndbitv.dll
C:\WINDOWS\system32\olpegckr.dll
C:\WINDOWS\system32\onujxe.dll
C:\WINDOWS\system32\piuyshct.dll
C:\WINDOWS\system32\qbcntg.dll
C:\WINDOWS\system32\rswdwgnb.dll
C:\WINDOWS\system32\tewhpp.dll
C:\WINDOWS\system32\thapsoeq.dll
C:\WINDOWS\system32\tmkvycyu.dll
C:\WINDOWS\system32\uniijj.dll
C:\WINDOWS\system32\yvnnyrvt.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.

2008-06-29 10:11 . 2008-06-29 10:22 <REP> d-------- C:\killbagle
2008-06-28 22:08 . 2008-06-28 22:08 3,922 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-28 22:06 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-28 22:06 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-28 22:06 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-28 22:06 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-28 22:06 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-28 22:06 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-28 22:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-28 22:06 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-28 22:06 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-28 19:54 . 2008-06-28 20:15 <REP> d-------- C:\Program Files\Navilog1
2008-06-28 19:12 . 2008-06-28 19:12 <REP> d-------- C:\WINDOWS\AU_Temp
2008-06-28 19:12 . 2008-06-28 19:12 24,993,473 --a------ C:\WINDOWS\VPTNFILE.373
2008-06-28 19:12 . 2008-06-28 19:12 24,993,473 --a------ C:\WINDOWS\LPT$VPN.373
2008-06-28 15:15 . 2008-06-28 19:10 <REP> d-------- C:\Program Files\ProtectionConue
2008-06-28 15:15 . 2008-06-28 19:10 <REP> d-------- C:\Program Files\Fichiers communs\ProtectionConue
2008-06-28 15:15 . 2008-06-28 15:15 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-28 15:15 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-06-28 15:15 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-28 14:25 . 2008-06-28 22:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-06-28 10:00 . 2008-06-29 12:48 <REP> d-------- C:\Documents and Settings\eric martel\Application Data\Smart PC Solutions
2008-06-28 09:53 . 2008-06-29 12:48 <REP> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-06-28 09:42 . 2008-06-28 09:42 <REP> d-------- C:\Program Files\Quicksys
2008-06-27 17:51 . 2008-06-29 12:47 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-06-27 10:23 . 2008-06-27 10:23 106,496 --a------ C:\WINDOWS\system32\eelihthr.dll
2008-06-26 17:54 . 2008-06-26 17:54 <REP> d-------- C:\Program Files\FLV Player
2008-06-24 00:09 . 2008-06-24 00:09 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Application Data\vlc
2008-06-23 23:15 . 2008-06-23 23:15 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Application Data\OpenOffice.org2
2008-06-18 23:39 . 2008-06-23 22:55 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\Voisinage réseau
2008-06-18 23:39 . 2006-08-30 15:13 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\Voisinage d'impression
2008-06-18 23:39 . 2006-08-30 17:58 <REP> d---s---- C:\Documents and Settings\fouzia lahbil martel\UserData
2008-06-18 23:39 . 2006-08-30 14:33 <REP> d--h----- C:\Documents and Settings\fouzia lahbil martel\Modèles
2008-06-18 23:39 . 2008-06-23 23:21 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Mes documents
2008-06-18 23:39 . 2006-08-30 15:13 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Menu Démarrer
2008-06-18 23:39 . 2008-06-26 09:47 <REP> dr------- C:\Documents and Settings\fouzia lahbil martel\Favoris
2008-06-18 23:39 . 2008-06-19 00:07 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel\Bureau
2008-06-18 23:39 . 2008-06-18 23:39 <REP> d-------- C:\Documents and Settings\fouzia lahbil martel
2008-06-18 22:54 . 2008-06-18 22:53 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-18 22:53 . 2008-06-27 17:43 <REP> d-------- C:\Documents and Settings\eric martel\.housecall6.6
2008-06-18 22:17 . 2008-06-28 19:13 517 --a------ C:\WINDOWS\TSC.INI
2008-06-18 22:12 . 2008-06-27 07:48 <REP> d-------- C:\WINDOWS\AU_Backup
2008-06-18 22:12 . 2008-06-28 19:12 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-06-18 22:12 . 2008-06-28 19:12 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-06-18 19:22 . 2008-06-18 19:22 <REP> d-------- C:\WINDOWS\AU_Log
2008-06-18 19:22 . 2008-06-28 19:12 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-06-18 19:22 . 2008-06-28 19:12 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-06-18 19:22 . 2008-06-28 19:12 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-06-18 19:22 . 2008-06-28 19:12 170 --a------ C:\WINDOWS\GetServer.ini
2008-06-18 19:15 . 2008-06-18 19:15 <REP> d-------- C:\Program Files\Panda Security
2008-06-18 17:42 . 2008-06-18 17:42 <REP> d-------- C:\Documents and Settings\Mes documents
2008-06-18 15:18 . 2008-06-18 16:14 <REP> dr------- C:\Documents and Settings\TEMP\Mes documents
2008-06-18 15:17 . 2008-06-18 15:17 <REP> d-------- C:\Documents and Settings\TEMP\Menu Démarrer
2008-06-18 15:17 . 2008-06-18 15:20 <REP> dr------- C:\Documents and Settings\TEMP\Favoris
2008-06-18 15:17 . 2008-06-18 20:19 <REP> d-------- C:\Documents and Settings\TEMP\Bureau
2008-06-18 15:14 . 2008-06-18 15:14 <REP> d--h----- C:\Documents and Settings\TEMP\Modèles
2008-06-18 15:12 . 2008-06-18 17:44 <REP> d-------- C:\Documents and Settings\TEMP
2008-06-12 12:37 . 2008-06-12 12:37 <REP> d-------- C:\Program Files\DNA
2008-06-12 12:37 . 2008-06-30 20:58 <REP> d-------- C:\Documents and Settings\eric martel\Application Data\DNA
2008-06-11 12:34 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:34 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-28 20:51 . 2008-06-13 10:06 <REP> d-------- C:\Program Files\Microsoft Publisher
2008-05-17 09:39 . 2008-05-17 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-05-17 09:39 . 2008-05-17 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-05-13 18:49 . 2008-05-13 18:49 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-06 20:11 . 2008-05-06 20:25 <REP> d-------- C:\Documents and Settings\fouzia martel\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 18:58 --------- d-----w C:\Documents and Settings\eric martel\Application Data\BitTorrent
2008-06-30 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-30 16:58 --------- d-----w C:\Documents and Settings\eric martel\Application Data\OpenOffice.org2
2008-06-29 10:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-29 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 09:14 --------- d-----w C:\Program Files\Google
2008-06-20 12:58 --------- d-----w C:\Program Files\Picasa2
2008-06-18 09:59 --------- d-----w C:\Documents and Settings\fouzia martel\Application Data\OpenOffice.org2
2008-06-12 22:31 --------- d-----w C:\Documents and Settings\fouzia martel\Application Data\BitTorrent
2008-06-12 14:48 --------- d-----w C:\Documents and Settings\claire martel\Application Data\BitTorrent
2008-06-12 10:45 --------- d-----w C:\Program Files\BitTorrent
2008-05-24 18:05 --------- d-----w C:\Program Files\IrfanView
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 15:50 --------- d-----w C:\Program Files\Conduit
2008-04-30 15:50 --------- d-----w C:\Program Files\ChrisTV_Add-on
2008-04-30 09:46 --------- d-----w C:\Program Files\ChrisTV Lite
2008-04-21 06:57 670,720 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2007-09-19 20:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-01-25 10:30 456,768 -c--a-w C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 09:59 35,232 -c--a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 09:59 26,112 -c--a-w C:\WINDOWS\inf\WPN311\install.exe
2003-03-21 12:45 250,544 ----a-w C:\Program Files\Fichiers communs\keyhelp.ocx
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_10.21.47.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 08:19:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 16:57:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 16:58:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-12 12:37 289088]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-04-29 19:51 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 23:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 23:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 23:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 16:46 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]

C:\Documents and Settings\fouzia martel\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\Documents and Settings\eric martel\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-08-18 16:56:38 49220]
NETGEAR WPN311 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2006-02-22 14:49:28 1486848]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-17 21:22:44 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651dff0b-3827-11db-9ea3-806d6172696f}]
\Shell\AutoRun\command - H:\ASUSACPI.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-20 13:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:59:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-30 20:59:27
ComboFix-quarantined-files.txt 2008-06-30 18:59:24
ComboFix2.txt 2008-06-29 08:21:57

Pre-Run: 21,225,435,136 octets libres
Post-Run: 22,478,213,120 octets libres

229 --- E O F --- 2008-06-20 13:35:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:34, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 9 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
30 juin 2008 à 22:45
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

__________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
__________________
recolle un nouvel hijackthis et dis nous tes soucis actuels
0
Réponse 10 / 12
kitsiba Messages postés 9 Date d'inscription samedi 28 juin 2008 Statut Membre Dernière intervention 1 juillet 2008
1 juil. 2008 à 11:30
rapport MalwareByte's

Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 5.1.2600 Service Pack 2

11:13:08 01/07/2008
mbam-log-7-1-2008 (11-13-08).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 165671
Time elapsed: 2 hour(s), 37 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Fichiers communs\ProtectionConue\bm.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\ProtectionConue\scnkrnl.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\ProtectionConue\Tools\pblock.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fluvieva.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ifyvitcp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\msturbcr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnligHw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRJDuRK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP314\A0052503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP314\A0052504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP315\A0052865.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP317\A0052961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP317\A0052964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP317\A0052966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:56, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE



Je n'ai plus de problème de dll au démarrage et plus de fenêtres pub qui s'ouvrent, le pb semble réglé? Le PC est-il nettoyé ??

Comment vous remercier ???



pour outils de sécurité ??

Avast ou antivir ??

a squared ? CCcleaner ?? zone alarm ? Kerio ??
0
Réponse 11 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 juil. 2008 à 11:38
slt


vire ce qui est dans le dossier quarantine en allant dans poste de travail puis C puis

C:\QooBox\Quarantine

________________



si tout c'est bien passé désactive la restauration système pour purger les virus qui sont dedans
puis redemarre ton ordi
puis réactive là :
https://www.informatruc.com











pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

((AVAST en français)) ou ANTIVIR (en anglais mais très efficace) antivir étant le meilleur actuellement
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
kitsiba
1 juil. 2008 à 20:32
tout fonctionne correctement.

comment vous remercier ?

problème résolu.
0
Réponse 12 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 juil. 2008 à 20:45
de rien

bonne continuation
0

Discussions similaires

Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses
p0robleme outlook
ghis2000 -
Panth33ra -

1 réponse
Mon ordinateur ouvre des pages du bureau tout seul
Tanguy -
Tanguy -

9 réponses
Afficher deux fenêtres côte à côte
ptitchinoise -
pistouri -

11 réponses
comment activer les fenètre pop-up
zipou -
Tif -

14 réponses