probleme virus beagle aidez moi svp
Forum Sécurité - Virus : probleme virus beagle aidez moi svp
Salut à tous,
J'ai un virus sur mon ordi depuis un petit moment et je n'arrive pas à m'en débarrasser. Alors voilà tous les fichiers .exe sont inutilisable et je ne peut ni installer ni utiliser aucun antivirus, internet explorer ne fonctionne plus et le mode sans echec non plus...
J'ai lu sur différents forums et sur celui ci que ce genre de problemes sont dû à un virus beagle mais les manip indiqués n'ont pas marchés.
je voulais ajouter un scan mais hjt ne veut pas s'installer..
Merci de m'aider j'aimerai éviter un formatage.
Bonjour,
J'ai bien noté que tous les points .exe étaient inutilisables, mais ce problème peut avoir de nombreuses origines. Je vais donc vérifier, tu me diras le message d'erreur ou ce qui se passe si tu n'arrives pas à lancer HijackThis. 
Tu n'auras pas à formater 
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
- Double clique sur HJTInstall.exe pour lancer l'installation.
- Clique sur Install.
- Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
- Accepte la licence en cliquant sur Yes.
- Clique sur "Do a system scan and save a logfile".
- Poste ici[ le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
Et si HijackThis ne marche pas essaye ça :
Bonjour, 
Télécharge ELIBAGLA en bas de cette page:
==> http://www.zonavirus.com/datos/des [...] ibagla.asp
Lance Elibagla en double cliquant dessus.
assure toi que le bouton "Eliminar Ficheros Automaticamente" soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt
N.B : Si ELIBAGLA ne marche pas, reviens me le dire, sinon poste le rapport demandé
Message édité par Egwene le 07-10-2008 à 09:45:32
Sécurité / Prévention
Répondre à Egwene
Bonjour,
J'ai réessayer d'installer hjt avec le lien que tu m'a envoyé et cette fois au lieu du message me disant que hijackthis.exe n'est pas une application win32 valide, il commence a s'ouvrir et se ferme quand je clic sur installer . Meme resultat avec elibagla, il commence à s'installer et s'arrete brusquement a la fin du chargement ou il y a ecrit "procesando 116 ficheros virisios". Que faire? je te remercie de te pencher sur mon problème.. c'est vraiment simpa.
Re,
Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
- Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Sécurité / Prévention
Répondre à Egwene
re
enfin quelque chose qui fonctionne et du meme coup spybot remarche.
Voila le scan:
ComboFix 08-10-06.06 - Mazu 2008-10-07 16:13:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.535 [GMT 2:00]
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mazu\Application Data\m
C:\Documents and Settings\Mazu\Application Data\m\flec006.exe
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft DVD to iPhone Converter 7.06.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft DVD to iPod Converter 7.07.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft DVD to PSP Converter 5.31.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft DVD to Zune Converter 7.09.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft iPhone Video Converter 7.05.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft iPhone Video Converter Suite 7.05.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft MPEG to DVD Burner 3.31.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft PSP Movie Converter 5.16.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft PSP Video Converter 7.05.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Ultimate DVD + Video Converter Suite 2008.20511.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Ultimate DVD Converter 7.06.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Ultimate Video Converter 7.05.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Zune Video Converter + DVD to Zune Suite Pro 7.2.7.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Zune Video Converter 6.79.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cucusoft Zune Video Converter Suite 5.63.15.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cudgel of screensaver 2.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cue Player 1.6.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cue Player Premium 3.4.8.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cue Player Pro 2.4.4.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CUE Tools 1.9.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cueator 3.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CueListTool 1.7.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\cuePics 1.0.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CueSharp 0.5.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CUEsplit 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cuevision Server Monitor Professional 2.5.5.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CUICommander 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Culinary Delights 220 Recipes for Masterpiece Dishes 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Culver Webcams 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cup-A-Lerter 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cup Companion 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cup Holder 1.0.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cup o' Joe Factor calculator 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities Disk Cleaner 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities Duplicate Files Finder 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities Privacy Eraser 2.01.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities Shortcuts Fixer 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities StartUp Manager 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CuperUtilities Undelete 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cupid's 3D Valentine's Day Screensaver 1.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cupid's gadget 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cupid Clock Screensaver 2.4.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cupul 1.0.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curacao 3.1.6.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curency Converter EX 1.00.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curiosity 0.3.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curious Beeps 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\cURL 7.17.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curled Serif 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CURLYWURLY 1.40.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency 1.0.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Calculator 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Chart 2.5.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter 2.3.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter Euro 2.1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency converter for Romanian Leu 1.0.0.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter FX 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter Gadget 1.0.0.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter Maxthon Plugin 1.65.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter Opera Widget 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter Opera Widget 1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Converter X 1.00.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Exchange Monitor 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Quotes 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currency Server 4.5.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrencyConverter 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrencyManage 2005.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrencyManage Canada 2007.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Current User 1.3.0.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Current Weather 1.0.6.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Currently Listening Plugin for Windows Live Writer 1.6.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrentTime 1.0.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrPorts 1.36.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurrProcess 1.12.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursor Clock 1.0.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursor Extractor 2.3.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursor Fun 1.01.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursor Hider 1.5.1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursor Translator 1.00.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CursorFX (formerly CursorXP) 2.00 Preview 1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CursorUS 1.9.81.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cursul Valutar 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurTiPot pH & Acid-Base Titration Curves 3.2.3.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curve Sketching 1.10.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurveMail.NET 1.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Curvemeister 2.1.16.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\CurvFit 5.10.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Cushy Stock 1.7.6.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custo 3.0.4.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custodia AntiVirus 2008 20.41.01.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custodia Personal Firewall 2008 20.41.02.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custody Keeper 2.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custody Toolbox 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custody X Change 1.10.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Addressbook 5.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Addressbook Lite 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Application Buttons Class 1.2.4.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Buttons 0.0.1.3.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Buttons Firefox Add-on 2.0.5.11.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Calculator 1.22.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Calendar Creator 1.4.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Calendar Maker 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Content Manager 1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Countdown 1.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Error Page 1.1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Flag3D Screensaver 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Folder 1.4.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Geometry 1.3.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Internet Explorer Toolbar Builder 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Mailer 3.21.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Maxthon Start Page 2.1.1.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Picture Screen Saver 1.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom QuickLaunch 1.3.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Reader 1.5.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 1 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 2 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 3 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 4 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 5 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 6 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 7 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Screensaver Selection 8 2.0.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Shapes Collection 1.0.2.zip
C:\Documents and Settings\Mazu\Application Data\m\shared\Custom Shapes Pack 1 'Zigzags' 1.0.1.zip
C:\Documents and Settings\Mazu\Favoris\Online Security Test.url
C:\InfoSat.txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1035765.exe
C:\WINDOWS\system32\drivers\downld\1040875.exe
C:\WINDOWS\system32\drivers\downld\1115703.exe
C:\WINDOWS\system32\drivers\downld\1460671.exe
C:\WINDOWS\system32\drivers\downld\1478296.exe
C:\WINDOWS\system32\drivers\downld\1555687.exe
C:\WINDOWS\system32\drivers\downld\16996312.exe
C:\WINDOWS\system32\drivers\downld\17043046.exe
C:\WINDOWS\system32\drivers\downld\17216515.exe
C:\WINDOWS\system32\drivers\downld\17297125.exe
C:\WINDOWS\system32\drivers\downld\17361562.exe
C:\WINDOWS\system32\drivers\downld\17584390.exe
C:\WINDOWS\system32\drivers\downld\17663921.exe
C:\WINDOWS\system32\drivers\downld\1777640.exe
C:\WINDOWS\system32\drivers\downld\1796296.exe
C:\WINDOWS\system32\drivers\downld\18358609.exe
C:\WINDOWS\system32\drivers\downld\18405609.exe
C:\WINDOWS\system32\drivers\downld\18456906.exe
C:\WINDOWS\system32\drivers\downld\18562937.exe
C:\WINDOWS\system32\drivers\downld\18658171.exe
C:\WINDOWS\system32\drivers\downld\18662671.exe
C:\WINDOWS\system32\drivers\downld\1872562.exe
C:\WINDOWS\system32\drivers\downld\18956156.exe
C:\WINDOWS\system32\drivers\downld\19035171.exe
C:\WINDOWS\system32\drivers\downld\190968.exe
C:\WINDOWS\system32\drivers\downld\1949984.exe
C:\WINDOWS\system32\drivers\downld\19826312.exe
C:\WINDOWS\system32\drivers\downld\1985921.exe
C:\WINDOWS\system32\drivers\downld\20032796.exe
C:\WINDOWS\system32\drivers\downld\2017156.exe
C:\WINDOWS\system32\drivers\downld\2032546.exe
C:\WINDOWS\system32\drivers\downld\2076593.exe
C:\WINDOWS\system32\drivers\downld\2091734.exe
C:\WINDOWS\system32\drivers\downld\2212296.exe
C:\WINDOWS\system32\drivers\downld\2326609.exe
C:\WINDOWS\system32\drivers\downld\2385703.exe
C:\WINDOWS\system32\drivers\downld\2405734.exe
C:\WINDOWS\system32\drivers\downld\2413531.exe
C:\WINDOWS\system32\drivers\downld\2541328.exe
C:\WINDOWS\system32\drivers\downld\2916828.exe
C:\WINDOWS\system32\drivers\downld\2963781.exe
C:\WINDOWS\system32\drivers\downld\301296.exe
C:\WINDOWS\system32\drivers\downld\309796.exe
C:\WINDOWS\system32\drivers\downld\3149859.exe
C:\WINDOWS\system32\drivers\downld\320406.exe
C:\WINDOWS\system32\drivers\downld\3218234.exe
C:\WINDOWS\system32\drivers\downld\3296000.exe
C:\WINDOWS\system32\drivers\downld\33424890.exe
C:\WINDOWS\system32\drivers\downld\33576328.exe
C:\WINDOWS\system32\drivers\downld\33623156.exe
C:\WINDOWS\system32\drivers\downld\33780484.exe
C:\WINDOWS\system32\drivers\downld\33923328.exe
C:\WINDOWS\system32\drivers\downld\339921.exe
C:\WINDOWS\system32\drivers\downld\34153562.exe
C:\WINDOWS\system32\drivers\downld\34237453.exe
C:\WINDOWS\system32\drivers\downld\3438406.exe
C:\WINDOWS\system32\drivers\downld\34799625.exe
C:\WINDOWS\system32\drivers\downld\348734.exe
C:\WINDOWS\system32\drivers\downld\34954671.exe
C:\WINDOWS\system32\drivers\downld\35002375.exe
C:\WINDOWS\system32\drivers\downld\35179140.exe
C:\WINDOWS\system32\drivers\downld\35259250.exe
C:\WINDOWS\system32\drivers\downld\35311718.exe
C:\WINDOWS\system32\drivers\downld\3540609.exe
C:\WINDOWS\system32\drivers\downld\35557484.exe
C:\WINDOWS\system32\drivers\downld\35642250.exe
C:\WINDOWS\system32\drivers\downld\357140.exe
C:\WINDOWS\system32\drivers\downld\3620187.exe
C:\WINDOWS\system32\drivers\downld\36463968.exe
C:\WINDOWS\system32\drivers\downld\36673906.exe
C:\WINDOWS\system32\drivers\downld\387515.exe
C:\WINDOWS\system32\drivers\downld\4472421.exe
C:\WINDOWS\system32\drivers\downld\4717312.exe
C:\WINDOWS\system32\drivers\downld\50140156.exe
C:\WINDOWS\system32\drivers\downld\50290640.exe
C:\WINDOWS\system32\drivers\downld\50337593.exe
C:\WINDOWS\system32\drivers\downld\50514421.exe
C:\WINDOWS\system32\drivers\downld\50596125.exe
C:\WINDOWS\system32\drivers\downld\50881375.exe
C:\WINDOWS\system32\drivers\downld\50960859.exe
C:\WINDOWS\system32\drivers\downld\51781484.exe
C:\WINDOWS\system32\drivers\downld\52002562.exe
C:\WINDOWS\system32\drivers\downld\521000.exe
C:\WINDOWS\system32\drivers\downld\5227343.exe
C:\WINDOWS\system32\drivers\downld\530343.exe
C:\WINDOWS\system32\drivers\downld\5306546.exe
C:\WINDOWS\system32\drivers\downld\534984.exe
C:\WINDOWS\system32\drivers\downld\570265.exe
C:\WINDOWS\system32\drivers\downld\713375.exe
C:\WINDOWS\system32\drivers\downld\7257140.exe
C:\WINDOWS\system32\drivers\downld\7306109.exe
C:\WINDOWS\system32\drivers\downld\7463578.exe
C:\WINDOWS\system32\drivers\downld\7510468.exe
C:\WINDOWS\system32\drivers\downld\8072078.exe
C:\WINDOWS\system32\drivers\downld\8151218.exe
C:\WINDOWS\system32\drivers\downld\8584687.exe
C:\WINDOWS\system32\drivers\downld\8948859.exe
C:\WINDOWS\system32\drivers\downld\904953.exe
C:\WINDOWS\system32\drivers\downld\9169718.exe
C:\WINDOWS\system32\drivers\downld\962062.exe
C:\WINDOWS\system32\drivers\downld\984031.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 ))))))))))))))))))))))))))))))))))))
.
2008-10-07 13:00 . 2008-10-07 13:00 <REP> d-------- C:\Program Files\Trend Micro
2008-10-06 18:18 . 2008-10-06 18:18 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\AVGTOOLBAR
2008-10-06 13:25 . 2008-10-06 13:25 <REP> d-------- C:\Program Files\CCleaner
2008-10-06 07:03 . 2008-10-06 08:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-30 20:09 . 2008-09-30 20:24 5,368 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 17:56 . 2008-09-30 21:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-30 17:56 . 2008-09-30 17:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-23 22:14 . 2008-09-23 22:22 <REP> d-------- C:\Program Files\ArKaos VJ 3.6.1 FC2
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\Cycling '74
2008-09-23 20:10 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-09-23 20:09 . 2008-09-23 20:10 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-09-23 20:09 . 2008-09-23 20:10 <REP> d-------- C:\Program Files\QuickTime
2008-09-23 20:09 . 2008-09-24 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-09-23 20:09 . 2008-09-23 20:09 109,900 --a------ C:\WINDOWS\Livid Union DEMO Uninstaller.exe
2008-09-23 20:08 . 2008-09-23 20:08 <REP> d-------- C:\Program Files\Livid Union DEMO
2008-09-19 16:58 . 2008-09-19 16:58 <REP> d-------- C:\ATI
2008-09-19 16:49 . 2008-09-19 16:49 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\Windows Search
2008-09-19 02:19 . 2008-09-19 02:19 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-19 02:19 . 2008-09-19 02:19 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\Windows Desktop Search
2008-09-19 02:18 . 2008-09-19 02:18 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-19 02:18 . 2008-09-19 02:18 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-09-19 02:16 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-19 02:16 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-19 02:16 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-19 01:07 . 2008-09-19 01:07 <REP> d-------- C:\Program Files\TechSmith
2008-09-19 01:07 . 2008-09-19 01:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-18 23:43 . 2008-09-18 23:43 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-18 23:43 . 2008-09-18 23:43 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-18 00:11 . 2008-09-18 00:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Resolume 2.4
2008-09-18 00:10 . 2008-09-18 00:11 <REP> d-------- C:\Program Files\Resolume 2.41
2008-09-17 01:59 . 2008-09-17 01:59 <REP> d-------- C:\Program Files\Sun
2008-09-17 00:28 . 2008-09-17 00:28 <REP> d-------- C:\Program Files\DNA
2008-09-17 00:28 . 2008-09-17 00:28 <REP> d-------- C:\Program Files\BitTorrent
2008-09-17 00:28 . 2008-10-07 16:12 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\DNA
2008-09-17 00:28 . 2008-09-17 00:38 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\BitTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 22:01 --------- d-----w C:\Program Files\ItsLabel
2008-10-06 20:56 --------- d-----w C:\Program Files\Steam
2008-10-06 20:56 --------- d-----w C:\Documents and Settings\Mazu\Application Data\EoRezo
2008-09-30 18:24 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-29 22:25 --------- d-----w C:\Program Files\eMule
2008-09-29 21:16 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-09-23 20:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 20:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-18 23:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-18 21:17 --------- d-----w C:\Program Files\BitDefender
2008-09-18 14:13 --------- d-----w C:\Documents and Settings\Mazu\Application Data\LimeWire
2008-09-18 14:09 --------- d-----w C:\Program Files\Alwil Software
2008-09-17 10:48 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-16 23:58 --------- d-----w C:\Program Files\Java
2008-09-03 19:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-01 15:50 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-16 14:42 338,770 ----a-w C:\Program Files\ingeson.pdf
2008-02-09 00:59 3,861,320 ----a-w C:\Program Files\eMule0.48a-Installer2.exe
2008-02-02 13:57 29,548,041 ----a-w C:\Program Files\kav7.0.1.321.fr.01NET.exe
2005-10-05 16:00 12,846,248 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
.
------- Sigcheck -------
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-19 17:09 1220096 dcfd06ef6ef1620dd8c1bf353d7eee03 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\SDold\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\SDold\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-22 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ramboost"="C:\Program Files\ramboost\ramboost.exe" [2004-01-26 133632]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 1069920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-04-16 565248]
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [2007-04-26 2908160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-23 98304]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-02-01 925696]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Steam\\SteamApps\\groundsoldier\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Crux P2P\\Crux P2P.exe"=
"C:\\Program Files\\Resolume 2.41\\resolume.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - murztdnnv.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL murztdnnv.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{075052bc-c2cc-11dc-919f-806d6172696f}]
\Shell\Auto\command - murztdnnv.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL murztdnnv.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12488de2-49fd-11dd-8faf-ea808d04218b}]
\Shell\AutoRun\command - K:\.\run\autorun.exe
\Shell\open\Command - K:\.\run\autorun.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-09-26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-07 17:05]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-EoDesk3d - (no file)
SharedTaskScheduler-{7265100a-17e1-41bf-bd08-63b95a25a9c3} - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Mazu\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 16:17:05
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\srosa]
.
Heure de fin: 2008-10-07 16:24:46
ComboFix-quarantined-files.txt 2008-10-07 14:24:43
Avant-CF: 53,999,161,344 octets libres
Après-CF: 53,922,033,664 octets libres
450
Re,
Tu as ton CD de windows ?
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
Sécurité / Prévention
Répondre à Egwene
bonsoir,
Je n'ai plus mon disque d'installation xp, c'est pour cela que je souhaite eviter le formatage.
Voici le rapport:
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mazu ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 50 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( 08/10/2008| 0:14 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Mazu\APPLIC~1\Search Settings
C:\DOCUME~1\Mazu\APPLIC~1\Search Settings\kb125
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125
C:\Program Files\Search Settings\SearchSettings.exe
-----------\\ Extensions
(Mazu) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=54843"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Services\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Services\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Services\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Services\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet003\Enum\Root\srosa]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Mazu\Bureau\BitDefender 2009 keygen et patch
C:\DOCUME~1\Mazu\Bureau\mp clem\alpha\Alpha 5.20 - Crack Saison.mp3
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\arkaos vj v3 6 1 fc2 incl keygen-air(2).rar
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen.iso
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\snagit 8 2 3 keygen multilanguage.zip
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\____
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\________^ñ__________m_____________8
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\___________
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\_________________________
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\________________________________________________
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\__________________________________________________________2____
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\__________________________________________________________________________________________________________
C:\DOCUME~1\Mazu\Mes documents\Archives\bitdefender total security 2009 fr (keygen avec patch activation valable 3 ans).rar
C:\DOCUME~1\Mazu\Mes documents\Archives\snagit v8 2 1 + keygen.zip
C:\DOCUME~1\Mazu\Mes documents\LimeWire\Saved\BitDefender-All-Products-2008-11.0.9--Keygen-h33t-CaZoR.zip
C:\DOCUME~1\Mazu\Recent\bitdefender total security 2009 fr (keygen avec patch activation valable 3 ans).lnk
C:\DOCUME~1\Mazu\Recent\camtasia studio_4_+_snagit_8_+_keygen.lnk
C:\DOCUME~1\Mazu\Recent\resolume v2 41 incl keygen-beat.lnk
C:\DOCUME~1\Mazu\Recent\___ARESTRA___autocad 2008 fr keygen.lnk
1 - "C:\ToolBar SD\TB_1.txt" - 08/10/2008| 0:15 - Option : [1]
-----------\\ Fin du rapport a 0:15:42,31
Re,
| Citation : Je n'ai plus mon disque d'installation xp, c'est pour cela que je souhaite eviter le formatage. |
Pas de souci, il n'y aura pas besoin de formater Il y a encore des choses à faire, mais quand j'en aurais fini avec toi, ton PC sera tout propre
On va commencer par supprimer tes cracks, nul doute que l'infection vient de là, si tu veux en savoir plus, clique sur le lien dans ma signature.
1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:processes
|
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
2) Relance Toolbar-S&D en double-cliquant sur le raccourci.
- Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
! Ne ferme pas la fenêtre lors de la suppression !
- Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
3) Ouvre Hijackthis, choisis "Open the misc tools section".
Ensuite clique sur "Open Uninstall Manager..."
Ensuite clique sur "save list". Enregistre le document sur ton bureau.
Poste-moi le contenu de ce document dans ta prochaine réponse.
Sécurité / Prévention
Répondre à Egwene
voici le rapport OTMoveIt:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\DOCUME~1\Mazu\Bureau\BitDefender 2009 keygen et patch moved successfully.
C:\DOCUME~1\Mazu\Bureau\mp clem\alpha\Alpha 5.20 - Crack Saison.mp3 moved successfully.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\arkaos vj v3 6 1 fc2 incl keygen-air(2).rar not found.
C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen moved successfully.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen.iso not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\snagit 8 2 3 keygen multilanguage.zip not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\____ not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\________^ñ__________m_____________8 not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\___________ not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\_________________________ not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\________________________________________________ not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\__________________________________________________________2____ not found.
File/Folder C:\DOCUME~1\Mazu\Local Settings\Application Data\Ares\My Shared Folder\camtasia studio_4_+_snagit_8_+_keygen\__________________________________________________________________________________________________________ not found.
File/Folder C:\DOCUME~1\Mazu\Mes documents\Archives\bitdefender total security 2009 fr (keygen avec patch activation valable 3 ans).rar not found.
File/Folder C:\DOCUME~1\Mazu\Mes documents\Archives\snagit v8 2 1 + keygen.zip not found.
File/Folder C:\DOCUME~1\Mazu\Mes documents\LimeWire\Saved\BitDefender-All-Products-2008-11.0.9--Keygen-h33t-CaZoR.zip not found.
C:\DOCUME~1\Mazu\Recent\bitdefender total security 2009 fr (keygen avec patch activation valable 3 ans).lnk moved successfully.
C:\DOCUME~1\Mazu\Recent\camtasia studio_4_+_snagit_8_+_keygen.lnk moved successfully.
C:\DOCUME~1\Mazu\Recent\resolume v2 41 incl keygen-beat.lnk moved successfully.
C:\DOCUME~1\Mazu\Recent\___ARESTRA___autocad 2008 fr keygen.lnk moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mazu\LOCALS~1\Temp\etilqs_WeSarjobeczJUJkKBxLW scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10082008_121113
Files moved on Reboot...
File C:\DOCUME~1\Mazu\LOCALS~1\Temp\etilqs_WeSarjobeczJUJkKBxLW not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mazu\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\XUL.mfl moved successfully.
Et voilà celui de toolbar S&D:
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mazu ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 50 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 08/10/2008|12:37 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Mazu\APPLIC~1\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\Mazu\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
-----------\\ Extensions
(Mazu) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Services\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\rosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Services\srosa]
Rootkit Bagle ! .. [HKLM\..\ControlSet001\Enum\Root\srosa]
1 - "C:\ToolBar SD\TB_1.txt" - 08/10/2008| 0:15 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/10/2008|12:39 - Option : [2]
-----------\\ Fin du rapport a 12:39:16,57
Enfin voilà le rapport HJT:
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
Adobe Shockwave Player
Apple Software Update
Ares 2.0.9
ArKaos VJ 3.6.1 FC2
ASIO4ALL
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
AVG Free 8.0
CCleaner (remove only)
Collab
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
Counter-Strike: Source
Crux P2P
DriverAgent by TouchStone Software
eMule
EoDesk3d 1.2
eoEngine 5.2
FL Studio 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
IL Download Manager
ItsTV 3.0
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Lecteur Windows Media 11
LimeWire 4.16.6
Livebox
Livid Union DEMO
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (3.0.3)
OpenOffice.org Installer 1.0
Pack Vista Inspirat 2 1.0
QuickTime
Ramboost
Resolume 2.41
Sagem Wi-Fi 11g USB adapter (driver)
Sagem Wi-Fi 11g USB adapter (utility)
Search Settings
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SnagIt 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Steam(TM)
TerraExplorer
TuneUp Utilities 2004
VideoLAN VLC media player 0.8.6a
Virtual DJ - Atomix Productions
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
ZNsoft Optimizer Xp
Encore une fois, merci pour ton aide.
Bonjour,
Je ne t'ai pas oublié, je te réponds en soirée ce soir, fais un "up" du sujet à ta prochaine connexion ( = poste un message dans ce sujet ) pour ne pas que je l'oublie.
Message édité par Egwene le 09-10-2008 à 09:57:24
Sécurité / Prévention
Répondre à Egwene
Bonjour à toi.
Je suis allé voir les conseil sur le lien de te signature, tres intéressant, surtout la partit sur le piratage. En effet j'ai remarqué sur mon relevé de compte des payement internet que je n'avais jamais fais! Etrange..dans le doute j'ai fait changer ma CB.
Je ne sais pas quoi faire de plus, tous les problemes ont disparu, même le processus flec006 qui m'avait mis sur la piste que ce pourrait etre un virus bagle.
Si tu à d'autres conseils, je suis à l'ecoute, ils me sont tres precieux.
| Citation : Si tu à d'autres conseils, je suis à l'ecoute, ils me sont tres precieux. |
De rien
Yep, il reste des choses à faire
1) Désinstalle via Ajout/Suppression de Programmes (si présents) :
- Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
- Adobe Reader 8.1.2 - Français
- Ares 2.0.9
- eMule
- EoDesk3d 1.2 <-- Suppression optionnelle, à toi de voir si tu en as l'utilité, pour ma part j'enlèverais.
- eoEngine 5.2 <-- Suppression optionnelle, à toi de voir si tu en as l'utilité, pour ma part j'enlèverais.
- ItsTV 3.0 <-- Suppression optionnelle, à toi de voir si tu en as l'utilité, pour ma part j'enlèverais.
- Java(TM) 6 Update 4
- LimeWire 4.16.6
Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P
Tu es en train d'utiliser une vieille version de Adobe Acrobat Reader : cela peut constituer une faille de sécurité, c'est-à-dire une brèche dans ton système qu'un pirate pourrait exploiter. Tu peux le mettre à jour ici :
http://www.adobe.com/products/acrobat/readstep2.html
Si tu as désinstallé les trois programmes optionnels, fais-le moi savoir stp.
2) Peux-tu faire un nouveau scan avec combofix et me poster le nouveau rapport que tu obtiens ?
3) ~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
- Clique sur Accept
- Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
- clique une nouvelle fois sur "Accept"
- Les bases de mises à jour vont s'installer, patiente un moment
- Clique sur Next.
- Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.
Message édité par Egwene le 09-10-2008 à 16:29:21
Sécurité / Prévention
Répondre à Egwene
voici le rapport ComboFix et j'ai désinstallé tout ce que tu m'as dit.
ComboFix 08-10-08.05 - Mazu 2008-10-09 20:41:04.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.454 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mazu\Bureau\Combo-Fix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:38 . 2008-10-09 18:38 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-10-09 00:30 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-08 12:27 . 2008-10-08 12:27 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-10-08 12:11 . 2008-10-08 12:11 <REP> d-------- C:\_OTMoveIt
2008-10-08 12:07 . 2008-10-09 13:04 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-08 01:47 . 2008-10-09 01:15 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-08 01:47 . 2008-10-08 01:47 <REP> d-------- C:\Program Files\AVG
2008-10-08 01:47 . 2008-10-08 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-08 01:47 . 2008-10-08 01:47 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-08 01:47 . 2008-10-08 01:47 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-08 01:47 . 2008-10-08 01:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-08 00:15 . 2008-10-08 12:38 2,498 --a------ C:\Documents and Settings\Orph.egd
2008-10-08 00:14 . 2008-10-08 12:39 <REP> d-------- C:\ToolBar SD
2008-10-07 13:00 . 2008-10-07 13:00 <REP> d-------- C:\Program Files\Trend Micro
2008-10-06 18:18 . 2008-10-06 18:18 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\AVGTOOLBAR
2008-10-06 13:25 . 2008-10-06 13:25 <REP> d-------- C:\Program Files\CCleaner
2008-10-06 07:03 . 2008-10-06 08:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-30 20:09 . 2008-09-30 20:24 5,368 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 17:56 . 2008-10-08 15:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-30 17:56 . 2008-09-30 17:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-23 22:14 . 2008-09-23 22:22 <REP> d-------- C:\Program Files\ArKaos VJ 3.6.1 FC2
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\Cycling '74
2008-09-23 20:10 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-09-23 20:09 . 2008-09-23 20:10 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-09-23 20:09 . 2008-09-23 20:10 <REP> d-------- C:\Program Files\QuickTime
2008-09-23 20:09 . 2008-09-24 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-09-23 20:09 . 2008-09-23 20:09 109,900 --a------ C:\WINDOWS\Livid Union DEMO Uninstaller.exe
2008-09-23 20:08 . 2008-09-23 20:08 <REP> d-------- C:\Program Files\Livid Union DEMO
2008-09-19 16:58 . 2008-09-19 16:58 <REP> d-------- C:\ATI
2008-09-19 16:49 . 2008-09-19 16:49 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\Windows Search
2008-09-19 02:19 . 2008-09-19 02:19 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-19 02:18 . 2008-09-19 02:18 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-19 02:18 . 2008-10-09 18:51 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-09-19 02:16 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-19 02:16 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-19 02:16 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-19 01:07 . 2008-09-19 01:07 <REP> d-------- C:\Program Files\TechSmith
2008-09-19 01:07 . 2008-09-19 01:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-18 23:43 . 2008-09-18 23:43 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-18 23:43 . 2008-09-18 23:43 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-18 00:11 . 2008-09-18 00:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Resolume 2.4
2008-09-18 00:10 . 2008-09-18 00:11 <REP> d-------- C:\Program Files\Resolume 2.41
2008-09-17 01:59 . 2008-09-17 01:59 <REP> d-------- C:\Program Files\Sun
2008-09-17 00:28 . 2008-09-17 00:28 <REP> d-------- C:\Program Files\DNA
2008-09-17 00:28 . 2008-09-17 00:28 <REP> d-------- C:\Program Files\BitTorrent
2008-09-17 00:28 . 2008-10-09 20:42 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\DNA
2008-09-17 00:28 . 2008-09-17 00:38 <REP> d-------- C:\Documents and Settings\Mazu\Application Data\BitTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 16:52 --------- d-----w C:\Program Files\Steam
2008-10-09 16:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-09 15:34 --------- d-----w C:\Documents and Settings\Mazu\Application Data\EoRezo
2008-10-09 15:33 --------- d-----w C:\Program Files\eMule
2008-10-09 15:16 --------- d-----w C:\Program Files\Java
2008-09-30 18:24 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-29 21:16 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-09-23 20:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 20:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-18 23:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-18 21:17 --------- d-----w C:\Program Files\BitDefender
2008-09-18 14:13 --------- d-----w C:\Documents and Settings\Mazu\Application Data\LimeWire
2008-09-18 14:09 --------- d-----w C:\Program Files\Alwil Software
2008-09-17 10:48 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-03 19:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-01 15:50 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-04-16 14:42 338,770 ----a-w C:\Program Files\ingeson.pdf
2008-02-09 00:59 3,861,320 ----a-w C:\Program Files\eMule0.48a-Installer2.exe
2008-02-02 13:57 29,548,041 ----a-w C:\Program Files\kav7.0.1.321.fr.01NET.exe
2005-10-05 16:00 12,846,248 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
.
------- Sigcheck -------
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-19 17:09 1220096 dcfd06ef6ef1620dd8c1bf353d7eee03 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 817152 082ca0b6fee9e708c3894a248aef944f C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\SDold\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\SDold\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-07_16.19.15.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2008-10-07 23:47:31 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-09-19 13:43:11 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-09 15:35:00 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-19 13:43:11 84,148 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-10-09 15:35:00 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-09-19 13:43:11 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-09 15:35:00 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-19 13:43:11 490,576 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-10-09 15:35:00 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-22 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\Mazu\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
Raccourci vers RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-01-14 630784]
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2008-01-15 3450608]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-09 113664]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-02-01 925696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\groundsoldier\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Crux P2P\\Crux P2P.exe"=
"C:\\Program Files\\Resolume 2.41\\resolume.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-08 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-08 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-08 76040]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - murztdnnv.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL murztdnnv.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12488de2-49fd-11dd-8faf-ea808d04218b}]
\Shell\AutoRun\command - K:\.\run\autorun.exe
\Shell\open\Command - K:\.\run\autorun.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-09-26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-07 17:05]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-EoEngine - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Mazu\Application Data\Mozilla\Firefox\Profiles\3ct7bppz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:44:17
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\WINDOWS\TEMP\17926ca7-8e45-4b69-b163-e11a495daad3.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ObjectDock\DockShellHook.dll
-> C:\Program Files\RocketDock\RocketDock.dll
-> ?:\WINDOWS\system32\WS2HELP.dll
.
Heure de fin: 2008-10-09 20:47:38
ComboFix-quarantined-files.txt 2008-10-09 18:47:20
ComboFix2.txt 2008-10-07 14:24:47
Avant-CF: 53 095 624 704 octets libres
Après-CF: 53,081,022,464 octets libres
239
j essaye de lancer l'analyse Kaspersky mais ils me demande de télécharger une version de java inférieur à la mienne. Que dois je faire?
J'attends ta reponce avant de continuer.
Bonsoir,
D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
Rends toi sur ce lien : Virus Total
- Clique sur Parcourir
- Rends toi jusque sur ce fichier si tu le trouves :
C:\WINDOWS\unvise32qt.exe
- Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
- Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
- Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
- Une nouvelle fenêtre de ton navigateur va apparaître
- Clique alors sur cette image :
- Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
- Enfin colle le résultat dans ta prochaine réponse.
- Fais la même chose pour :
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wininet.dll
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
Sécurité / Prévention
Répondre à Egwene
bonjour,
voila le resultat:
pour unvise32qt.exe:
Fichier unvise32qt.exe reçu le 2008.09.20 22:47:33 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Information additionnelle
File size: 86016 bytes
MD5...: 23a458e8eb269a71a29ada0cb3e22e65
SHA1..: ed89dac3cc37f2d47f2df0824965a1bac8f4638f
SHA256: e55f951b5951b2299e2ad562a97cf3d7dd5ccc869ef9144d4bdb87df37cf2a30
SHA512: f186e209f34c62e42b2dcdad5bdab1adee5a37f878cbc0f71463f7ce906b1b44<br>3da43ba73e0e788d5ce1950dafbeafbb2ac5fac1da048d2a12c62ac6aef2b22b
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4081f2<br>timedatestamp.....: 0x3829a5ba (Wed Nov 10 17:04:58 1999)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xd525 0xe000 6.38 742e6c1a380d35e5b6dcfccc078be188<br>.rdata 0xf000 0x164c 0x2000 4.26 3428a92dfcd6fe37dfcea88b40fbc15b<br>.data 0x11000 0x2f58 0x2000 3.99 d18c5bb28f93fcc95654f629d8e1cdb6<br>.rsrc 0x14000 0x1668 0x2000 3.31 58a174321b77ae599a4397326aeb69ba<br><br>( 7 imports ) <br>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<br>> KERNEL32.dll: GetPrivateProfileStringA, GetProcAddress, GlobalLock, GlobalAlloc, GetWindowsDirectoryA, WritePrivateProfileStringA, Sleep, lstrcmpiA, GetTempFileNameA, GetLastError, GetTickCount, lstrcpynA, GetSystemDirectoryA, MulDiv, GetPrivateProfileSectionNamesA, lstrcmpA, GetTempPathA, FindFirstFileA, FindClose, FindNextFileA, GetShortPathNameA, DeleteFileA, _lopen, GlobalFree, SetFileAttributesA, _hread, _hwrite, _lcreat, GetFileAttributesA, MoveFileExA, lstrcatA, WriteProfileStringA, OpenFile, _lread, _llseek, _lclose, LoadLibraryA, FindResourceA, LoadResource, LockResource, lstrcpyA, FreeResource, FreeLibrary, IsBadCodePtr, FlushFileBuffers, GlobalHandle, GlobalUnlock, lstrlenA, RemoveDirectoryA, GetVersionExA, GetStringTypeA, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, WriteFile, GetStringTypeW, SetStdHandle, UnhandledExceptionFilter, HeapSize, IsBadReadPtr, HeapReAlloc, LCMapStringW, LCMapStringA, MultiByteToWideChar, WideCharToMultiByte, HeapAlloc, HeapFree, GetOEMCP, GetACP, GetCPInfo, SetEndOfFile, GetStdHandle, SetHandleCount, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, MoveFileA, RtlUnwind, CreateFileA, GetFileType, ReadFile, CloseHandle, SetFilePointer, VirtualAlloc, IsBadWritePtr<br>> USER32.dll: MessageBoxA, SetFocus, GetDlgItemTextA, GetSysColor, GetWindowRect, GetDesktopWindow, IsWindowVisible, GetParent, EndPaint, BeginPaint, SetWindowTextA, GetWindow, SendMessageA, UpdateWindow, ShowWindow, CreateDialogParamA, MoveWindow, DestroyWindow, DispatchMessageA, TranslateMessage, PeekMessageA, OffsetRect, ScreenToClient, InvalidateRect, DdeInitializeA, DdeUninitialize, DdeAccessData, DdeUnaccessData, DdeFreeDataHandle, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeGetLastError, DdeDisconnect, FindWindowA, LoadStringA, EndDialog, SetDlgItemTextA, GetDC, ReleaseDC, FillRect, GetDlgItem, wsprintfA, CharUpperA, PostMessageA, DialogBoxParamA, DdeFreeStringHandle<br>> GDI32.dll: RemoveFontResourceA, GetObjectA, CreateSolidBrush, CreateFontIndirectA, GetDeviceCaps, DeleteObject<br>> ADVAPI32.dll: ControlService, CloseServiceHandle, OpenSCManagerA, RegCloseKey, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueA, RegQueryValueExA, QueryServiceStatus, DeleteService, OpenServiceA, RegSetValueA, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA<br>> SHELL32.dll: SHGetMalloc, SHChangeNotify, SHGetSpecialFolderLocation, SHGetPathFromIDListA<br>> ole32.dll: OleUninitialize, OleInitialize<br><br>( 0 exports ) <br>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Information additionnelle
File size: 86016 bytes
MD5...: 23a458e8eb269a71a29ada0cb3e22e65
SHA1..: ed89dac3cc37f2d47f2df0824965a1bac8f4638f
SHA256: e55f951b5951b2299e2ad562a97cf3d7dd5ccc869ef9144d4bdb87df37cf2a30
SHA512: f186e209f34c62e42b2dcdad5bdab1adee5a37f878cbc0f71463f7ce906b1b44<br>3da43ba73e0e788d5ce1950dafbeafbb2ac5fac1da048d2a12c62ac6aef2b22b
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4081f2<br>timedatestamp.....: 0x3829a5ba (Wed Nov 10 17:04:58 1999)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xd525 0xe000 6.38 742e6c1a380d35e5b6dcfccc078be188<br>.rdata 0xf000 0x164c 0x2000 4.26 3428a92dfcd6fe37dfcea88b40fbc15b<br>.data 0x11000 0x2f58 0x2000 3.99 d18c5bb28f93fcc95654f629d8e1cdb6<br>.rsrc 0x14000 0x1668 0x2000 3.31 58a174321b77ae599a4397326aeb69ba<br><br>( 7 imports ) <br>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<br>> KERNEL32.dll: GetPrivateProfileStringA, GetProcAddress, GlobalLock, GlobalAlloc, GetWindowsDirectoryA, WritePrivateProfileStringA, Sleep, lstrcmpiA, GetTempFileNameA, GetLastError, GetTickCount, lstrcpynA, GetSystemDirectoryA, MulDiv, GetPrivateProfileSectionNamesA, lstrcmpA, GetTempPathA, FindFirstFileA, FindClose, FindNextFileA, GetShortPathNameA, DeleteFileA, _lopen, GlobalFree, SetFileAttributesA, _hread, _hwrite, _lcreat, GetFileAttributesA, MoveFileExA, lstrcatA, WriteProfileStringA, OpenFile, _lread, _llseek, _lclose, LoadLibraryA, FindResourceA, LoadResource, LockResource, lstrcpyA, FreeResource, FreeLibrary, IsBadCodePtr, FlushFileBuffers, GlobalHandle, GlobalUnlock, lstrlenA, RemoveDirectoryA, GetVersionExA, GetStringTypeA, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, WriteFile, GetStringTypeW, SetStdHandle, UnhandledExceptionFilter, HeapSize, IsBadReadPtr, HeapReAlloc, LCMapStringW, LCMapStringA, MultiByteToWideChar, WideCharToMultiByte, HeapAlloc, HeapFree, GetOEMCP, GetACP, GetCPInfo, SetEndOfFile, GetStdHandle, SetHandleCount, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, MoveFileA, RtlUnwind, CreateFileA, GetFileType, ReadFile, CloseHandle, SetFilePointer, VirtualAlloc, IsBadWritePtr<br>> USER32.dll: MessageBoxA, SetFocus, GetDlgItemTextA, GetSysColor, GetWindowRect, GetDesktopWindow, IsWindowVisible, GetParent, EndPaint, BeginPaint, SetWindowTextA, GetWindow, SendMessageA, UpdateWindow, ShowWindow, CreateDialogParamA, MoveWindow, DestroyWindow, DispatchMessageA, TranslateMessage, PeekMessageA, OffsetRect, ScreenToClient, InvalidateRect, DdeInitializeA, DdeUninitialize, DdeAccessData, DdeUnaccessData, DdeFreeDataHandle, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeGetLastError, DdeDisconnect, FindWindowA, LoadStringA, EndDialog, SetDlgItemTextA, GetDC, ReleaseDC, FillRect, GetDlgItem, wsprintfA, CharUpperA, PostMessageA, DialogBoxParamA, DdeFreeStringHandle<br>> GDI32.dll: RemoveFontResourceA, GetObjectA, CreateSolidBrush, CreateFontIndirectA, GetDeviceCaps, DeleteObject<br>> ADVAPI32.dll: ControlService, CloseServiceHandle, OpenSCManagerA, RegCloseKey, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueA, RegQueryValueExA, QueryServiceStatus, DeleteService, OpenServiceA, RegSetValueA, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA<br>> SHELL32.dll: SHGetMalloc, SHChangeNotify, SHGetSpecialFolderLocation, SHGetPathFromIDListA<br>> ole32.dll: OleUninitialize, OleInitialize<br><br>( 0 exports ) <br>
pour wuauclt.exe :
Fichier wuauclt.exe reçu le 2008.10.10 23:32:18 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 -
Authentium 5.1.0.4 2008.10.10 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.10 -
CAT-QuickHeal 9.50 2008.10.10 -
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.10 Suspicious:W32/SCKeyLog!Gemini
Fortinet 3.113.0.0 2008.10.10 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.10 -
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3513 2008.10.10 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.10 -
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 -
Sophos 4.34.0 2008.10.10 -
Sunbelt 3.1.1708.1 2008.10.10 -
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Information additionnelle
File size: 68808 bytes
MD5...: 136896c2cdc3f689876e0d44485153ea
SHA1..: ac0637e6cd67e8252e2ab70ace756f8b2e08d66d
SHA256: e0a305b2b828c80d680ca4560e2a529156900bd111e1357faef797cdad2636b8
SHA512: 1abd682c34108b55d674fbad0ec47800ccad353ffea8a2e5b6068969a0b0bc34<br>3ebd46229ce5da3405dcc0d2a42ca9d1f0496d67769934ec9534e3362ff2a4eb
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4042dd<br>timedatestamp.....: 0x48816313 (Sat Jul 19 03:44:19 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8c84 0x8e00 6.00 9079e1cf62cf93298b09b9c3840b6239<br>.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93<br>.rsrc 0xb000 0x4386 0x4400 5.03 35fa9b5775376426341a2ee4d3cfce0d<br>.reloc 0x10000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40<br><br>( 6 imports ) <br>> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange<br>> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx<br>> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey<br>> OLEAUT32.dll: -, -<br>> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW<br><br>( 0 exports ) <br>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 -
Authentium 5.1.0.4 2008.10.10 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.10 -
CAT-QuickHeal 9.50 2008.10.10 -
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.10 Suspicious:W32/SCKeyLog!Gemini
Fortinet 3.113.0.0 2008.10.10 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.10 -
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3513 2008.10.10 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.10 -
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 -
Sophos 4.34.0 2008.10.10 -
Sunbelt 3.1.1708.1 2008.10.10 -
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Information additionnelle
File size: 68808 bytes
MD5...: 136896c2cdc3f689876e0d44485153ea
SHA1..: ac0637e6cd67e8252e2ab70ace756f8b2e08d66d
SHA256: e0a305b2b828c80d680ca4560e2a529156900bd111e1357faef797cdad2636b8
SHA512: 1abd682c34108b55d674fbad0ec47800ccad353ffea8a2e5b6068969a0b0bc34<br>3ebd46229ce5da3405dcc0d2a42ca9d1f0496d67769934ec9534e3362ff2a4eb
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4042dd<br>timedatestamp.....: 0x48816313 (Sat Jul 19 03:44:19 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8c84 0x8e00 6.00 9079e1cf62cf93298b09b9c3840b6239<br>.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93<br>.rsrc 0xb000 0x4386 0x4400 5.03 35fa9b5775376426341a2ee4d3cfce0d<br>.reloc 0x10000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40<br><br>( 6 imports ) <br>> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange<br>> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx<br>> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey<br>> OLEAUT32.dll: -, -<br>> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW<br><br>( 0 exports ) <br>
pour explorer.exe :
Fichier explorer.exe reçu le 2008.08.28 08:41:38 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.27.1 2008.08.28 -
AntiVir 7.8.1.23 2008.08.28 -
Authentium 5.1.0.4 2008.08.28 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.28 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.28 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.27 -
eTrust-Vet 31.6.6052 2008.08.27 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.28 -
Fortinet 3.14.0.0 2008.08.28 -
GData 19 2008.08.28 -
Ikarus T3.1.1.34.0 2008.08.28 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.28 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3394 2008.08.27 -
Norman 5.80.02 2008.08.27 -
Panda 9.0.0.4 2008.08.27 -
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.28 -
Rising 20.59.30.00 2008.08.28 -
Sophos 4.33.0 2008.08.28 -
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.28 -
TheHacker 6.3.0.6.064 2008.08.27 -
TrendMicro 8.700.0.1004 2008.08.28 -
VBA32 3.12.8.4 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.28 -
Information additionnelle
File size: 979968 bytes
MD5...: 3efe912dd25d2586e6a0341db0a66f69
SHA1..: ddcfb14e7b5838731aeec331edb7a7d9f60cc88e
SHA256: a5538cc03898083d73fed0c0c0a7f3febbfb9af44b1f0f109ef87f8f38c49f7f
SHA512: 9d0328e8ba5b48a912da6a8678a617b4185b3cc5ecf2dfac3d27e6456c6674cd<br>da03408ca25dfa5056e1c4f78f5cf935b3d2ff7290c32f038e4fc2005ecff0ad
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x101a55f<br>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<br>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<br>.rsrc 0x48000 0xa51c0 0xa5200 6.57 fca09e784ef52889a6a0f1be6606fd6f<br>.reloc 0xee000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91<br><br>( 13 imports ) <br>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<br>> BROWSEUI.dll: -, -, -, -<br>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<br>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<br>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<br>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<br>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<br>> OLEAUT32.dll: -, -<br>> SHDOCVW.dll: -, -, -<br>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<br>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<br>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<br>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<br><br>( 0 exports ) <br>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.27.1 2008.08.28 -
AntiVir 7.8.1.23 2008.08.28 -
Authentium 5.1.0.4 2008.08.28 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.28 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.28 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.27 -
eTrust-Vet 31.6.6052 2008.08.27 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.28 -
Fortinet 3.14.0.0 2008.08.28 -
GData 19 2008.08.28 -
Ikarus T3.1.1.34.0 2008.08.28 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.28 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3394 2008.08.27 -
Norman 5.80.02 2008.08.27 -
Panda 9.0.0.4 2008.08.27 -
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.28 -
Rising 20.59.30.00 2008.08.28 -
Sophos 4.33.0 2008.08.28 -
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.28 -
TheHacker 6.3.0.6.064 2008.08.27 -
TrendMicro 8.700.0.1004 2008.08.28 -
VBA32 3.12.8.4 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.28 -
Information additionnelle
File size: 979968 bytes
MD5...: 3efe912dd25d2586e6a0341db0a66f69
SHA1..: ddcfb14e7b5838731aeec331edb7a7d9f60cc88e
SHA256: a5538cc03898083d73fed0c0c0a7f3febbfb9af44b1f0f109ef87f8f38c49f7f
SHA512: 9d0328e8ba5b48a912da6a8678a617b4185b3cc5ecf2dfac3d27e6456c6674cd<br>da03408ca25dfa5056e1c4f78f5cf935b3d2ff7290c32f038e4fc2005ecff0ad
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x101a55f<br>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<br>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<br>.rsrc 0x48000 0xa51c0 0xa5200 6.57 fca09e784ef52889a6a0f1be6606fd6f<br>.reloc 0xee000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91<br><br>( 13 imports ) <br>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<br>> BROWSEUI.dll: -, -, -, -<br>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<br>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<br>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<br>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<br>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<br>> OLEAUT32.dll: -, -<br>> SHDOCVW.dll: -, -, -<br>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<br>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<br>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<br>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<br><br>( 0 exports ) <br>
pour wininet.dll :
Fichier wininet.dll reçu le 2008.10.11 16:07:58 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.11 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.11 -
DrWeb 4.44.0.09170 2008.10.11 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.11 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.11 -
Fortinet 3.113.0.0 2008.10.11 -
GData 19 2008.10.11 -
Ikarus T3.1.1.34.0 2008.10.11 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.11 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.11 -
NOD32 3514 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.11 -
PCTools 4.4.2.0 2008.10.11 -
Prevx1 V2 2008.10.11 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.11 -
Sunbelt 3.1.1715.1 2008.10.11 -
Symantec 10 2008.10.11 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.10 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Information additionnelle
File size: 817152 bytes
MD5...: 5f8a137bed66cb1150f139e4e6a6355c
SHA1..: 41b25f13196b452c3311afba4bd51ee5ca963243
SHA256: f804eea6e233187c8a4dd3e8da9b54b5d8f36cd6559bac275597b30c30244e1f
SHA512: c87387d2bf3af2836931ba94259809e9f83db1c579400ec9862a22e8f3d91a9e<br>2f561f8e54415a968065df03eb94e8faf4f980bd8870ced67822c21d11ab8a83
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44081784<br>timedatestamp.....: 0x485fcf27 (Mon Jun 23 16:28:23 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9b0b0 0x9b200 6.59 022f6594caec246095efdddfe9830740<br>.data 0x9d000 0x7768 0x4000 1.44 28ac811974eaed5ed8736f4e3b5e4d66<br>.rsrc 0xa5000 0x228d4 0x22a00 4.75 1fc1339b404ecc0b4cb66d052bf05916<br>.reloc 0xc8000 0x5688 0x5800 6.72 0a5a70a6144314cdf406f20a7092cea5<br><br>( 8 imports ) <br>> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr<br>> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory<br>> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA<br>> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus<br>> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW<br>> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA<br>> Normaliz.dll: IdnToUnicode, IdnToAscii<br>> iertutil.dll: -, -, -, -<br><br>( 229 exports ) <br>CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl<br>
packers (Kaspersky): PE_Patch
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.11 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.11 -
DrWeb 4.44.0.09170 2008.10.11 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.11 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.11 -
Fortinet 3.113.0.0 2008.10.11 -
GData 19 2008.10.11 -
Ikarus T3.1.1.34.0 2008.10.11 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.11 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.11 -
NOD32 3514 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.11 -
PCTools 4.4.2.0 2008.10.11 -
Prevx1 V2 2008.10.11 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.11 -
Sunbelt 3.1.1715.1 2008.10.11 -
Symantec 10 2008.10.11 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.10 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Information additionnelle
File size: 817152 bytes
MD5...: 5f8a137bed66cb1150f139e4e6a6355c
SHA1..: 41b25f13196b452c3311afba4bd51ee5ca963243
SHA256: f804eea6e233187c8a4dd3e8da9b54b5d8f36cd6559bac275597b30c30244e1f
SHA512: c87387d2bf3af2836931ba94259809e9f83db1c579400ec9862a22e8f3d91a9e<br>2f561f8e54415a968065df03eb94e8faf4f980bd8870ced67822c21d11ab8a83
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44081784<br>timedatestamp.....: 0x485fcf27 (Mon Jun 23 16:28:23 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9b0b0 0x9b200 6.59 022f6594caec246095efdddfe9830740<br>.data 0x9d000 0x7768 0x4000 1.44 28ac811974eaed5ed8736f4e3b5e4d66<br>.rsrc 0xa5000 0x228d4 0x22a00 4.75 1fc1339b404ecc0b4cb66d052bf05916<br>.reloc 0xc8000 0x5688 0x5800 6.72 0a5a70a6144314cdf406f20a7092cea5<br><br>( 8 imports ) <br>> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr<br>> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory<br>> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA<br>> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus<br>> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW<br>> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA<br>> Normaliz.dll: IdnToUnicode, IdnToAscii<br>> iertutil.dll: -, -, -, -<br><br>( 229 exports ) <br>CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocol
Dites moi docteur c grave?
Bonjour,
Désolé pour le retard.
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
- Clique sur Accept
- Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
- clique une nouvelle fois sur "Accept"
- Les bases de mises à jour vont s'installer, patiente un moment
- Clique sur Next.
- Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.
Sécurité / Prévention
Répondre à Egwene
voilà, dsl du retard j'ai u du mal a le trouver:
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 14, 2008 03:23:12
Records in database: 1310022
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area File
Scan statistics
Files scanned 127068
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 03:50:16
File name Threat name Threats count
D:\zik\Son d teuf\TECHNO - House -Trance - Dance - Club\Laurent Garnier\Laurent Garnier - The Man With The Red Face (Jan Driver Mix).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
The selected area was scanned.
Bonjour,
D:\zik\Son d teuf\TECHNO - House -Trance - Dance - Club\Laurent Garnier\Laurent Garnier - The Man With The Red Face (Jan Driver Mix).wma
Supprime le fichier en gras ci-dessus.
Comment va le PC ? Toujours des problèmes ?
Sécurité / Prévention
Répondre à Egwene
bonjour dsl mon ordi a cramé et j'ai du faire chager lalimentation je viens juste de le recuperer.
sinon tous va bien je te remercie pour tes conseil qui mon éviter un formatage.
encore une fois merci beaucoup
Il y a 269 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
