Probleme avec les mises a jour Windows XP • page 2

[r@in | b0w]

Ralala, je dois vraiment mal m'expliquer aujourd'hui

Alors, toutes ces lignes correspondent à des entrées registre permettant des démarrages automatique à l'ouverture de la session.

Tu as donc entre autre chose Acrobat Reader ou encore Messenger qui se lancent au démarrage.

Cela ralentit l'ouverture de session.

Après, si cela te va, tant mieux pour toi.

Sinon, tu regardes les logiciels qui ne te sont pas utiles que tu supprime et tu évites toutes les lignes avec des commandes (/s par exemple).

Bien entendu, si tu n'avais pas encore saisi, cela ne nuira pas au logiciel en lui-même.
Ce n'est que des manipulations de registre.

Sinon, je t'aurai dit de désinstaller tel logiciel! Quand même, un peu de sérieux

[reservoirfrog]

Bon, voici le rapport Combo Fix, il a fait du ménage on dirait!

ComboFix 08-10-19.01 - Seb 2008-10-19 22:03:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1369 [GMT 2:00]
Lancé depuis: C:Documents and SettingsSebBureauComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsSebApplication Datainst.exe
C:Program FilesGamesBaroberontb.dll
C:WINDOWS osqxvmn.dll
C:WINDOWSsystem32aeihhixl.ini
C:WINDOWSsystem32bgffd.dll
C:WINDOWSsystem32pffuq.dll
C:WINDOWSsystem32cggpodpo.dll
C:WINDOWSsystem32ctyowysm.dll
C:WINDOWSsystem32cywcisyf.ini
C:WINDOWSsystem32dledgibq.dll
C:WINDOWSsystem32exxbqr.dll
C:WINDOWSsystem32fbvocbmg.dll
C:WINDOWSsystem32fjyfol.dll
C:WINDOWSsystem32fysicwyc.dll
C:WINDOWSsystem32jprybz.dll
C:WINDOWSsystem32lsprst7.dll
C:WINDOWSsystem32msywoytc.ini
C:WINDOWSsystem32
huwbgwh.dll
C:WINDOWSsystem32
ijjdjua.dll
C:WINDOWSsystem32
tqrhgbw.ini
C:WINDOWSsystem32
xyniorc.ini
C:WINDOWSsystem32oxgyykli.dll
C:WINDOWSsystem32oxpvgw.dll
C:WINDOWSsystem32pmnlmkHY.dll
C:WINDOWSsystem32qbigdeld.ini
C:WINDOWSsystem32 glmrn.dll
C:WINDOWSsystem32ssprs.dll
C:WINDOWSsystem32 xhjbl.dll
C:WINDOWSsystem32vcupgbyx.ini
C:WINDOWSsystem32wdfgdhox.ini
C:WINDOWSsystem32wpgcwstv.dll
C:WINDOWSsystem32wpsdslbx.dll
C:WINDOWSsystem32wwGfPXbc.ini
C:WINDOWSsystem32wwGfPXbc.ini2
C:WINDOWSsystem32xcdvlkpw.dll
C:WINDOWSsystem32xyonvrjt.dll
C:WINDOWSsystem32ybrniskl.ini
C:WINDOWSsystem32YHkmlnmp.ini
C:WINDOWSsystem32YHkmlnmp.ini2
C:WINDOWSsystem32zrfwwg.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_BOONTY_GAMES
-------Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
.

2008-10-19 21:29 . 2008-10-19 21:58 <REP> d-------- C:Program FilesNavilog1
2008-10-18 21:27 . 2008-10-18 21:27 <REP> d-------- C:WINDOWS eport
2008-10-18 21:27 . 2008-10-18 21:26 20,479,825 --a------ C:WINDOWSLPT$VPN.605
2008-10-18 21:26 . 2008-10-18 21:26 20,479,825 --a------ C:WINDOWSVPTNFILE.605
2008-10-18 21:26 . 2008-10-18 21:26 1,968,443 --a------ C:WINDOWS sc.ptn
2008-10-18 21:26 . 2008-10-18 21:26 348,229 --a------ C:WINDOWSTSC.exe
2008-10-18 21:26 . 2008-10-18 21:26 71,749 --a------ C:WINDOWShcextoutput.dll
2008-10-18 21:15 . 2008-10-18 21:26 <REP> d-------- C:WINDOWSAU_Temp
2008-10-18 08:22 . 2008-10-18 08:22 261,632 --a------ C:WINDOWSsystem32cbXPfGww.dll
2008-10-17 13:17 . 2008-10-17 13:17 <REP> d-------- C:Documents and SettingsAll UsersApplication DataEscapeTheMuseum
2008-10-16 22:23 . 2008-10-16 22:40 <REP> d-------- C:Program FilesMediaCoder
2008-10-16 21:32 . 2008-10-16 21:32 <REP> d-------- C:Ri4m_TMP
2008-10-16 07:36 . 2008-10-16 07:36 56,832 --a------ C:WINDOWSsystem32chsscs.exe
2008-09-26 18:02 . 2004-08-04 00:54 21,504 --a------ C:WINDOWSsystem32hidserv.dll
2008-09-26 18:02 . 2004-08-04 00:54 21,504 --a------ C:WINDOWSsystem32dllcachehidserv.dll
2008-09-26 18:02 . 2004-08-04 00:45 14,848 --a------ C:WINDOWSsystem32driverskbdhid.sys
2008-09-26 18:02 . 2004-08-04 00:45 14,848 --a------ C:WINDOWSsystem32dllcachekbdhid.sys
2008-09-26 17:57 . 2008-09-26 17:57 <REP> d-------- C:Program FilesMultimedia Keyboard Driver
2008-09-25 22:56 . 2008-09-25 22:56 <REP> d-------- C:Documents and SettingsSebApplication DataRayV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 20:15 9,234,464 --sha-w C:WINDOWSsystem32driversfidbox.dat
2008-10-19 20:10 113,324 --sha-w C:WINDOWSsystem32driversfidbox.idx
2008-10-19 20:03 --------- d-----w C:Program FilesGamesBar
2008-10-19 18:15 --------- d-----w C:Program FilesMozilla Thunderbird
2008-10-19 08:13 --------- d-----w C:Program FilesFichiers communsOberon Media
2008-10-18 19:26 91,744 -c--a-w C:WINDOWSBPMNT.dll
2008-10-18 19:26 1,213,784 -c--a-w C:WINDOWSvsapi32.dll
2008-10-18 10:43 --------- d-----w C:Program FilesLx_cats
2008-10-17 21:15 --------- d-----w C:Program FilesSpybot - Search & Destroy
2008-10-17 21:08 --------- d-----w C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-10-17 06:28 --------- d-----w C:Documents and SettingsAll UsersApplication DataGamesBar
2008-10-16 19:33 --------- d-----w C:Documents and SettingsSebApplication DataVso
2008-10-16 16:18 --------- d-----w C:Documents and SettingsAll UsersApplication DataDVD Shrink
2008-10-16 06:48 --------- d-----w C:Program FileseMule
2008-10-15 09:24 --------- d-----w C:Documents and SettingsSebApplication DataBig Fish Games
2008-10-14 15:51 --------- d-----w C:Documents and SettingsAll UsersApplication DataBigFishGamesCache
2008-10-07 15:43 --------- d-----w C:Program FilesPure Pinball
2008-10-03 17:12 6,066,176 ----a-w C:WINDOWSsystem32dllcacheieframe.dll
2008-09-26 15:57 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-09-17 15:35 --------- d-----w C:Documents and SettingsSebApplication DatauTorrent
2008-09-15 15:39 1,846,144 ----a-w C:WINDOWSsystem32win32k.sys
2008-09-15 15:39 1,846,144 ----a-w C:WINDOWSsystem32dllcachewin32k.sys
2008-09-11 12:49 --------- d-----w C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-09-09 12:54 --------- d-----w C:Documents and SettingsSebApplication DataOpenOffice.org2
2008-09-07 12:48 --------- d-----w C:Program FilesPhotoMix
2008-09-04 10:21 --------- d---a-w C:Documents and SettingsAll UsersApplication DataTEMP
2008-09-02 18:01 --------- d-----w C:Program FilesMSN Games
2008-08-28 18:53 0 ----a-w C:Program Files emp01
2008-08-28 13:21 327,680 ----a-w C:WINDOWSsystem32pythoncom25.dll
2008-08-28 13:21 2,113,536 ----a-w C:WINDOWSsystem32python25.dll
2008-08-28 13:21 102,400 ----a-w C:WINDOWSsystem32pywintypes25.dll
2008-08-28 13:21 --------- d-----w C:Documents and SettingsSebApplication Dataagi
2008-08-28 13:21 --------- d-----w C:Documents and SettingsLocalServiceApplication Dataagi
2008-08-28 10:04 333,056 ----a-w C:WINDOWSsystem32driverssrv.sys
2008-08-28 10:04 333,056 ----a-w C:WINDOWSsystem32dllcachesrv.sys
2008-08-27 09:11 3,593,216 ----a-w C:WINDOWSsystem32dllcachemshtml.dll
2008-08-26 10:54 --------- d-----w C:Program FilesLost Treasures Of El Dorado
2008-08-25 08:39 70,656 ----a-w C:WINDOWSsystem32dllcacheie4uinit.exe
2008-08-25 08:38 13,824 ----a-w C:WINDOWSsystem32dllcacheieudinit.exe
2008-08-23 05:56 635,848 ----a-w C:WINDOWSsystem32dllcacheiexplore.exe
2008-08-23 05:54 161,792 ----a-w C:WINDOWSsystem32dllcacheieakui.dll
2008-08-20 19:07 --------- d-----w C:Program FilesApple Software Update
2008-08-20 19:07 --------- d-----w C:Documents and SettingsAll UsersApplication DataApple
2008-08-20 18:12 356 ----a-w C:drmHeader.bin
2008-08-14 13:44 2,182,400 ----a-w C:WINDOWSsystem32dllcache
toskrnl.exe
2008-08-14 13:44 2,138,112 ----a-w C:WINDOWSsystem32
toskrnl.exe
2008-08-14 13:44 2,138,112 ----a-w C:WINDOWSsystem32dllcache
tkrnlmp.exe
2008-08-14 13:44 2,059,776 ----a-w C:WINDOWSsystem32dllcache
tkrnlpa.exe
2008-08-14 13:44 2,017,792 ----a-w C:WINDOWSsystem32
tkrnlpa.exe
2008-08-14 13:44 2,017,792 ----a-w C:WINDOWSsystem32dllcache
tkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:WINDOWSsystem32dllcacheafd.sys
2008-07-31 06:23 9,362,263 -c--a-w C:WINDOWSInternet Logs vDebug.zip
2008-07-28 20:22 9 ----a-w C:Documents and SettingsSebApplication Datamdb.bin
2008-05-25 21:48 23,008 ----a-w C:Documents and SettingsSebApplication DataGDIPFONTCACHEV1.DAT
2008-01-06 16:46 5,632 -csha-w C:Program FilesThumbs.db
2007-09-18 20:18 380 -c--a-w C:Program FilesNetlor StudioStyleView.sps
2007-07-16 13:07 47,360 ----a-w C:Documents and SettingsSebApplication Datapcouffin.sys
.

------- Sigcheck -------

2007-07-12 11:04 506368 86db0fdaf2591c86389d36cf44658cfe C:WINDOWSsystem32winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{CBE257C7-A3A1-4DDA-96BC-1C4D7E514959}]
2008-10-18 08:22 261632 --a------ C:WINDOWSsystem32cbXPfGww.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2007-04-19 7700480]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 155648]
"lxbumon.exe"="C:Program FilesLexmark 6200 Serieslxbumon.exe" [2005-01-18 196608]
"FaxCenterServer"="C:Program FilesLexmark Fax Solutionsfm3032.exe" [2004-11-22 299008]
"EzPrint"="C:Program FilesLexmark 6200 Seriesezprint.exe" [2004-09-17 61440]
"CamserviceHD"="C:Program FilesHerculesHercules DualPix HD WebcamCamservice.exe" [2007-08-13 73728]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07injusched.exe" [2008-06-10 144784]
"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2007-04-26 401408]
"ElbyCheckAnyDVD"="C:Program FilesSlySoftAnyDVDElbyCheck.exe" [2003-09-20 45056]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Elements 6.0apdproxy.exe" [2007-09-11 67488]
"LXBUCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863LXBUtime.dll" [2004-11-02 69632]
"ZoneAlarm Client"="C:Program Filesone LabsoneAlarmzlclient.exe" [2007-12-13 919016]
"KMConfig"="C:Program FilesMultimedia Keyboard DriverV5StartAutorun.exe" [2007-03-06 212992]
"nwiz"="nwiz.exe" [2007-04-19 C:WINDOWSsystem32
wiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 C:WINDOWSsystem32
vmctray.dll]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:WINDOWSSkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:WINDOWSRTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:WINDOWSsystem32thprops.cpl]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="C:Program FilesPicasa2PicasaMediaDetector.exe" [2007-10-23 443968]

C:Documents and SettingsSebMenu D,marrerProgrammesD,marrage
Raccourci vers ashDisp.lnk - C:Program FilesAlwil SoftwareAvast4ashDisp.exe [2007-07-12 78008]
Raccourci vers Outil de d,tection de support.lnk - C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2007-07-13 155648]

C:Documents and SettingsAll UsersMenu D,marrerProgrammesD,marrage
Adobe Gamma Loader.lnk - C:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe [2007-08-05 110592]
DSLMON.lnk - C:Program FilesSAGEMSAGEM F@st 800-908dslmon.exe [2008-07-23 962663]
Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:WINDOWSsystem32cbXPfGww

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageAdobe Reader Synchronizer.lnk
backup=C:WINDOWSpssAdobe Reader Synchronizer.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageLancement rapide d'Adobe Reader.lnk
backup=C:WINDOWSpssLancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
--a------ 2008-07-19 16:38 78008 C:PROGRA~1ALWILS~1Avast4ashDisp.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2007-07-12 11:08 77824 C:Program FilesJavajre1.6.0injusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\eMule\emule.exe"=
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"=
"C:\Program Files\uTorrent\utorrent.exe"=
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"C:\Program Files\Windows Live\Messenger\livecall.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=

R0 videX32;videX32;C:WINDOWSsystem32DRIVERSvideX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:WINDOWSsystem32DRIVERSxfilt.sys [2006-02-23 11264]
R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:Program FilesMultimedia Keyboard DriverV5KMWDSrv.exe [2007-05-08 2179072]
R3 APL531;Hercules Dualpix HD Webcam;C:WINDOWSsystem32Drivershdvidv.sys [2007-07-13 285952]
R3 camfilt2;camfilt2;C:WINDOWSsystem32Driverscamfilt2.sys [2007-07-31 94720]
R3 usbscan;Pilote de scanneur USB;C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S2 BestSyncSvc;BestSync Service;C:Program FilesRiseFlyBestSyncBestSyncSvc.exe [2007-09-30 475136]
S3 camfilt;camfilt;C:WINDOWSsystem32Driverscamfilt.sys [ ]
S3 maconfservice;Ma-Config Service;C:Program Filesma-config.commaconfservice.exe [2008-06-14 576680]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:WINDOWSsystem32DRIVERSNavcar.sys [2006-09-18 30329]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:WINDOWSsystem32DRIVERSLV532AV.SYS [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;F:NTGLM7X.sys [ ]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3e7a8142-3013-11dc-a4ce-806d6172696f}]
ShellAutoRuncommand - D:setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-15 C:WINDOWSTasksAppleSoftwareUpdate.job
- C:Program FilesApple Software UpdateSoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2D112E06-B6DE-4FD3-8D96-1FF18E24DAB5} - C:WINDOWSsystem32pmnlmkHY.dll
BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
BHO-{A12D780A-5BA0-4418-AD5E-380DD70A7215} - C:WINDOWSsystem32geBQJbaa.dll
BHO-{d12969a1-ff75-48d0-aca5-687d72199c2c} - C:WINDOWSsystem32zrfwwg.dll
BHO-{E707E378-C20A-4E77-BDAD-FC14239CC1CB} - (no file)
HKLM-Run-LogitechVideoRepair - C:Program FilesLogitechVideoISStart.exe
HKLM-Run-<NO NAME> - (no file)
ShellExecuteHooks-{A12D780A-5BA0-4418-AD5E-380DD70A7215} - C:WINDOWSsystem32geBQJbaa.dll
Notify-geBQJbaa - geBQJbaa.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:Documents and SettingsSebApplication DataMozillaFirefoxProfiles0nzd7t88.default
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?cl ... r:official
FF -: plugin - C:Documents and SettingsAll UsersApplication DataylomylomGamesPlayer
pzylomgamesplayer.dll
FF -: plugin - C:Documents and SettingsSebApplication DataMozillaFirefoxProfiles0nzd7t88.defaultextensions{bb628310-0ab7-11db-9cd8-0800200c9a66}plugins
phardwaredetection.dll
FF -: plugin - C:Documents and SettingsSebApplication DataMozillaplugins
pPxPlay.dll
FF -: plugin - C:Program FilesDivXDivX Content Uploader
pUpload.dll
FF -: plugin - C:Program Filesma-config.com
phardwaredetection.dll
FF -: plugin - C:Program FilesMozilla Firefoxplugins
pzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 22:13:01
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:WINDOWSsystem32lsass.exe
-> C:WINDOWSsystem32cbXPfGww.dll

PROCESSUS: C:WINDOWSexplorer.exe
-> C:WINDOWSsystem32cbXPfGww.dll
-> C:WINDOWSsystem32
view.dll
.
------------------------ Autres processus actifs ------------------------
.
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesPhotodexProShowGoldscsiaccess.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32lxbucoms.exe
C:Program FilesMultimedia Keyboard DriverV5KMConfig.exe
C:Program FilesMultimedia Keyboard DriverV5KMProcess.exe
C:Program FilesFichiers communsTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobileMobile Phone Monitorepmworker.exe
C:WINDOWSsystem32wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-19 22:22:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-19 20:22:38

Avant-CF: 117 909 131 264 octets libres
Après-CF: 118,222,299,136 octets libres

294 --- E O F --- 2008-10-16 16:46:30

[r@in | b0w]

On peut dire cela oui

Tu vois qu'il y en avait des choses!

Allez, tu es bon pour un nouveau scan HiJackThis histoire de vérifier le ménage et de supprimer les éventuelles traces.

Au passage, tu supprimes le dossier C:Program FilesGamesBar avec un [Shift]+[Suppr] pour le supprimer sans passage par la case Poubelle.

[reservoirfrog]

Rha...va falloir que je cause a ma femme...je ne sais pas d'ou vient ce Game Bar...

Log Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:40:39, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesMultimedia Keyboard DriverV5KMWDSrv.exe
C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesPhotodexProShowGoldScsiAccess.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesLexmark 6200 Serieslxbumon.exe
C:Program FilesLexmark 6200 Seriesezprint.exe
C:Program FilesJavajre1.6.0_07injusched.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32lxbucoms.exe
C:Program FilesMultimedia Keyboard DriverV5StartAutorun.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMultimedia Keyboard DriverV5KMConfig.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMultimedia Keyboard DriverV5KMProcess.exe
C:Program FilesSAGEMSAGEM F@st 800-908dslmon.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
C:Program FilesFichiers communsTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobileMobile Phone Monitorepmworker.exe
C:WINDOWSexplorer.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program Filesone LabsoneAlarmzlclient.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:AppzHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,(Default) = Download Directory
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost;*.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [lxbumon.exe] "C:Program FilesLexmark 6200 Serieslxbumon.exe"
O4 - HKLM..Run: [EzPrint] "C:Program FilesLexmark 6200 Seriesezprint.exe"
O4 - HKLM..Run: [CamserviceHD] C:Program FilesHerculesHercules DualPix HD WebcamCamservice.exe /startup
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07injusched.exe"
O4 - HKLM..Run: [LXBUCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program Filesone LabsoneAlarmzlclient.exe"
O4 - HKLM..Run: [KMConfig] "C:Program FilesMultimedia Keyboard DriverV5StartAutorun.exe" KMConfig.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Startup: Raccourci vers ashDisp.lnk = C:Program FilesAlwil SoftwareAvast4ashDisp.exe
O4 - Startup: Raccourci vers Outil de détection de support.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-908dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - G:Program FilesNetTransport 2NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:Program FilesNetTransport 2NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesonjourmdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://reservoirfrog.spaces.live.com/Ph ... nPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageU ... oader3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: BestSync Service (BestSyncSvc) - RiseFly Software - C:Program FilesRiseFlyBestSyncBestSyncSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesFichiers communsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:Program FilesMultimedia Keyboard DriverV5KMWDSrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:WINDOWSsystem32lxbucoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:Program Filesma-config.commaconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:Program FilesPhotodexProShowGoldScsiAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32oneLabsvsmon.exe

Sur tes conseils, j'ai supprimé quelques entrées pas indispensables ...

[r@in | b0w]

Ok.

Pour ta femme, offres-lui:

_ Linux ou

_ un contrôle parental


Pour terminer la désinfection et optimiser Windows:


_ Désinstallation des utilitaires utilisés:

Les programmes utilisés pour la désinfection ne sont pas à utiliser quotidiennement.

Pour les désinstaller, il faut aller dans le Panneau de configuration puis, via Ajouter/Supprimer des programmes, sélectionner les utilitaires et cliquer sur Désinstaller.

Pour une suppression effective, penses à supprimer leurs dossiers respectifs, la plupart à la racine de ta partition principale.


_ Utilisation d'un navigateur internet alternatif:

Internet Explorer n'étant pas sûr, il est préférable d'installer un navigateur internet alternatif pour sécuriser ton surf.

Tu as le choix entre Mozilla Firefox, Apple Safari ou encore Opéra.

Il faudra ensuite définir ce navigateur internet alternatif comme navigateur par défaut.


_ Utilisation d'un pare-feu alternatif:

Il est recommandé de ne pas utiliser le pare-feu Windows et d'en prendre un plus efficace.

Le choix est large: Zone Alarm & Sunbelt compatibles avec Vista sinon Ashampoo ou encore Sygate.

Après avoir sélectionné le pare-feu idéal, il faudra désactiver celui de Windows.


_ Nettoyage des points de restauration:

Dans un premier temps, il faut supprimer tous les points de restauration.

Pour cela, cliques sur Poste de travail puis Propriétés.
Onglet Restauration automatique du système, tu coches la ligne Désactiver la restauration du système puis tu valides par Ok.
Tu confirmes la suppression de tous les points de restauration, puis tu cliques sur Appliquer et/ou Ok.

Ensuite, il faut réactiver la restauration automatique du système.

Tu refais la manipulation précédente pour relancer les propriétés du Poste de travail.
Tu décoches la ligne puis cliques sur Appliquer & Ok.

Tu auras créer un point de restauration propre.


_ Nettoyage des fichiers temporaires & de la base de registre:

Pour cela, Ccleaner reste le moyen le plus sûr et pratique de tout nettoyer sans risques.

En suivant ce tutorial, cet utilitaire sera configuré correctement.

Il est aussi utile de purger régulièrement le dossier Prefetch en profitant de Ccleaner pour automatiser ce nettoyage.
Pour cela, il faut aller dans Options puis Personnaliser pour ajouter le dossier C:WindowsPREFETCH.


_ Un petit coup d'oeil à notre dossier Nettoyage peut être utile en supplément.

Et finalement, pour optimiser Windows XP, ce sujet sera intéressant.

[reservoirfrog]

Merci infiniment pour ton aide, tu m'a carrément évité le formatage!!

Merci!!!

[r@in | b0w]

De rien.

Les derniers conseils sont plus des principes de sécurité qu'autre chose mais je te conseille de les suivre.

Idem pour le nettoyage & la purge des points de restauration, au cas où que quelque chose de vérolé soit encore présent.

Bon surf.

[reservoirfrog]

T'inquietes, je suis déja les precautions d'usage pour le surf, l'antivirus, firewall etc...mais malgré ça, les merdes arrivent quand meme...

Bref, ce matin, j'ai toujours Spybot qui m'informe que "browser helper object" tente de modifier le registre...je ne sais absolument pas a quoi ça correspond...

20/10/2008 08:32:25 Refusé(e) (based on user decision) value "406447f1" (new data: "rundll32.exe "C:WINDOWSsystem32svenixfx.dll",b") ajouté(e) in System Startup global entry!
20/10/2008 08:54:41 Refusé(e) (based on user decision) value "{a5be5857-61b5-44de-a415-454ed19307c0}" (new data: "") ajouté(e) in Browser Helper Object!

[r@in | b0w]

Bonjour.

Je pense que tu dois pratiquer un ménage conséquent.

Le fichier svenixfx.dll est encore une dll inconnue donc vérolée.

Un coup de ComboFix pour voir l'ampleur des dégâts.
Je l'éplucherai plus attentivement.

Si tu as des fichiers téléchargés via peer-to-peer, effaces-les.

[reservoirfrog]

Ok, je repasserais un coup de combofix ce soir...j'ai aussi encore des fenêtres publicitaires qui s'affichent (pour des antivirus etc...)...

[reservoirfrog]

Rapport combofix:

ComboFix 08-10-19.01 - Seb 2008-10-20 18:11:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1412 [GMT 2:00]
Lancé depuis: C:Documents and SettingsSebBureauSecuritéComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:WINDOWSsystem32dsilrrm.dll
C:WINDOWSsystem32kxufqh.dll
C:WINDOWSsystem32svenixfx.dll
C:WINDOWSsystem32wwGfPXbc.ini
C:WINDOWSsystem32wwGfPXbc.ini2
C:WINDOWSsystem32xfxinevs.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 ))))))))))))))))))))))))))))))))))))
.

2008-10-20 18:19 . 2008-10-20 18:21 444 --ahs---- C:WINDOWSsystem32wwGfPXbc.ini
2008-10-19 23:09 . 2008-10-19 23:09 <REP> d-------- C:Program FilesCCleaner
2008-10-19 21:29 . 2008-10-19 21:58 <REP> d-------- C:Program FilesNavilog1
2008-10-18 21:27 . 2008-10-18 21:27 <REP> d-------- C:WINDOWS eport
2008-10-18 21:27 . 2008-10-18 21:26 20,479,825 --a------ C:WINDOWSLPT$VPN.605
2008-10-18 21:26 . 2008-10-18 21:26 20,479,825 --a------ C:WINDOWSVPTNFILE.605
2008-10-18 21:26 . 2008-10-18 21:26 1,968,443 --a------ C:WINDOWS sc.ptn
2008-10-18 21:26 . 2008-10-18 21:26 348,229 --a------ C:WINDOWSTSC.exe
2008-10-18 21:26 . 2008-10-18 21:26 71,749 --a------ C:WINDOWShcextoutput.dll
2008-10-18 21:15 . 2008-10-18 21:26 <REP> d-------- C:WINDOWSAU_Temp
2008-10-18 08:22 . 2008-10-18 08:22 261,632 --a------ C:WINDOWSsystem32cbXPfGww.dll
2008-10-17 13:17 . 2008-10-17 13:17 <REP> d-------- C:Documents and SettingsAll UsersApplication DataEscapeTheMuseum
2008-10-16 22:23 . 2008-10-16 22:40 <REP> d-------- C:Program FilesMediaCoder
2008-10-16 21:32 . 2008-10-16 21:32 <REP> d-------- C:Ri4m_TMP
2008-10-16 07:36 . 2008-10-16 07:36 56,832 --a------ C:WINDOWSsystem32chsscs.exe
2008-09-26 18:02 . 2004-08-04 00:54 21,504 --a------ C:WINDOWSsystem32hidserv.dll
2008-09-26 18:02 . 2004-08-04 00:54 21,504 --a------ C:WINDOWSsystem32dllcachehidserv.dll
2008-09-26 18:02 . 2004-08-04 00:45 14,848 --a------ C:WINDOWSsystem32driverskbdhid.sys
2008-09-26 18:02 . 2004-08-04 00:45 14,848 --a------ C:WINDOWSsystem32dllcachekbdhid.sys
2008-09-26 17:57 . 2008-09-26 17:57 <REP> d-------- C:Program FilesMultimedia Keyboard Driver
2008-09-25 22:56 . 2008-09-25 22:56 <REP> d-------- C:Documents and SettingsSebApplication DataRayV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 16:21 9,746,464 --sha-w C:WINDOWSsystem32driversfidbox.dat
2008-10-20 16:15 120,344 --sha-w C:WINDOWSsystem32driversfidbox.idx
2008-10-20 15:46 --------- d-----w C:Program FilesMozilla Thunderbird
2008-10-20 14:40 --------- d-----w C:Program FilesSynchronizer
2008-10-19 08:13 --------- d-----w C:Program FilesFichiers communsOberon Media
2008-10-18 19:26 91,744 -c--a-w C:WINDOWSBPMNT.dll
2008-10-18 19:26 1,213,784 -c--a-w C:WINDOWSvsapi32.dll
2008-10-18 10:43 --------- d-----w C:Program FilesLx_cats
2008-10-17 21:15 --------- d-----w C:Program FilesSpybot - Search & Destroy
2008-10-17 21:08 --------- d-----w C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-10-16 19:33 --------- d-----w C:Documents and SettingsSebApplication DataVso
2008-10-16 16:18 --------- d-----w C:Documents and SettingsAll UsersApplication DataDVD Shrink
2008-10-16 06:48 --------- d-----w C:Program FileseMule
2008-10-15 09:24 --------- d-----w C:Documents and SettingsSebApplication DataBig Fish Games
2008-10-14 15:51 --------- d-----w C:Documents and SettingsAll UsersApplication DataBigFishGamesCache
2008-10-03 17:12 6,066,176 ----a-w C:WINDOWSsystem32dllcacheieframe.dll
2008-09-26 15:57 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-09-17 15:35 --------- d-----w C:Documents and SettingsSebApplication DatauTorrent
2008-09-15 15:39 1,846,144 ----a-w C:WINDOWSsystem32win32k.sys
2008-09-15 15:39 1,846,144 ----a-w C:WINDOWSsystem32dllcachewin32k.sys
2008-09-11 12:49 --------- d-----w C:Documents and SettingsAll UsersApplication DataWLInstaller
2008-09-09 12:54 --------- d-----w C:Documents and SettingsSebApplication DataOpenOffice.org2
2008-09-07 12:48 --------- d-----w C:Program FilesPhotoMix
2008-09-04 10:21 --------- d---a-w C:Documents and SettingsAll UsersApplication DataTEMP
2008-09-02 18:01 --------- d-----w C:Program FilesMSN Games
2008-08-28 18:53 0 ----a-w C:Program Files emp01
2008-08-28 13:21 327,680 ----a-w C:WINDOWSsystem32pythoncom25.dll
2008-08-28 13:21 2,113,536 ----a-w C:WINDOWSsystem32python25.dll
2008-08-28 13:21 102,400 ----a-w C:WINDOWSsystem32pywintypes25.dll
2008-08-28 13:21 --------- d-----w C:Documents and SettingsSebApplication Dataagi
2008-08-28 13:21 --------- d-----w C:Documents and SettingsLocalServiceApplication Dataagi
2008-08-28 10:04 333,056 ----a-w C:WINDOWSsystem32driverssrv.sys
2008-08-28 10:04 333,056 ----a-w C:WINDOWSsystem32dllcachesrv.sys
2008-08-27 09:11 3,593,216 ----a-w C:WINDOWSsystem32dllcachemshtml.dll
2008-08-25 08:39 70,656 ----a-w C:WINDOWSsystem32dllcacheie4uinit.exe
2008-08-25 08:38 13,824 ----a-w C:WINDOWSsystem32dllcacheieudinit.exe
2008-08-23 05:56 635,848 ----a-w C:WINDOWSsystem32dllcacheiexplore.exe
2008-08-23 05:54 161,792 ----a-w C:WINDOWSsystem32dllcacheieakui.dll
2008-08-20 19:07 --------- d-----w C:Program FilesApple Software Update
2008-08-20 19:07 --------- d-----w C:Documents and SettingsAll UsersApplication DataApple
2008-08-20 18:12 356 ----a-w C:drmHeader.bin
2008-08-14 13:44 2,182,400 ----a-w C:WINDOWSsystem32dllcache
toskrnl.exe
2008-08-14 13:44 2,138,112 ----a-w C:WINDOWSsystem32
toskrnl.exe
2008-08-14 13:44 2,138,112 ----a-w C:WINDOWSsystem32dllcache
tkrnlmp.exe
2008-08-14 13:44 2,059,776 ----a-w C:WINDOWSsystem32dllcache
tkrnlpa.exe
2008-08-14 13:44 2,017,792 ----a-w C:WINDOWSsystem32
tkrnlpa.exe
2008-08-14 13:44 2,017,792 ----a-w C:WINDOWSsystem32dllcache
tkrpamp.exe
2008-08-14 09:51 138,368 ----a-w C:WINDOWSsystem32dllcacheafd.sys
2008-07-31 06:23 9,362,263 -c--a-w C:WINDOWSInternet Logs vDebug.zip
2008-07-28 20:22 9 ----a-w C:Documents and SettingsSebApplication Datamdb.bin
2008-05-25 21:48 23,008 ----a-w C:Documents and SettingsSebApplication DataGDIPFONTCACHEV1.DAT
2008-01-06 16:46 5,632 -csha-w C:Program FilesThumbs.db
2007-09-18 20:18 380 -c--a-w C:Program FilesNetlor StudioStyleView.sps
2007-07-16 13:07 47,360 ----a-w C:Documents and SettingsSebApplication Datapcouffin.sys
.

------- Sigcheck -------

2007-07-12 11:04 506368 86db0fdaf2591c86389d36cf44658cfe C:WINDOWSsystem32winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-19_22.21.35.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-20 16:17:16 16,384 ----atw C:WINDOWSTempPerflib_Perfdata_c4.dat
+ 2008-10-20 16:19:38 16,384 ----atw C:WINDOWSTempPerflib_Perfdata_e8c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{817E831A-E1AE-45A2-BED2-09FE13C0311B}]
2008-10-18 08:22 261632 --a------ C:WINDOWSsystem32cbXPfGww.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2007-04-19 7700480]
"lxbumon.exe"="C:Program FilesLexmark 6200 Serieslxbumon.exe" [2005-01-18 196608]
"EzPrint"="C:Program FilesLexmark 6200 Seriesezprint.exe" [2004-09-17 61440]
"CamserviceHD"="C:Program FilesHerculesHercules DualPix HD WebcamCamservice.exe" [2007-08-13 73728]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07injusched.exe" [2008-06-10 144784]
"LXBUCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863LXBUtime.dll" [2004-11-02 69632]
"ZoneAlarm Client"="C:Program Filesone LabsoneAlarmzlclient.exe" [2007-12-13 919016]
"KMConfig"="C:Program FilesMultimedia Keyboard DriverV5StartAutorun.exe" [2007-03-06 212992]
"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2007-04-26 401408]
"nwiz"="nwiz.exe" [2007-04-19 C:WINDOWSsystem32
wiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 C:WINDOWSsystem32
vmctray.dll]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:WINDOWSSkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:WINDOWSRTHDCPL.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="C:Program FilesPicasa2PicasaMediaDetector.exe" [2007-10-23 443968]

C:Documents and SettingsSebMenu D,marrerProgrammesD,marrage
Raccourci vers ashDisp.lnk - C:Program FilesAlwil SoftwareAvast4ashDisp.exe [2007-07-12 78008]
Raccourci vers Outil de d,tection de support.lnk - C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe [2007-07-13 155648]

C:Documents and SettingsAll UsersMenu D,marrerProgrammesD,marrage
Adobe Gamma Loader.lnk - C:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe [2007-08-05 110592]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon
otifygeBQJbaa]
[BU]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=kxufqh.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:WINDOWSsystem32cbXPfGww

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageAdobe Reader Synchronizer.lnk
backup=C:WINDOWSpssAdobe Reader Synchronizer.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageDSLMON.lnk
backup=C:WINDOWSpssDSLMON.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageLancement rapide d'Adobe Reader.lnk
backup=C:WINDOWSpssLancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersMenu DémarrerProgrammesDémarrageMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
--a------ 2008-07-19 16:38 78008 C:PROGRA~1ALWILS~1Avast4ashDisp.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2007-07-12 11:08 77824 C:Program FilesJavajre1.6.0injusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\eMule\emule.exe"=
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"=
"C:\Program Files\uTorrent\utorrent.exe"=
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"C:\Program Files\Windows Live\Messenger\livecall.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=

R0 videX32;videX32;C:WINDOWSsystem32DRIVERSvideX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:WINDOWSsystem32DRIVERSxfilt.sys [2006-02-23 11264]
R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-07-19 78416]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:Program FilesMultimedia Keyboard DriverV5KMWDSrv.exe [2007-05-08 2179072]
R3 APL531;Hercules Dualpix HD Webcam;C:WINDOWSsystem32Drivershdvidv.sys [2007-07-13 285952]
R3 camfilt2;camfilt2;C:WINDOWSsystem32Driverscamfilt2.sys [2007-07-31 94720]
R3 usbscan;Pilote de scanneur USB;C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S2 BestSyncSvc;BestSync Service;C:Program FilesRiseFlyBestSyncBestSyncSvc.exe [2007-09-30 475136]
S3 camfilt;camfilt;C:WINDOWSsystem32Driverscamfilt.sys [ ]
S3 maconfservice;Ma-Config Service;C:Program Filesma-config.commaconfservice.exe [2008-06-14 576680]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:WINDOWSsystem32DRIVERSNavcar.sys [2006-09-18 30329]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:WINDOWSsystem32DRIVERSLV532AV.SYS [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;F:NTGLM7X.sys [ ]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3e7a8142-3013-11dc-a4ce-806d6172696f}]
ShellAutoRuncommand - D:setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-15 C:WINDOWSTasksAppleSoftwareUpdate.job
- C:Program FilesApple Software UpdateSoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2D112E06-B6DE-4FD3-8D96-1FF18E24DAB5} - (no file)
BHO-{42EBB7C2-F26F-49DD-BD4A-B4D5E89E33B9} - (no file)
BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
BHO-{A12D780A-5BA0-4418-AD5E-380DD70A7215} - (no file)
BHO-{CBE257C7-A3A1-4DDA-96BC-1C4D7E514959} - (no file)
BHO-{d12969a1-ff75-48d0-aca5-687d72199c2c} - (no file)
BHO-{E707E378-C20A-4E77-BDAD-FC14239CC1CB} - (no file)
HKLM-Run-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:Documents and SettingsSebApplication DataMozillaFirefoxProfiles0nzd7t88.default
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?cl ... r:official
FF -: plugin - C:Documents and SettingsAll UsersApplication DataylomylomGamesPlayer
pzylomgamesplayer.dll
FF -: plugin - C:Documents and SettingsSebApplication DataMozillaFirefoxProfiles0nzd7t88.defaultextensions{bb628310-0ab7-11db-9cd8-0800200c9a66}plugins
phardwaredetection.dll
FF -: plugin - C:Documents and SettingsSebApplication DataMozillaplugins
pPxPlay.dll
FF -: plugin - C:Program FilesDivXDivX Content Uploader
pUpload.dll
FF -: plugin - C:Program Filesma-config.com
phardwaredetection.dll
FF -: plugin - C:Program FilesMozilla Firefoxplugins
pzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 18:19:02
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:WINDOWSsystem32wwGfPXbc.ini 538828 bytes
C:WINDOWSsystem32wwGfPXbc.ini2 538828 bytes

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:WINDOWSsystem32lsass.exe
-> C:WINDOWSsystem32cbXPfGww.dll

PROCESSUS: C:WINDOWSexplorer.exe
-> C:WINDOWSsystem32
view.dll
-> C:WINDOWSsystem32kgtokaig.dll
-> C:WINDOWSsystem32cbXPfGww.dll
.
------------------------ Autres processus actifs ------------------------
.
C:WINDOWSsystem32oneLabsvsmon.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesMultimedia Keyboard DriverV5KMConfig.exe
C:Program FilesMultimedia Keyboard DriverV5KMProcess.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesPhotodexProShowGoldscsiaccess.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32lxbucoms.exe
C:Program FilesFichiers communsTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobileMobile Phone Monitorepmworker.exe
C:WINDOWSsystem32 undll32.exe
.
**************************************************************************
.
Heure de fin: 2008-10-20 18:25:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-20 16:25:30
ComboFix2.txt 2008-10-19 20:22:51

Avant-CF: 125 803 421 696 octets libres
Après-CF: 125,782,609,920 octets libres

266 --- E O F --- 2008-10-16 16:46:30

Aprés le redémarrage de windows, plusieures alertes Spybot:






Sans compter le message d'erreur de chargement de "C:WINDOWSsystem32svenixfx.dll" pour lequel j'ai juste cliqué sur OK...
Mais tjs des fenetres de pubs...ça commence a me gaver ces vermines...

[reservoirfrog]

J'up pour mon sauveur r@in | b0w, si tu passes dans le coin!!

[r@in | b0w]

Bonjour.

Pas trop de flatterie quand même

J'ai eu un peu plus d'imprévus mais tout arrive.

Vis à vis de ComboFix, rien de suspect à part deux processus cachés inconnus & des processus plus ou moins invérifiables.

Aussi, deux choses pour la suite:


1_ Tu vas sur http://www.virustotal.com/fr/ puis tu cliques sur Parcourir.
Tu sélectionnes le fichier C:WINDOWSsystem32cbXPfGww.dll et tu cliques sur Ouvrir.

Tu cliques ensuite sur Envoyer le fichier.

A la fin de l'analyse, tu cliques sur Formaté en haut à gauche puis, dans la nouvelle fenêtre, tu cliques sur le bouton pour faire apparaître le rapport dans la fenêtre en question.

Tu sélectionnes ce rapport puis fais un copier-coller et tu le colles dans ton prochain message.

Tu refais ensuite la même manipulation pour les fichiers:

_ C:WINDOWSsystem32
view.dll
_ C:WINDOWSsystem32kgtokaig.dll
_ C:WINDOWSsystem32cbXPfGww.dll
_ C:WINDOWSsystem32wwGfPXbc.ini
_ C:WINDOWSsystem32wwGfPXbc.ini2


2_ Tu télécharges SDFix.

Tu double cliques ensuite sur l'icône SdFix pour le lancer.
Tu ne touches pas aux configurations et cliques uniquement sur Install.

Tu pars ensuite en Mode sans échec ([F8] au démarrage).

Après être sur ta session, tu cliques sur Démarrer puis Exécuter;
Tu tapes (ou copies-colles) C:SDFixRunThis.bat puis tu valides en appuyant sur [Entrée] ou en cliquant sur Ok.

Une fenêtre s'ouvrira, tu appuies sur la touche [Entrée] ou [Y].

Le fix va faire le ménage, tu prends ton mal en patience et attends

Quand tu vois écrit:

Code: Tout sélectionner

The PC will now restart, SDFix will run again after reboot.
 
Press any key to continue...

Tu appuies sur n'importe quelle touche du clavier, ce qui fera redémarrer ta machine.

SDFix se lancera après l'ouverture de ta session pour finir le ménage.

Le Bloc-notes s'ouvrira ensuite avec le rapport, copies-colles celui-ci dans ton prochain message.


Sinon, quelques questions.

J'ai attrapé il y a quelques mois un Vundo en cliquant sur une icône de mise à jour de Java.

Aussi, tu (ou un autre utilisateur) as fait quelque chose de spécial depuis l'avant dernier scan de ComboFix pour expliquer que le lendemain, il y ait encore des infections? Un clic sur un avertissement quelconque? Un téléchargement suspect?

Est-ce que tu as des cracks sur ta machine: logiciels téléchargés & piratés?

[reservoirfrog]

Salut,

Hier soir j'ai eu un contre temps pour faire les analyses via "virus total".
La, je veux m'y mettre, quand je clique sur parcourir, il ne se passe rien...

Aussi, tu (ou un autre utilisateur) as fait quelque chose de spécial depuis l'avant dernier scan de ComboFix pour expliquer que le lendemain, il y ait encore des infections? Un clic sur un avertissement quelconque? Un téléchargement suspect?

Non, je ne crois pas...

Est-ce que tu as des cracks sur ta machine: logiciels téléchargés & piratés?

Oui, des mini-jeux....mais ils sont tous désinstallés depuis quelques temps déja...

Edit: Virus total fonctionne désormais, voici les logs:

Fichier nview.dll reçu le 2008.10.22 22:18:02 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 -
AntiVir 7.9.0.5 2008.10.22 -
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 -
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 -
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 -
McAfee 5411 2008.10.22 -
Microsoft 1.4005 2008.10.22 -
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 -
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 -
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -
Information additionnelle
File size: 1474560 bytes
MD5...: 3a3d5ec2fb72f025dbfeb5810eaa2e6e
SHA1..: 64e55a2b465a1a06c0734da4adf8f159ae2ebad1
SHA256: ac2a321221db94c4ea2c2fdac9e71d07dc6004763c6ab60c68eeea8416a50b1c
SHA512: 2a167d19c6e7f6c998f5ac69662d1986d3cb36fe5931fe7bc543bb2cf3e78308<br>3c8638a313c9beaa8e7a137f58d93ed972720e969833a61fef59530b9ade84ea
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (75.0%)<br>Win32 Executable Generic (16.9%)<br>Generic Win/DOS Executable (3.9%)<br>DOS Executable Generic (3.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1009c37f<br>timedatestamp.....: 0x4626f8ea (Thu Apr 19 05:06:50 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcb07e 0xcc000 5.78 b55fa8bc0a2949895dbce60c5ea63f3c<br>.rdata 0xcd000 0x149c0 0x15000 4.03 9096ea710243a71bf16ac5112b9d3d2a<br>.data 0xe2000 0xcd48 0x4000 1.69 a0526d93fe83836c6c2e1c60cda505d6<br>.idata 0xef000 0x3aa0 0x4000 4.74 b3c4c9d919fcc5bf4958d57974c5a6eb<br>.rsrc 0xf3000 0x7071c 0x71000 3.52 9d8ca700eb1e1b78d52deedea5a5acfa<br>.reloc 0x164000 0xc5ed 0xd000 6.21 608b57432887411ec9ab11682b24f953<br><br>( 12 imports ) <br>&gt; SHLWAPI.dll: SHDeleteKeyW<br>&gt; ADVAPI32.dll: RevertToSelf, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, AllocateAndInitializeSid, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegOpenKeyW, RegSetValueExA, RegQueryValueExA, RegEnumKeyW, RegFlushKey, RegEnumKeyExW, RegEnumValueW, RegisterEventSourceW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegDeleteValueW, RegCreateKeyW, RegSetKeySecurity, DeregisterEventSource, ReportEventW, ImpersonateSelf, OpenThreadToken, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck<br>&gt; USER32.dll: WinHelpW, GetSysColorBrush, RegisterClassExW, TrackPopupMenu, DestroyIcon, CreatePopupMenu, CheckMenuRadioItem, InsertMenuW, CheckMenuItem, GetSysColor, InsertMenuItemW, CharPrevW, IsWindowVisible, EqualRect, IsIconic, GetWindowPlacement, MapVirtualKeyW, LockSetForegroundWindow, SendInput, FindWindowExW, IntersectRect, GetAsyncKeyState, GetClassInfoW, GetWindowTextW, DrawIconEx, DrawTextExW, GetWindow, CopyRect, InvalidateRgn, GetClassLongW, GetCursor, SetClassLongW, ValidateRect, GetKeyState, ClipCursor, ReleaseCapture, SetCapture, InflateRect, ShowCursor, SendDlgItemMessageW, CheckDlgButton, SetDlgItemInt, GetWindowDC, GetDlgItemInt, FillRect, SetForegroundWindow, MapWindowPoints, IsDialogMessageW, IsRectEmpty, InSendMessage, RegisterHotKey, UnregisterHotKey, PeekMessageW, SetCursor, PostThreadMessageW, FindWindowW, EnumWindows, GetForegroundWindow, MessageBoxW, WaitForInputIdle, RegisterWindowMessageW, BroadcastSystemMessageW, InvalidateRect, IsZoomed, GetWindowModuleFileNameW, IsWindow, SendMessageTimeoutW, GetWindowThreadProcessId, IsDlgButtonChecked, DestroyWindow, PostQuitMessage, CharLowerW, LoadCursorW, UnregisterClassW, RegisterClassW, CreateWindowExW, GetMessageW, TranslateMessage, DispatchMessageW, DefWindowProcW, LoadIconW, DialogBoxParamW, LoadImageW, GetDC, SystemParametersInfoW, DrawTextW, ReleaseDC, GetParent, GetWindowRect, GetCursorPos, EnumDisplaySettingsW, GetDlgItemTextW, SetWindowPos, SetWindowTextW, MoveWindow, ShowWindow, SetFocus, SendMessageW, LoadStringW, wsprintfW, SetDlgItemTextW, SetTimer, GetWindowLongW, SetWindowLongW, BeginPaint, GetClientRect, EndPaint, ExitWindowsEx, GetClassNameW, UpdateWindow, CharNextW, RealGetWindowClassW, GetAncestor, GetDesktopWindow, GetActiveWindow, CascadeWindows, WindowFromPoint, GetMouseMovePointsEx, CreateDialogParamW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, CharUpperW, wvsprintfW, ChangeDisplaySettingsW, ClientToScreen, EnumChildWindows, ScreenToClient, ShowWindowAsync, SetSystemCursor, CopyIcon, SetWindowPlacement, UnionRect, DeleteMenu, IsMenu, GetGUIThreadInfo, FrameRect, SetCursorPos, GetSystemMenu, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, EnumThreadWindows, BringWindowToTop, SetActiveWindow, AttachThreadInput, GetTopWindow, AllowSetForegroundWindow, DrawEdge, GetMenuStringW, GetMenuItemInfoW, GetMenuItemCount, EnableMenuItem, DestroyMenu, RemoveMenu, CloseClipboard, SetClipboardData, RegisterClipboardFormatW, OpenClipboard, GetMenuItemID, GetMenuState, TrackPopupMenuEx, GetMenuItemRect, DestroyCursor, LoadBitmapW, GetWindowInfo, AdjustWindowRect, EmptyClipboard, SubtractRect, GetIconInfo, GetCursorInfo, IsWindowEnabled, RealChildWindowFromPoint, GetUpdateRect, DrawMenuBar, SetMenuItemInfoW, GetSubMenu, GetMenu, SetMenu, LoadMenuW, SetRectEmpty, DrawFocusRect, GetDialogBaseUnits, OffsetRect, EndMenu, SetWindowLongA, GetWindowLongA, IsWindowUnicode, CallWindowProcW, DrawStateW, EndDialog, PtInRect, GetDlgCtrlID, RedrawWindow, KillTimer, GetDlgItem, EnableWindow, PostMessageW, AppendMenuW, GetSystemMetrics<br>&gt; GDI32.dll: ExtEscape, GetTextMetricsW, SetMapMode, MaskBlt, GetStretchBltMode, ExtFloodFill, RectInRegion, GetDIBits, SetBkColor, ExtTextOutW, GetDeviceCaps, CreateRectRgnIndirect, CreateDIBSection, FillPath, LineDDA, Arc, PtInRegion, CreateCompatibleBitmap, SetPixel, CreatePatternBrush, SetStretchBltMode, SetBrushOrgEx, StretchBlt, SetTextColor, TextOutW, GetTextExtentPoint32W, GetRgnBox, CreateDCW, CreateSolidBrush, BeginPath, EndPath, StrokeAndFillPath, PathToRegion, GetPixel, CreatePen, MoveToEx, LineTo, CreateRectRgn, OffsetRgn, CreateFontIndirectW, SelectObject, DeleteObject, CreateCompatibleDC, GetObjectW, BitBlt, DeleteDC, SetBkMode, GetStockObject, CreateBitmap<br>&gt; SHELL32.dll: SHCreateDirectoryExW, SHGetFolderPathW, ExtractIconExW, SHGetSpecialFolderLocation, ShellExecuteW, ExtractIconW, SHGetDesktopFolder, SHAppBarMessage, SHChangeNotify, Shell_NotifyIconW, SHGetMalloc<br>&gt; PSAPI.DLL: GetModuleBaseNameW, EnumProcessModules, EnumProcesses, GetModuleFileNameExW<br>&gt; ole32.dll: CoUninitialize, CreateStreamOnHGlobal, CoCreateInstance, CoInitialize<br>&gt; OLEAUT32.dll: -, -, -<br>&gt; COMCTL32.dll: PropertySheetW<br>&gt; WINMM.dll: PlaySoundW<br>&gt; KERNEL32.dll: ExitProcess, GetModuleHandleA, SetLastError, IsBadWritePtr, HeapReAlloc, VirtualAlloc, FatalAppExitA, VirtualFree, HeapCreate, SetHandleCount, GetVersionExA, GetCommandLineA, RtlUnwind, CopyFileW, MoveFileExW, FreeResource, GlobalGetAtomNameW, EnterCriticalSection, LeaveCriticalSection, GetSystemPowerStatus, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, SetThreadExecutionState, RequestWakeupLatency, GlobalDeleteAtom, GlobalAddAtomW, InterlockedExchange, OpenSemaphoreW, GetFileAttributesW, GetSystemWindowsDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetLocalTime, Beep, GetWindowsDirectoryW, FindNextFileW, GetFileSize, CreateFileW, WriteFile, SetFilePointer, ReadFile, SetFileAttributesW, lstrcmpiW, CreateDirectoryW, MulDiv, FindFirstFileW, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, VirtualProtect, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, LoadLibraryA, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, SetStdHandle, GetTimeZoneInformation, HeapSize, FlushFileBuffers, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, OutputDebugStringW, FindClose, GetUserDefaultLangID, OpenEventW, DeleteFileW, ResetEvent, SetEvent, ProcessIdToSessionId, TerminateThread, GlobalFindAtomW, OpenThread, GetTickCount, GetSystemDirectoryW, GetExitCodeProcess, TerminateProcess, InterlockedIncrement, CreateMutexW, CreateEventW, HeapDestroy, HeapAlloc, GetCommandLineW, lstrcatW, CreateFileMappingW, LocalAlloc, LocalFree, CloseHandle, MapViewOfFileEx, GetLastError, GetSystemInfo, UnmapViewOfFile, GetCurrentProcessId, FreeLibrary, LoadLibraryW, lstrcpynW, GetCurrentThreadId, ExitThread, lstrcpyW, lstrlenW, CreateThread, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, lstrcmpW, GetEnvironmentVariableW, CreateProcessW, GetVersionExW, GetCurrentProcess, Sleep, OpenProcess, WaitForSingleObject, DeleteCriticalSection, TlsFree, HeapFree, TlsGetValue, InterlockedDecrement, ReleaseMutex, SetThreadPriority, GetThreadPriority, GetCurrentThread, TlsSetValue, InterlockedExchangeAdd, GetProcessHeap, TlsAlloc, InitializeCriticalSection<br>&gt; VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW<br><br>( 142 exports ) <br>DMAddDesktop, DMAssociate, DMEnumDesktopApplications, DMEnumDesktops, DMGetCurrentDesktop, DMGetCurrentMonitorDesktop, DMGetDefaultDesktop, DMGetSetting, DMRemoveDesktop, DMSetCurrentDesktop, DMSetCurrentMonitorDesktop, DMSetDefaultDesktop, DMSetSetting, DMStoreSettings, DMUpdateDesktopScreenshot, EnumNviewWindows, GetNViewCAPS, HKAdd, HKEnable, HKEnumActions, HKEnumCommands, HKEnumRotateKeys, HKExecute, HKExecuteAction, HKGetActionParamFlags, HKGetActionProperties, HKGetActionPropertiesEx, HKGetProperty, HKRemove, HKSetProperty, HKStore, KSSetting, NVApplyDisplaySettingsDC, NVApplyModeInfo, NVAutoStart, NVCheckDisplayStateDC, NVDebugEnumPersistentSettings, NVDebugEnumTemporalWindows, NVDebugHeapStatus, NVDesktopBrowser, NVDesktopSystray, NVDesktopToolbar, NVDetectDesktopManagers, NVDisplayFromWindow, NVGetAppAndClassFromHwnd, NVGetDirectory, NVGetDisplayInfoDC, NVGetDisplayMonitorInfo, NVGetGPUInformation, NVGetHwndSpanningRect, NVGetIEVersion, NVGetMonGridName, NVGetMonitorName, NVGetMonitorNameEx, NVGetNT4MultiViewInfo, NVGetNvidiaHDC, NVGetNviewRootKey, NVGetTotalDisplayDevices, NVGetVersionDisableValue, NVIsHookLoaded, NVIsTaskbarControlAvailable, NVIsValidTaskbarStretchMode, NVLoadDatabase, NVLoadHook, NVLoadHookAsync, NVLoadString, NVMessageBox, NVMessageBoxEx, NVMoveTaskbarToMonitor, NVMultiviewStatus, NVNotificationBox, NVOpenNViewRegKey, NVQueryDesktopContextMenu, NVQuickWindows, NVRegisterNotificationWindow, NVRemoteSessionWatchdog, NVResetToSingleMon, NVRotateSystrayInit, NVRunControlPanel, NVStartupExecute, NVStoreModeInfoInRegistry, NVTaskSwitcher, NVUnicode, NVUnregisterNotificationWindow, NVWaitForNViewLoad, NVWaitForNViewUnload, NVZoomSetting, NVZoomWindowRun, NVZoomWindowState, NViewGestureEnum, NViewGestureSetting, NViewGetDDIStatus, NViewGlobalSetting, NViewGridSetting, NViewLumaSetting, NViewPhysicsSetting, NViewShowMenu, NViewSysmenuSetting, NViewThrowSetting, NView_ConvertNVWDDIStructures, NView_ExtEscape, NView_GetDriverStructSize, NView_NVCSConvert, NView_NVWDDICheckRevLevel, NvGetTaskbarMenuItems, NvHandleOwnerDrawMessages, NvQueryMenuInit, NvTaskBarMenuCmd, PMCreate, PMCreateEx, PMDelete, PMEnum, PMEnumEx, PMEnumSchemes, PMGetCurrentProfile, PMGetVer, PMLoad, PMLoadEx, PMLoadPresentation, PMLoadScheme, PMLock, PMSave, PMSaveEx, PMUpdateFlags, WMAssociate, WMClearSetting, WMEnumPersistantApps, WMExceptionSetting, WMGetActiveAppSetting, WMGetActiveSetting, WMGetSetting, WMGetSettingHWND, WMGetWindowCaps, WMSetSetting, WMSetSettingHWND, WMStoreSettings, nViewCmd, nViewDisableHook, nViewInitialize, nViewLoadHook, nViewLoadNoHook, nViewUnload<br>
ThreatExpert info: http://www.threatexpert.com/report.aspx ... 810eaa2e6e

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 -
AntiVir 7.9.0.5 2008.10.22 -
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 -
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 -
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 -
McAfee 5411 2008.10.22 -
Microsoft 1.4005 2008.10.22 -
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 -
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 -
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -

Information additionnelle
File size: 1474560 bytes
MD5...: 3a3d5ec2fb72f025dbfeb5810eaa2e6e
SHA1..: 64e55a2b465a1a06c0734da4adf8f159ae2ebad1
SHA256: ac2a321221db94c4ea2c2fdac9e71d07dc6004763c6ab60c68eeea8416a50b1c
SHA512: 2a167d19c6e7f6c998f5ac69662d1986d3cb36fe5931fe7bc543bb2cf3e78308<br>3c8638a313c9beaa8e7a137f58d93ed972720e969833a61fef59530b9ade84ea
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (75.0%)<br>Win32 Executable Generic (16.9%)<br>Generic Win/DOS Executable (3.9%)<br>DOS Executable Generic (3.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1009c37f<br>timedatestamp.....: 0x4626f8ea (Thu Apr 19 05:06:50 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xcb07e 0xcc000 5.78 b55fa8bc0a2949895dbce60c5ea63f3c<br>.rdata 0xcd000 0x149c0 0x15000 4.03 9096ea710243a71bf16ac5112b9d3d2a<br>.data 0xe2000 0xcd48 0x4000 1.69 a0526d93fe83836c6c2e1c60cda505d6<br>.idata 0xef000 0x3aa0 0x4000 4.74 b3c4c9d919fcc5bf4958d57974c5a6eb<br>.rsrc 0xf3000 0x7071c 0x71000 3.52 9d8ca700eb1e1b78d52deedea5a5acfa<br>.reloc 0x164000 0xc5ed 0xd000 6.21 608b57432887411ec9ab11682b24f953<br><br>( 12 imports ) <br>&gt; SHLWAPI.dll: SHDeleteKeyW<br>&gt; ADVAPI32.dll: RevertToSelf, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, AllocateAndInitializeSid, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegOpenKeyW, RegSetValueExA, RegQueryValueExA, RegEnumKeyW, RegFlushKey, RegEnumKeyExW, RegEnumValueW, RegisterEventSourceW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegDeleteValueW, RegCreateKeyW, RegSetKeySecurity, DeregisterEventSource, ReportEventW, ImpersonateSelf, OpenThreadToken, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck<br>&gt; USER32.dll: WinHelpW, GetSysColorBrush, RegisterClassExW, TrackPopupMenu, DestroyIcon, CreatePopupMenu, CheckMenuRadioItem, InsertMenuW, CheckMenuItem, GetSysColor, InsertMenuItemW, CharPrevW, IsWindowVisible, EqualRect, IsIconic, GetWindowPlacement, MapVirtualKeyW, LockSetForegroundWindow, SendInput, FindWindowExW, IntersectRect, GetAsyncKeyState, GetClassInfoW, GetWindowTextW, DrawIconEx, DrawTextExW, GetWindow, CopyRect, InvalidateRgn, GetClassLongW, GetCursor, SetClassLongW, ValidateRect, GetKeyState, ClipCursor, ReleaseCapture, SetCapture, InflateRect, ShowCursor, SendDlgItemMessageW, CheckDlgButton, SetDlgItemInt, GetWindowDC, GetDlgItemInt, FillRect, SetForegroundWindow, MapWindowPoints, IsDialogMessageW, IsRectEmpty, InSendMessage, RegisterHotKey, UnregisterHotKey, PeekMessageW, SetCursor, PostThreadMessageW, FindWindowW, EnumWindows, GetForegroundWindow, MessageBoxW, WaitForInputIdle, RegisterWindowMessageW, BroadcastSystemMessageW, InvalidateRect, IsZoomed, GetWindowModuleFileNameW, IsWindow, SendMessageTimeoutW, GetWindowThreadProcessId, IsDlgButtonChecked, DestroyWindow, PostQuitMessage, CharLowerW, LoadCursorW, UnregisterClassW, RegisterClassW, CreateWindowExW, GetMessageW, TranslateMessage, DispatchMessageW, DefWindowProcW, LoadIconW, DialogBoxParamW, LoadImageW, GetDC, SystemParametersInfoW, DrawTextW, ReleaseDC, GetParent, GetWindowRect, GetCursorPos, EnumDisplaySettingsW, GetDlgItemTextW, SetWindowPos, SetWindowTextW, MoveWindow, ShowWindow, SetFocus, SendMessageW, LoadStringW, wsprintfW, SetDlgItemTextW, SetTimer, GetWindowLongW, SetWindowLongW, BeginPaint, GetClientRect, EndPaint, ExitWindowsEx, GetClassNameW, UpdateWindow, CharNextW, RealGetWindowClassW, GetAncestor, GetDesktopWindow, GetActiveWindow, CascadeWindows, WindowFromPoint, GetMouseMovePointsEx, CreateDialogParamW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, CharUpperW, wvsprintfW, ChangeDisplaySettingsW, ClientToScreen, EnumChildWindows, ScreenToClient, ShowWindowAsync, SetSystemCursor, CopyIcon, SetWindowPlacement, UnionRect, DeleteMenu, IsMenu, GetGUIThreadInfo, FrameRect, SetCursorPos, GetSystemMenu, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, EnumThreadWindows, BringWindowToTop, SetActiveWindow, AttachThreadInput, GetTopWindow, AllowSetForegroundWindow, DrawEdge, GetMenuStringW, GetMenuItemInfoW, GetMenuItemCount, EnableMenuItem, DestroyMenu, RemoveMenu, CloseClipboard, SetClipboardData, RegisterClipboardFormatW, OpenClipboard, GetMenuItemID, GetMenuState, TrackPopupMenuEx, GetMenuItemRect, DestroyCursor, LoadBitmapW, GetWindowInfo, AdjustWindowRect, EmptyClipboard, SubtractRect, GetIconInfo, GetCursorInfo, IsWindowEnabled, RealChildWindowFromPoint, GetUpdateRect, DrawMenuBar, SetMenuItemInfoW, GetSubMenu, GetMenu, SetMenu, LoadMenuW, SetRectEmpty, DrawFocusRect, GetDialogBaseUnits, OffsetRect, EndMenu, SetWindowLongA, GetWindowLongA, IsWindowUnicode, CallWindowProcW, DrawStateW, EndDialog, PtInRect, GetDlgCtrlID, RedrawWindow, KillTimer, GetDlgItem, EnableWindow, PostMessageW, AppendMenuW, GetSystemMetrics<br>&gt; GDI32.dll: ExtEscape, GetTextMetricsW, SetMapMode, MaskBlt, GetStretchBltMode, ExtFloodFill, RectInRegion, GetDIBits, SetBkColor, ExtTextOutW, GetDeviceCaps, CreateRectRgnIndirect, CreateDIBSection, FillPath, LineDDA, Arc, PtInRegion, CreateCompatibleBitmap, SetPixel, CreatePatternBrush, SetStretchBltMode, SetBrushOrgEx, StretchBlt, SetTextColor, TextOutW, GetTextExtentPoint32W, GetRgnBox, CreateDCW, CreateSolidBrush, BeginPath, EndPath, StrokeAndFillPath, PathToRegion, GetPixel, CreatePen, MoveToEx, LineTo, CreateRectRgn, OffsetRgn, CreateFontIndirectW, SelectObject, DeleteObject, CreateCompatibleDC, GetObjectW, BitBlt, DeleteDC, SetBkMode, GetStockObject, CreateBitmap<br>&gt; SHELL32.dll: SHCreateDirectoryExW, SHGetFolderPathW, ExtractIconExW, SHGetSpecialFolderLocation, ShellExecuteW, ExtractIconW, SHGetDesktopFolder, SHAppBarMessage, SHChangeNotify, Shell_NotifyIconW, SHGetMalloc<br>&gt; PSAPI.DLL: GetModuleBaseNameW, EnumProcessModules, EnumProcesses, GetModuleFileNameExW<br>&gt; ole32.dll: CoUninitialize, CreateStreamOnHGlobal, CoCreateInstance, CoInitialize<br>&gt; OLEAUT32.dll: -, -, -<br>&gt; COMCTL32.dll: PropertySheetW<br>&gt; WINMM.dll: PlaySoundW<br>&gt; KERNEL32.dll: ExitProcess, GetModuleHandleA, SetLastError, IsBadWritePtr, HeapReAlloc, VirtualAlloc, FatalAppExitA, VirtualFree, HeapCreate, SetHandleCount, GetVersionExA, GetCommandLineA, RtlUnwind, CopyFileW, MoveFileExW, FreeResource, GlobalGetAtomNameW, EnterCriticalSection, LeaveCriticalSection, GetSystemPowerStatus, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, SetThreadExecutionState, RequestWakeupLatency, GlobalDeleteAtom, GlobalAddAtomW, InterlockedExchange, OpenSemaphoreW, GetFileAttributesW, GetSystemWindowsDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetLocalTime, Beep, GetWindowsDirectoryW, FindNextFileW, GetFileSize, CreateFileW, WriteFile, SetFilePointer, ReadFile, SetFileAttributesW, lstrcmpiW, CreateDirectoryW, MulDiv, FindFirstFileW, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, VirtualProtect, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, LoadLibraryA, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, SetStdHandle, GetTimeZoneInformation, HeapSize, FlushFileBuffers, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, OutputDebugStringW, FindClose, GetUserDefaultLangID, OpenEventW, DeleteFileW, ResetEvent, SetEvent, ProcessIdToSessionId, TerminateThread, GlobalFindAtomW, OpenThread, GetTickCount, GetSystemDirectoryW, GetExitCodeProcess, TerminateProcess, InterlockedIncrement, CreateMutexW, CreateEventW, HeapDestroy, HeapAlloc, GetCommandLineW, lstrcatW, CreateFileMappingW, LocalAlloc, LocalFree, CloseHandle, MapViewOfFileEx, GetLastError, GetSystemInfo, UnmapViewOfFile, GetCurrentProcessId, FreeLibrary, LoadLibraryW, lstrcpynW, GetCurrentThreadId, ExitThread, lstrcpyW, lstrlenW, CreateThread, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, lstrcmpW, GetEnvironmentVariableW, CreateProcessW, GetVersionExW, GetCurrentProcess, Sleep, OpenProcess, WaitForSingleObject, DeleteCriticalSection, TlsFree, HeapFree, TlsGetValue, InterlockedDecrement, ReleaseMutex, SetThreadPriority, GetThreadPriority, GetCurrentThread, TlsSetValue, InterlockedExchangeAdd, GetProcessHeap, TlsAlloc, InitializeCriticalSection<br>&gt; VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW<br><br>( 142 exports ) <br>DMAddDesktop, DMAssociate, DMEnumDesktopApplications, DMEnumDesktops, DMGetCurrentDesktop, DMGetCurrentMonitorDesktop, DMGetDefaultDesktop, DMGetSetting, DMRemoveDesktop, DMSetCurrentDesktop, DMSetCurrentMonitorDesktop, DMSetDefaultDesktop, DMSetSetting, DMStoreSettings, DMUpdateDesktopScreenshot, EnumNviewWindows, GetNViewCAPS, HKAdd, HKEnable, HKEnumActions, HKEnumCommands, HKEnumRotateKeys, HKExecute, HKExecuteAction, HKGetActionParamFlags, HKGetActionProperties, HKGetActionPropertiesEx, HKGetProperty, HKRemove, HKSetProperty, HKStore, KSSetting, NVApplyDisplaySettingsDC, NVApplyModeInfo, NVAutoStart, NVCheckDisplayStateDC, NVDebugEnumPersistentSettings, NVDebugEnumTemporalWindows, NVDebugHeapStatus, NVDesktopBrowser, NVDesktopSystray, NVDesktopToolbar, NVDetectDesktopManagers, NVDisplayFromWindow, NVGetAppAndClassFromHwnd, NVGetDirectory, NVGetDisplayInfoDC, NVGetDisplayMonitorInfo, NVGetGPUInformation, NVGetHwndSpanningRect, NVGetIEVersion, NVGetMonGridName, NVGetMonitorName, NVGetMonitorNameEx, NVGetNT4MultiViewInfo, NVGetNvidiaHDC, NVGetNviewRootKey, NVGetTotalDisplayDevices, NVGetVersionDisableValue, NVIsHookLoaded, NVIsTaskbarControlAvailable, NVIsValidTaskbarStretchMode, NVLoadDatabase, NVLoadHook, NVLoadHookAsync, NVLoadString, NVMessageBox, NVMessageBoxEx, NVMoveTaskbarToMonitor, NVMultiviewStatus, NVNotificationBox, NVOpenNViewRegKey, NVQueryDesktopContextMenu, NVQuickWindows, NVRegisterNotificationWindow, NVRemoteSessionWatchdog, NVResetToSingleMon, NVRotateSystrayInit, NVRunControlPanel, NVStartupExecute, NVStoreModeInfoInRegistry, NVTaskSwitcher, NVUnicode, NVUnregisterNotificationWindow, NVWaitForNViewLoad, NVWaitForNViewUnload, NVZoomSetting, NVZoomWindowRun, NVZoomWindowState, NViewGestureEnum, NViewGestureSetting, NViewGetDDIStatus, NViewGlobalSetting, NViewGridSetting, NViewLumaSetting, NViewPhysicsSetting, NViewShowMenu, NViewSysmenuSetting, NViewThrowSetting, NView_ConvertNVWDDIStructures, NView_ExtEscape, NView_GetDriverStructSize, NView_NVCSConvert, NView_NVWDDICheckRevLevel, NvGetTaskbarMenuItems, NvHandleOwnerDrawMessages, NvQueryMenuInit, NvTaskBarMenuCmd, PMCreate, PMCreateEx, PMDelete, PMEnum, PMEnumEx, PMEnumSchemes, PMGetCurrentProfile, PMGetVer, PMLoad, PMLoadEx, PMLoadPresentation, PMLoadScheme, PMLock, PMSave, PMSaveEx, PMUpdateFlags, WMAssociate, WMClearSetting, WMEnumPersistantApps, WMExceptionSetting, WMGetActiveAppSetting, WMGetActiveSetting, WMGetSetting, WMGetSettingHWND, WMGetWindowCaps, WMSetSetting, WMSetSettingHWND, WMStoreSettings, nViewCmd, nViewDisableHook, nViewInitialize, nViewLoadHook, nViewLoadNoHook, nViewUnload<br>
ThreatExpert info: http://www.threatexpert.com/report.aspx ... 810eaa2e6e

Fichier kgtokaig.dll reçu le 2008.10.22 22:22:25 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 -
AntiVir 7.9.0.5 2008.10.22 -
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 -
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 Suspicious File
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 -
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 -
McAfee 5411 2008.10.22 -
Microsoft 1.4005 2008.10.22 Trojan:Win32/Vundo.gen!Y
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 Cloaked Malware
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 -
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -
Information additionnelle
File size: 73216 bytes
MD5...: a7e1a24804e92487ed23a92f80a4eda6
SHA1..: c16afb6845ac0fb54974b8d470380a6d3e0020b6
SHA256: 945772109b13a9b3ead31f9ae7ae6897e49853bbea223473c735aa0951bbf0dd
SHA512: 46c4a80bf1286edfa5e17045ccc7feea3f91fbe0f06e2089edee961b2997674f<br>8b0884848dd158072424feb4bee5c0689e688957b0b6a8c94c8d7d1d5d8fc887
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100017b5<br>timedatestamp.....: 0x48fc9e22 (Mon Oct 20 15:05:06 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x26441 0x1600 6.38 991d2ef557ce3b60dc954de953abc2c6<br>.data 0x28000 0xf624 0xf000 7.92 bb6870e9f03b1f53bd90bff38d2a2808<br>.fdata 0x38000 0xab 0x200 1.99 6eea35deacc5b099b7ca3c4d7ac5f770<br>.rdata 0x39000 0x3fc8 0x800 0.00 c99a74c555371a433d121f551d6c6398<br>.rsrc 0x3d000 0x324 0x400 2.98 7adfa266f801865020f681668e266aa1<br>.reloc 0x3e000 0x440 0x600 3.81 f3384aff565e8e61b213e61582faeae9<br><br>( 7 imports ) <br>&gt; kernel32.dll: BeginUpdateResourceW, BuildCommDCBA, CreateMailslotW, EnterCriticalSection, ExitProcess, FatalAppExitA, FindResourceExA, FreeEnvironmentStringsA, GetBinaryTypeA, GetCommMask, GetCommState, GetConsoleAliasesW, GetConsoleScreenBufferInfo, GetDriveTypeW, GetFileAttributesA, GetFileSize, GetHandleInformation, GetModuleFileNameA, GetStartupInfoA, GetVersionExA, LocalHandle, MoveFileExA, ReleaseMutex, ResumeThread, SetCommMask, SetConsoleCursorInfo, SetErrorMode, Sleep, TlsAlloc, VirtualAllocEx, VirtualProtect, VirtualProtectEx, WaitForMultipleObjectsEx, WriteProfileStringA, lstrcmpA, lstrcmpiA, lstrcpyA<br>&gt; user32.dll: CreateCursor, CreateDialogIndirectParamA, DlgDirSelectExW, DrawFocusRect, EditWndProc, GetClassWord, GetMenuCheckMarkDimensions, GetMenuState, IMPSetIMEW, LoadIconW, LoadMenuIndirectW, LookupIconIdFromDirectoryEx, ModifyMenuA, PeekMessageA, PostMessageW, RegisterWindowMessageW, RemoveMenu, RemovePropA, SendNotifyMessageA, SetCaretBlinkTime, SetUserObjectSecurity, SetWindowPos, ShowOwnedPopups, TranslateAcceleratorA, UnionRect, ValidateRgn, WaitForInputIdle<br>&gt; gdi32.dll: CreatePalette, EndDoc, GdiComment, GdiFlush, GdiPlayScript, GetClipBox, GetClipRgn, GetDIBColorTable, GetFontData, GetGlyphOutlineA, GetPath, GetPixel, GetPixelFormat, GetTextFaceA, GetTextFaceW, Rectangle, SetICMMode, SetRectRgn<br>&gt; comdlg32.dll: GetFileTitleW<br>&gt; comctl32.dll: FlatSB_GetScrollRange, ImageList_AddMasked, ImageList_Draw, ImageList_LoadImageW<br>&gt; advapi32.dll: AddAuditAccessAce, BuildImpersonateExplicitAccessWithNameW, BuildTrusteeWithNameA, CopySid, CryptVerifySignatureA, DestroyPrivateObjectSecurity, ElfCloseEventLog, EncryptFileA, FreeSid, GetAuditedPermissionsFromAclA, GetFileSecurityW, GetMultipleTrusteeW, GetTrusteeTypeW, LookupAccountSidW, LsaAddPrivilegesToAccount, LsaCreateSecret, LsaRemovePrivilegesFromAccount, ObjectPrivilegeAuditAlarmW, RegQueryValueExW, RegSetValueExW, SetFileSecurityW, StartServiceA<br>&gt; msvcrt.dll: _dstbias, _wenviron, _winminor, _winver, _wrename, _wspawnle, fputws, memcmp, modf, perror, strncpy, strtol, tmpnam<br><br>( 5 exports ) <br>Bqjysg, GbbozftDvv, HewhgteokFytvqrxlV, SmPrgYxvPvtD, VrhmfxzgJglbgeoDwt<br>
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0074F5036C

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 -
AntiVir 7.9.0.5 2008.10.22 -
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 -
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 Suspicious File
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 -
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 -
McAfee 5411 2008.10.22 -
Microsoft 1.4005 2008.10.22 Trojan:Win32/Vundo.gen!Y
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 Cloaked Malware
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 -
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -

Information additionnelle
File size: 73216 bytes
MD5...: a7e1a24804e92487ed23a92f80a4eda6
SHA1..: c16afb6845ac0fb54974b8d470380a6d3e0020b6
SHA256: 945772109b13a9b3ead31f9ae7ae6897e49853bbea223473c735aa0951bbf0dd
SHA512: 46c4a80bf1286edfa5e17045ccc7feea3f91fbe0f06e2089edee961b2997674f<br>8b0884848dd158072424feb4bee5c0689e688957b0b6a8c94c8d7d1d5d8fc887
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100017b5<br>timedatestamp.....: 0x48fc9e22 (Mon Oct 20 15:05:06 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x26441 0x1600 6.38 991d2ef557ce3b60dc954de953abc2c6<br>.data 0x28000 0xf624 0xf000 7.92 bb6870e9f03b1f53bd90bff38d2a2808<br>.fdata 0x38000 0xab 0x200 1.99 6eea35deacc5b099b7ca3c4d7ac5f770<br>.rdata 0x39000 0x3fc8 0x800 0.00 c99a74c555371a433d121f551d6c6398<br>.rsrc 0x3d000 0x324 0x400 2.98 7adfa266f801865020f681668e266aa1<br>.reloc 0x3e000 0x440 0x600 3.81 f3384aff565e8e61b213e61582faeae9<br><br>( 7 imports ) <br>&gt; kernel32.dll: BeginUpdateResourceW, BuildCommDCBA, CreateMailslotW, EnterCriticalSection, ExitProcess, FatalAppExitA, FindResourceExA, FreeEnvironmentStringsA, GetBinaryTypeA, GetCommMask, GetCommState, GetConsoleAliasesW, GetConsoleScreenBufferInfo, GetDriveTypeW, GetFileAttributesA, GetFileSize, GetHandleInformation, GetModuleFileNameA, GetStartupInfoA, GetVersionExA, LocalHandle, MoveFileExA, ReleaseMutex, ResumeThread, SetCommMask, SetConsoleCursorInfo, SetErrorMode, Sleep, TlsAlloc, VirtualAllocEx, VirtualProtect, VirtualProtectEx, WaitForMultipleObjectsEx, WriteProfileStringA, lstrcmpA, lstrcmpiA, lstrcpyA<br>&gt; user32.dll: CreateCursor, CreateDialogIndirectParamA, DlgDirSelectExW, DrawFocusRect, EditWndProc, GetClassWord, GetMenuCheckMarkDimensions, GetMenuState, IMPSetIMEW, LoadIconW, LoadMenuIndirectW, LookupIconIdFromDirectoryEx, ModifyMenuA, PeekMessageA, PostMessageW, RegisterWindowMessageW, RemoveMenu, RemovePropA, SendNotifyMessageA, SetCaretBlinkTime, SetUserObjectSecurity, SetWindowPos, ShowOwnedPopups, TranslateAcceleratorA, UnionRect, ValidateRgn, WaitForInputIdle<br>&gt; gdi32.dll: CreatePalette, EndDoc, GdiComment, GdiFlush, GdiPlayScript, GetClipBox, GetClipRgn, GetDIBColorTable, GetFontData, GetGlyphOutlineA, GetPath, GetPixel, GetPixelFormat, GetTextFaceA, GetTextFaceW, Rectangle, SetICMMode, SetRectRgn<br>&gt; comdlg32.dll: GetFileTitleW<br>&gt; comctl32.dll: FlatSB_GetScrollRange, ImageList_AddMasked, ImageList_Draw, ImageList_LoadImageW<br>&gt; advapi32.dll: AddAuditAccessAce, BuildImpersonateExplicitAccessWithNameW, BuildTrusteeWithNameA, CopySid, CryptVerifySignatureA, DestroyPrivateObjectSecurity, ElfCloseEventLog, EncryptFileA, FreeSid, GetAuditedPermissionsFromAclA, GetFileSecurityW, GetMultipleTrusteeW, GetTrusteeTypeW, LookupAccountSidW, LsaAddPrivilegesToAccount, LsaCreateSecret, LsaRemovePrivilegesFromAccount, ObjectPrivilegeAuditAlarmW, RegQueryValueExW, RegSetValueExW, SetFileSecurityW, StartServiceA<br>&gt; msvcrt.dll: _dstbias, _wenviron, _winminor, _winver, _wrename, _wspawnle, fputws, memcmp, modf, perror, strncpy, strtol, tmpnam<br><br>( 5 exports ) <br>Bqjysg, GbbozftDvv, HewhgteokFytvqrxlV, SmPrgYxvPvtD, VrhmfxzgJglbgeoDwt<br>
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0074F5036C

Fichier cbXPfGww.dll reçu le 2008.10.22 22:24:34 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 Win-Trojan/Xema.variant
AntiVir 7.9.0.5 2008.10.22 TR/Monder.uyw
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 Generic11.BGAN
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 Trojan.Win32.Monder.uyw
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 Trojan.Win32.Monder.uyw
McAfee 5411 2008.10.22 Vundo.gen.m
Microsoft 1.4005 2008.10.22 Trojan:Win32/Vundo.AY
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 Fraudulent Security Program
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 Trojan.Monder.uyw
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -
Information additionnelle
File size: 261632 bytes
MD5...: bdcd1d1213c2655626a0ee37b0cd58e0
SHA1..: c29503d1cb07cf7172f0f019d82061e0385c46de
SHA256: 6d8e7556441fa27667882d636403bb450cc281105818a0b5282b9e001c15c504
SHA512: d9a030e1f2834878b626b095031037892e4511200ca4f3ce2a99b96de72f4597<br>b6258d5021849d1a8f33737681b6b75d387804b42712017d0134c81267c8863c
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001745<br>timedatestamp.....: 0x48f77a19 (Thu Oct 16 17:30:01 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xa5296 0x1400 6.48 dd608f5d954337e89c29da9d5eea6d78<br>.data 0xa7000 0x3f021 0x3dc00 7.99 bf0245f7d7dc487ffc8128f28eea5318<br>.rdata 0xe7000 0xa1 0x200 1.87 c491fe0cd86c6b715728f12002fa3888<br>.rsrc 0xe8000 0x33c 0x400 3.04 21b6a6f9a7aaa7d383383303bdbcab82<br>.reloc 0xe9000 0x3f4 0x400 6.88 0e32d087972849e64f418ad1ad3920df<br><br>( 5 imports ) <br>&gt; kernel32.dll: CloseHandle, ExitProcess, FindFirstFileExW, FreeEnvironmentStringsW, GetCPInfoExW, GetCommMask, GetCommState, GetDefaultCommConfigW, GetFileSize, GetLargestConsoleWindowSize, GetModuleFileNameA, GetNextVDMCommand, GetPrivateProfileStructW, GetStringTypeW, GetSystemInfo, GetVDMCurrentDirectories, GetWindowsDirectoryA, GlobalLock, GlobalSize, GlobalUnfix, Heap32Next, HeapCompact, LCMapStringW, LocalFlags, MoveFileA, MultiByteToWideChar, OpenSemaphoreA, QueryPerformanceFrequency, ReadConsoleOutputCharacterA, RegisterConsoleVDM, ScrollConsoleScreenBufferA, SetConsoleInputExeNameA, Sleep, SwitchToFiber, UnhandledExceptionFilter, VirtualFree, VirtualProtect, WriteConsoleInputW, WriteConsoleOutputCharacterA, WritePrivateProfileStringA, _lopen, lstrcmpA, lstrcmpiA<br>&gt; user32.dll: ActivateKeyboardLayout, AdjustWindowRect, BroadcastSystemMessageW, CharLowerBuffA, CheckDlgButton, CreateAcceleratorTableW, CreateDesktopA, CreateDialogIndirectParamW, EnumWindowStationsW, GetClassWord, GetComboBoxInfo, GetMenuState, GetNextDlgTabItem, GetShellWindow, IsCharAlphaNumericW, LoadAcceleratorsW, OemToCharBuffA, OpenIcon, SetMenuItemInfoW, SetSystemCursor, ShowScrollBar, ToUnicodeEx, TrackPopupMenu, WinHelpW<br>&gt; gdi32.dll: CreateSolidBrush, EndPath, GdiComment, GdiGetBatchLimit, GetClipBox, GetClipRgn, GetMetaRgn, GetPixel, GetPixelFormat, GetRgnBox, GetTextCharsetInfo, GetTextFaceA, GetTextFaceW, PolylineTo, SaveDC, SelectObject, SetBitmapDimensionEx, SetPixelFormat, SetStretchBltMode, SetTextJustification<br>&gt; comdlg32.dll: GetOpenFileNameW, PrintDlgW<br>&gt; msvcrt.dll: _callnewh, _chdir, _copysign, _execvpe, _flsbuf, _getdcwd, _getsystime, _heapused, _spawnve, _strdate, _unlink, _wexecle, fopen, putwc, strspn, swprintf<br><br>( 5 exports ) <br>AjwjjpyfhfioB, EhLfraw, EthdroxRg, Fbmdmv, KjNhJksJaRpyIZ<br>
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0081B77A03

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.22.0 2008.10.22 Win-Trojan/Xema.variant
AntiVir 7.9.0.5 2008.10.22 TR/Monder.uyw
Authentium 5.1.0.4 2008.10.22 -
Avast 4.8.1248.0 2008.10.22 -
AVG 8.0.0.161 2008.10.22 Generic11.BGAN
BitDefender 7.2 2008.10.22 -
CAT-QuickHeal 9.50 2008.10.22 -
ClamAV 0.93.1 2008.10.22 -
DrWeb 4.44.0.09170 2008.10.22 -
eSafe 7.0.17.0 2008.10.22 -
eTrust-Vet 31.6.6164 2008.10.22 -

Ewido 4.0 2008.10.22 -
F-Prot 4.4.4.56 2008.10.22 -
F-Secure 8.0.14332.0 2008.10.22 Trojan.Win32.Monder.uyw
Fortinet 3.113.0.0 2008.10.22 -
GData 19 2008.10.22 -
Ikarus T3.1.1.44.0 2008.10.22 -
K7AntiVirus 7.10.503 2008.10.22 -
Kaspersky 7.0.0.125 2008.10.22 Trojan.Win32.Monder.uyw
McAfee 5411 2008.10.22 Vundo.gen.m
Microsoft 1.4005 2008.10.22 Trojan:Win32/Vundo.AY
NOD32 3546 2008.10.22 -
Norman 5.80.02 2008.10.22 -
Panda 9.0.0.4 2008.10.22 -
PCTools 4.4.2.0 2008.10.22 -
Prevx1 V2 2008.10.22 Fraudulent Security Program
Rising 20.67.22.00 2008.10.22 -
SecureWeb-Gateway 6.7.6 2008.10.22 Trojan.Monder.uyw
Sophos 4.34.0 2008.10.22 -
Sunbelt 3.1.1745.1 2008.10.22 -
Symantec 10 2008.10.22 -
TheHacker 6.3.1.0.123 2008.10.22 -
TrendMicro 8.700.0.1004 2008.10.22 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.22.1432 2008.10.22 -
VirusBuster 4.5.11.0 2008.10.22 -

Information additionnelle
File size: 261632 bytes
MD5...: bdcd1d1213c2655626a0ee37b0cd58e0
SHA1..: c29503d1cb07cf7172f0f019d82061e0385c46de
SHA256: 6d8e7556441fa27667882d636403bb450cc281105818a0b5282b9e001c15c504
SHA512: d9a030e1f2834878b626b095031037892e4511200ca4f3ce2a99b96de72f4597<br>b6258d5021849d1a8f33737681b6b75d387804b42712017d0134c81267c8863c
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.2%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.6%)<br>DOS Executable Generic (13.6%)<br>VXD Driver (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001745<br>timedatestamp.....: 0x48f77a19 (Thu Oct 16 17:30:01 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xa5296 0x1400 6.48 dd608f5d954337e89c29da9d5eea6d78<br>.data 0xa7000 0x3f021 0x3dc00 7.99 bf0245f7d7dc487ffc8128f28eea5318<br>.rdata 0xe7000 0xa1 0x200 1.87 c491fe0cd86c6b715728f12002fa3888<br>.rsrc 0xe8000 0x33c 0x400 3.04 21b6a6f9a7aaa7d383383303bdbcab82<br>.reloc 0xe9000 0x3f4 0x400 6.88 0e32d087972849e64f418ad1ad3920df<br><br>( 5 imports ) <br>&gt; kernel32.dll: CloseHandle, ExitProcess, FindFirstFileExW, FreeEnvironmentStringsW, GetCPInfoExW, GetCommMask, GetCommState, GetDefaultCommConfigW, GetFileSize, GetLargestConsoleWindowSize, GetModuleFileNameA, GetNextVDMCommand, GetPrivateProfileStructW, GetStringTypeW, GetSystemInfo, GetVDMCurrentDirectories, GetWindowsDirectoryA, GlobalLock, GlobalSize, GlobalUnfix, Heap32Next, HeapCompact, LCMapStringW, LocalFlags, MoveFileA, MultiByteToWideChar, OpenSemaphoreA, QueryPerformanceFrequency, ReadConsoleOutputCharacterA, RegisterConsoleVDM, ScrollConsoleScreenBufferA, SetConsoleInputExeNameA, Sleep, SwitchToFiber, UnhandledExceptionFilter, VirtualFree, VirtualProtect, WriteConsoleInputW, WriteConsoleOutputCharacterA, WritePrivateProfileStringA, _lopen, lstrcmpA, lstrcmpiA<br>&gt; user32.dll: ActivateKeyboardLayout, AdjustWindowRect, BroadcastSystemMessageW, CharLowerBuffA, CheckDlgButton, CreateAcceleratorTableW, CreateDesktopA, CreateDialogIndirectParamW, EnumWindowStationsW, GetClassWord, GetComboBoxInfo, GetMenuState, GetNextDlgTabItem, GetShellWindow, IsCharAlphaNumericW, LoadAcceleratorsW, OemToCharBuffA, OpenIcon, SetMenuItemInfoW, SetSystemCursor, ShowScrollBar, ToUnicodeEx, TrackPopupMenu, WinHelpW<br>&gt; gdi32.dll: CreateSolidBrush, EndPath, GdiComment, GdiGetBatchLimit, GetClipBox, GetClipRgn, GetMetaRgn, GetPixel, GetPixelFormat, GetRgnBox, GetTextCharsetInfo, GetTextFaceA, GetTextFaceW, PolylineTo, SaveDC, SelectObject, SetBitmapDimensionEx, SetPixelFormat, SetStretchBltMode, SetTextJustification<br>&gt; comdlg32.dll: GetOpenFileNameW, PrintDlgW<br>&gt; msvcrt.dll: _callnewh, _chdir, _copysign, _execvpe, _flsbuf, _getdcwd, _getsystime, _heapused, _spawnve, _strdate, _unlink, _wexecle, fopen, putwc, strspn, swprintf<br><br>( 5 exports ) <br>AjwjjpyfhfioB, EhLfraw, EthdroxRg, Fbmdmv, KjNhJksJaRpyIZ<br>
Prevx info: http://info.prevx.com/aboutprogramtext. ... 0081B77A03

wwGfPXbc.ini et wwGfPXbc.ini2 sont introuvables...[/quote]

[r@in | b0w]

Possible que VirusTotal soit submergé, c'est souvent le cas en fin de soirée.

Retentes plus tard, les analyses sont précieuses pour la suite.

Et tu peux commencer SDFix