Bonjour,
Il y a maintenant quelques semaines, j'ai eu un Virus sur le PC de mon fils. J'ai passé un antivirus (je ne sais plus lequel), il a détecté et supprimer des fihciers (je ne sais plus lesquels) et depuis, Windowsupdate ne fonctionne plus (Windows XP SP2).
Pire, quand je lance windowsupdate de façon mauelle, je suis automatiquement redirigé sur le site www.msn.com...bizarre.
J'ai tout essayé les différentes solutions que j'ai trouvé sur le net... et je vfous soumets donc ce bug..
Merci d'avance.
Configuration: Windows XP
Internet Explorer 7.0
Rapport HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:19, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesMaxtorManagerAppOnetouch.exe
C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesPhilips ToUcam CameraVProperty.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSBBSTOREDSSDSSAGENT.EXE
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMaxtorMaxtor BackupMaxBackServiceInt.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMaxtorUtilsSyncServices.exe
C:WINDOWSsystem32slserv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1FICHIE~1MICROS~1MsinfoOFFPROV.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeSearchURLHookSearchPageURL.dll (file missing)
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [MaxtorOneTouch] C:Program FilesMaxtorManagerAppOnetouch.exe
O4 - HKLM..Run: [mxomssmenu] "C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [ToUcamVProperty] C:Program FilesPhilips ToUcam CameraVProperty.exe
O4 - HKLM..Run: [C:WINDOWSsystem32kddso.exe] C:WINDOWSsystem32kddso.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [DSS] C:WINDOWSBBSTOREDSSDSSAGENT.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobt ... module.exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:Program FilesMaxtorMaxtor BackupMaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:Program FilesMaxtorUtilsSyncServices.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:WINDOWSSYSTEM32slserv.exe
Il y a actuellement 407 visiteurs
Mardi 05 Novembre 2024
       |
Pb windows update XP SP2
3 messages
• Page 1 sur 1
le 23 Nov 2008 21:53
Bonjour.
_ Via HiJackThis, tu supprimes les lignes:
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
_ Tu vas sur http://www.virustotal.com/fr/ puis tu cliques sur Parcourir.
Tu sélectionnes le fichier C:WINDOWSBBSTOREDSSDSSAGENT.EXE et tu cliques sur Ouvrir.
Tu cliques ensuite sur Envoyer le fichier.
A la fin de l'analyse, tu cliques sur Formaté en haut à gauche puis, dans la nouvelle fenêtre, tu cliques sur le bouton
pour faire apparaître le rapport dans la fenêtre en question.
Tu sélectionnes ce rapport puis fais un copier-coller et tu le colles dans ton prochain message.
Tu refais la même manipulation avec le fichier C:Program FilesPeer2Peer-EN bPeer.dll & C:WINDOWSsystem32kddso.exe.
_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.
Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.
Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.
_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.
_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.
Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.
_ Via HiJackThis, tu supprimes les lignes:
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
_ Tu vas sur http://www.virustotal.com/fr/ puis tu cliques sur Parcourir.
Tu sélectionnes le fichier C:WINDOWSBBSTOREDSSDSSAGENT.EXE et tu cliques sur Ouvrir.
Tu cliques ensuite sur Envoyer le fichier.
A la fin de l'analyse, tu cliques sur Formaté en haut à gauche puis, dans la nouvelle fenêtre, tu cliques sur le bouton
pour faire apparaître le rapport dans la fenêtre en question.
Tu sélectionnes ce rapport puis fais un copier-coller et tu le colles dans ton prochain message.
Tu refais la même manipulation avec le fichier C:Program FilesPeer2Peer-EN bPeer.dll & C:WINDOWSsystem32kddso.exe.
_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.
Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.
Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.
_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.
_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.
Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.
-
r@in | b0w - PC-Infopraticien
- Messages: 7714
- Inscription: 09 Déc 2007 12:37
- Localisation: Parrot Sec
Analyse des fichiers
le 29 Nov 2008 10:11
voilà les analyse des fichiers par Virustotal :
DSSAGENT.EXE
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 BACKDOOR.Trojan
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 PossibleThreat
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 Spyware.Win32.BrodcastDSSAGENT
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 Spyware:Win32/BrodcastDSSAGENT
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 Generic Malware
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 590336 bytes
MD5...: b6e6d9e77b32ed3cccdf6d1bf707f32b
SHA1..: 5ef2dd601a5c66388f91f20a760aeb7e95c2cdf2
SHA256: 6f12cf1b9d4eb53e88d4678e9ef305e0088fd354c5cd5e9017ada31b4e4e608a
SHA512: c5a1e5db829b9cbf97d5148ec6545f2d6ae7cc108f9eff20fd217fae9138f015<BR>b53c22e9fc3cb15278a5dd3b40502c79649322000652919d43cc3d9ac9dc0d54<BR>
ssdeep: 12288:jM9MUYDRGpkvP50mOPDM3IIwvw3Yq0MXT7EJ902lb:OMU3uZALM3bw4Yq1<BR>AHX<BR>
PEiD..: InstallShield 2000
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46b3a0<BR>timedatestamp.....: 0x3803c734 (Tue Oct 12 23:41:40 1999)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7a69a 0x7a800 6.55 283f190747f28e6985e0f77174c653bb<BR>.rdata 0x7c000 0xb4da 0xb600 6.00 b0cca816f2960b1f0be6ad7bc13e4455<BR>.data 0x88000 0xfe90 0x9c00 4.43 b8fc3642852e015663cf5388732c2f65<BR>.rsrc 0x98000 0x3d0 0x400 3.17 5f58f1b546fd55f6da6d2ca5a9895bed<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: GetWindowsDirectoryA, GetModuleFileNameA, SetCurrentDirectoryA, GetTickCount, GetCurrentDirectoryA, GetLastError, CreateProcessA, GetTempFileNameA, GetProcAddress, OpenMutexA, Sleep, FreeLibrary, GetDiskFreeSpaceA, CreateEventA, SetEvent, ResumeThread, GetExitCodeThread, CreateDirectoryA, GetCurrentThreadId, OutputDebugStringA, CreateMutexA, WaitForSingleObject, WriteFile, GetFileSize, DeleteFileA, SetFilePointer, ReadFile, CloseHandle, LoadLibraryA, SetErrorMode, GetFileAttributesA, SetLastError, TlsGetValue, FileTimeToLocalFileTime, FileTimeToSystemTime, RemoveDirectoryA, InterlockedIncrement, GetLocaleInfoW, SetEnvironmentVariableA, CompareStringW, GetFullPathNameA, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeA, VirtualLock, GetVersionExA, VirtualUnlock, GetSystemTime, QueryPerformanceCounter, FindFirstFileA, FindNextFileA, FindClose, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, InitializeCriticalSection, GetCurrentProcessId, GetModuleHandleA, TerminateThread, DeleteCriticalSection, GetPrivateProfileIntA, GetSystemDirectoryA, WinExec, RtlUnwind, CreateFileA, GetTimeZoneInformation, GetLocalTime, CreateThread, TlsSetValue, ExitThread, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, InterlockedDecrement, HeapAlloc, HeapReAlloc, HeapFree, MoveFileA, SetEndOfFile, GetFileType, TlsAlloc, HeapDestroy, CompareStringA, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, FlushFileBuffers, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, SetStdHandle, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, GetLocaleInfoA<BR>> USER32.dll: PostMessageA, TranslateMessage, DefWindowProcA, PostQuitMessage, DispatchMessageA, LoadCursorA, DestroyWindow, IsWindow, FindWindowA, PeekMessageA, SetWindowLongA, SendMessageA, wsprintfA, GetMessageA, CreateWindowExA, RegisterClassA, PostThreadMessageA<BR>> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyA, RegDeleteValueA, RegEnumKeyExA, RegDeleteKeyA, RegQueryInfoKeyA<BR>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
tbPeer.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 1784856 bytes
MD5...: aac20ff867f631f4cc5b02cc62e0e15f
SHA1..: 7a1c98e96785784f336b9c3716086c26bbd6f461
SHA256: 5af0e776fb1f4e91a29f0b8eaffc7eca26c83e811e2e28a93e8526c8ee90d6df
SHA512: 49d5d97f46bc22be9298fe51c20a90f560ac804dc757e878f0c2e55ccf0c48e3<BR>587ab79cbc12c34cca65f5ec557eb2f7dbec4ea833bdb07cd0ecaf8eacabc0ca<BR>
ssdeep: 24576:NzsJeUiOskE2Yxi6oeJ38iuZb1K/AqPEGtJkfQNcoOqcNPDY8VWRWciGYz<BR>VQ6fs:NK3b1K/pPE8kmTyN/WRnipzVQ4s<BR>
PEiD..: -
TrID..: File type identification<BR>Windows OCX File (71.0%)<BR>Win32 Executable MS Visual C++ (generic) (21.6%)<BR>Win32 Executable Generic (4.9%)<BR>Generic Win/DOS Executable (1.1%)<BR>DOS Executable Generic (1.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100d0d27<BR>timedatestamp.....: 0x48cddae2 (Mon Sep 15 03:47:46 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfea58 0xfec00 6.55 66140bee4b1c342be7721463a297bd72<BR>.rdata 0x100000 0x513bf 0x51400 4.52 845a1f5fa5a367da5d1f4f23862ebe75<BR>.data 0x152000 0x5f40 0x4000 4.75 fc9f27b3bd011562bc8319e46d5fbcea<BR>.rsrc 0x158000 0x49ef0 0x4a000 5.34 4d73cbf2d46eebb4dba34b02e2f64857<BR>.reloc 0x1a2000 0x14b3a 0x14c00 5.94 2d81059c82469744da070bffee4673cb<BR><BR>( 18 imports ) <BR>> COMCTL32.dll: InitCommonControlsEx, ImageList_ReplaceIcon, CreatePropertySheetPageW, _TrackMouseEvent, PropertySheetW, CreateToolbarEx, ImageList_Create<BR>> WININET.dll: FindCloseUrlCache, FindFirstUrlCacheEntryA, GetUrlCacheEntryInfoW, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, InternetCloseHandle, InternetSetOptionA, InternetSetCookieW, HttpQueryInfoA, InternetCrackUrlW, InternetCrackUrlA, InternetSetOptionExA, InternetOpenA, HttpSendRequestA, InternetGetLastResponseInfoA, InternetReadFile, InternetCanonicalizeUrlA, InternetGetConnectedState, InternetOpenUrlW, InternetOpenW, InternetSetOptionW, InternetCanonicalizeUrlW, HttpOpenRequestA, InternetQueryOptionA, InternetConnectA<BR>> SHLWAPI.dll: PathFileExistsW<BR>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW<BR>> MSIMG32.dll: GradientFill<BR>> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<BR>> CRYPT32.dll: CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CryptMsgClose, CryptUnprotectData, CryptProtectData, CertCloseStore, CertFreeCertificateContext, CryptQueryObject<BR>> WINMM.dll: timeGetTime, PlaySoundA, sndPlaySoundW, PlaySoundW<BR>> KERNEL32.dll: lstrcpyA, GetTickCount, CopyFileW, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCurrentProcessId, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, TerminateThread, GetExitCodeThread, CreateThread, OutputDebugStringA, CreateProcessW, ExpandEnvironmentStringsW, Sleep, WaitForSingleObject, CreateSemaphoreW, ReleaseSemaphore, GetFileAttributesW, FreeResource, LockResource, LoadResource, FindResourceW, GetTimeFormatW, GetDateFormatW, Beep, CreateDirectoryW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLocaleInfoW, GetACP, GetCurrentThreadId, HeapSize, GetStdHandle, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetProcessHeap, GetCommandLineA, VirtualAlloc, RaiseException, ResumeThread, ExitThread, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, GetCurrentThread, SetThreadPriority, MoveFileExW, RemoveDirectoryW, WriteFile, InterlockedDecrement, OpenProcess, LocalAlloc, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleHandleA, GetLongPathNameW, GetModuleHandleW, LocalFree, GetLocalTime, GetVersionExA, GetModuleFileNameA, lstrcpyW, GetModuleFileNameW, lstrlenW, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, CreateFileA, SetStdHandle, CreateMutexW, ReleaseMutex, CloseHandle, GetLastError, GetOEMCP, LCMapStringA, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo<BR>> USER32.dll: GetScrollInfo, IsMenu, GetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, LoadBitmapA, SetWindowRgn, MessageBoxA, GetWindow, SetWindowPos, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, GetAsyncKeyState, TranslateMessage, EndDialog, PostThreadMessageA, MsgWaitForMultipleObjects, GetDesktopWindow, GetClassInfoExW, RegisterClassExW, CopyRect, LoadImageW, GetMessageA, GetCapture, ReleaseCapture, SetCapture, IsWindowVisible, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, IsWindowUnicode, DrawFrameControl, SetActiveWindow, DialogBoxParamW, SetForegroundWindow, FrameRect, GetDlgItemTextA, DispatchMessageA, PeekMessageA, MoveWindow, UpdateWindow, GetSysColor, GetDlgItemTextW, MessageBoxW, IsDlgButtonChecked, CheckDlgButton, EnableWindow, DrawTextW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetDC, ReleaseDC, GetWindowRect, GetSystemMetrics, KillTimer, GetWindowLongA, ShowWindow, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, SetWindowLongW, PostMessageA, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ClientToScreen, SendMessageA, GetDlgItem, IsWindow, InvalidateRect, CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetMenuInfo<BR>> GDI32.dll: LineTo, GetTextExtentPoint32W, GetTextAlign, GetObjectA, SetPixel, GdiFlush, Polygon, BitBlt, GetPixel, CombineRgn, CreateRectRgn, StretchBlt, RoundRect, ExcludeClipRect, TextOutW, SetTextAlign, CreatePen, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, GetStockObject, SetTextColor, SetBkMode, SetWindowOrgEx, GetWindowOrgEx, GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, DeleteDC, DeleteObject, PlgBlt, SelectObject, CreateCompatibleBitmap, MoveToEx, CreateCompatibleDC<BR>> comdlg32.dll: GetOpenFileNameW<BR>> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, CryptReleaseContext, CryptAcquireContextA, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, RegQueryValueExW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegEnumValueW, RegCloseKey<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW<BR>> ole32.dll: CLSIDFromString, CoUninitialize, StringFromIID, CoCreateInstance, CreateStreamOnHGlobal, CoGetMalloc, CoInitialize, IIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> PSAPI.DLL: GetProcessMemoryInfo<BR><BR>( 11 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate<BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f</a>
DSSAGENT.EXE
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 BACKDOOR.Trojan
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 PossibleThreat
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 Spyware.Win32.BrodcastDSSAGENT
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 Spyware:Win32/BrodcastDSSAGENT
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 Generic Malware
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 590336 bytes
MD5...: b6e6d9e77b32ed3cccdf6d1bf707f32b
SHA1..: 5ef2dd601a5c66388f91f20a760aeb7e95c2cdf2
SHA256: 6f12cf1b9d4eb53e88d4678e9ef305e0088fd354c5cd5e9017ada31b4e4e608a
SHA512: c5a1e5db829b9cbf97d5148ec6545f2d6ae7cc108f9eff20fd217fae9138f015<BR>b53c22e9fc3cb15278a5dd3b40502c79649322000652919d43cc3d9ac9dc0d54<BR>
ssdeep: 12288:jM9MUYDRGpkvP50mOPDM3IIwvw3Yq0MXT7EJ902lb:OMU3uZALM3bw4Yq1<BR>AHX<BR>
PEiD..: InstallShield 2000
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46b3a0<BR>timedatestamp.....: 0x3803c734 (Tue Oct 12 23:41:40 1999)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7a69a 0x7a800 6.55 283f190747f28e6985e0f77174c653bb<BR>.rdata 0x7c000 0xb4da 0xb600 6.00 b0cca816f2960b1f0be6ad7bc13e4455<BR>.data 0x88000 0xfe90 0x9c00 4.43 b8fc3642852e015663cf5388732c2f65<BR>.rsrc 0x98000 0x3d0 0x400 3.17 5f58f1b546fd55f6da6d2ca5a9895bed<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: GetWindowsDirectoryA, GetModuleFileNameA, SetCurrentDirectoryA, GetTickCount, GetCurrentDirectoryA, GetLastError, CreateProcessA, GetTempFileNameA, GetProcAddress, OpenMutexA, Sleep, FreeLibrary, GetDiskFreeSpaceA, CreateEventA, SetEvent, ResumeThread, GetExitCodeThread, CreateDirectoryA, GetCurrentThreadId, OutputDebugStringA, CreateMutexA, WaitForSingleObject, WriteFile, GetFileSize, DeleteFileA, SetFilePointer, ReadFile, CloseHandle, LoadLibraryA, SetErrorMode, GetFileAttributesA, SetLastError, TlsGetValue, FileTimeToLocalFileTime, FileTimeToSystemTime, RemoveDirectoryA, InterlockedIncrement, GetLocaleInfoW, SetEnvironmentVariableA, CompareStringW, GetFullPathNameA, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeA, VirtualLock, GetVersionExA, VirtualUnlock, GetSystemTime, QueryPerformanceCounter, FindFirstFileA, FindNextFileA, FindClose, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, InitializeCriticalSection, GetCurrentProcessId, GetModuleHandleA, TerminateThread, DeleteCriticalSection, GetPrivateProfileIntA, GetSystemDirectoryA, WinExec, RtlUnwind, CreateFileA, GetTimeZoneInformation, GetLocalTime, CreateThread, TlsSetValue, ExitThread, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, InterlockedDecrement, HeapAlloc, HeapReAlloc, HeapFree, MoveFileA, SetEndOfFile, GetFileType, TlsAlloc, HeapDestroy, CompareStringA, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, FlushFileBuffers, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, SetStdHandle, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, GetLocaleInfoA<BR>> USER32.dll: PostMessageA, TranslateMessage, DefWindowProcA, PostQuitMessage, DispatchMessageA, LoadCursorA, DestroyWindow, IsWindow, FindWindowA, PeekMessageA, SetWindowLongA, SendMessageA, wsprintfA, GetMessageA, CreateWindowExA, RegisterClassA, PostThreadMessageA<BR>> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyA, RegDeleteValueA, RegEnumKeyExA, RegDeleteKeyA, RegQueryInfoKeyA<BR>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
tbPeer.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 1784856 bytes
MD5...: aac20ff867f631f4cc5b02cc62e0e15f
SHA1..: 7a1c98e96785784f336b9c3716086c26bbd6f461
SHA256: 5af0e776fb1f4e91a29f0b8eaffc7eca26c83e811e2e28a93e8526c8ee90d6df
SHA512: 49d5d97f46bc22be9298fe51c20a90f560ac804dc757e878f0c2e55ccf0c48e3<BR>587ab79cbc12c34cca65f5ec557eb2f7dbec4ea833bdb07cd0ecaf8eacabc0ca<BR>
ssdeep: 24576:NzsJeUiOskE2Yxi6oeJ38iuZb1K/AqPEGtJkfQNcoOqcNPDY8VWRWciGYz<BR>VQ6fs:NK3b1K/pPE8kmTyN/WRnipzVQ4s<BR>
PEiD..: -
TrID..: File type identification<BR>Windows OCX File (71.0%)<BR>Win32 Executable MS Visual C++ (generic) (21.6%)<BR>Win32 Executable Generic (4.9%)<BR>Generic Win/DOS Executable (1.1%)<BR>DOS Executable Generic (1.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100d0d27<BR>timedatestamp.....: 0x48cddae2 (Mon Sep 15 03:47:46 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfea58 0xfec00 6.55 66140bee4b1c342be7721463a297bd72<BR>.rdata 0x100000 0x513bf 0x51400 4.52 845a1f5fa5a367da5d1f4f23862ebe75<BR>.data 0x152000 0x5f40 0x4000 4.75 fc9f27b3bd011562bc8319e46d5fbcea<BR>.rsrc 0x158000 0x49ef0 0x4a000 5.34 4d73cbf2d46eebb4dba34b02e2f64857<BR>.reloc 0x1a2000 0x14b3a 0x14c00 5.94 2d81059c82469744da070bffee4673cb<BR><BR>( 18 imports ) <BR>> COMCTL32.dll: InitCommonControlsEx, ImageList_ReplaceIcon, CreatePropertySheetPageW, _TrackMouseEvent, PropertySheetW, CreateToolbarEx, ImageList_Create<BR>> WININET.dll: FindCloseUrlCache, FindFirstUrlCacheEntryA, GetUrlCacheEntryInfoW, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, InternetCloseHandle, InternetSetOptionA, InternetSetCookieW, HttpQueryInfoA, InternetCrackUrlW, InternetCrackUrlA, InternetSetOptionExA, InternetOpenA, HttpSendRequestA, InternetGetLastResponseInfoA, InternetReadFile, InternetCanonicalizeUrlA, InternetGetConnectedState, InternetOpenUrlW, InternetOpenW, InternetSetOptionW, InternetCanonicalizeUrlW, HttpOpenRequestA, InternetQueryOptionA, InternetConnectA<BR>> SHLWAPI.dll: PathFileExistsW<BR>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW<BR>> MSIMG32.dll: GradientFill<BR>> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<BR>> CRYPT32.dll: CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CryptMsgClose, CryptUnprotectData, CryptProtectData, CertCloseStore, CertFreeCertificateContext, CryptQueryObject<BR>> WINMM.dll: timeGetTime, PlaySoundA, sndPlaySoundW, PlaySoundW<BR>> KERNEL32.dll: lstrcpyA, GetTickCount, CopyFileW, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCurrentProcessId, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, TerminateThread, GetExitCodeThread, CreateThread, OutputDebugStringA, CreateProcessW, ExpandEnvironmentStringsW, Sleep, WaitForSingleObject, CreateSemaphoreW, ReleaseSemaphore, GetFileAttributesW, FreeResource, LockResource, LoadResource, FindResourceW, GetTimeFormatW, GetDateFormatW, Beep, CreateDirectoryW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLocaleInfoW, GetACP, GetCurrentThreadId, HeapSize, GetStdHandle, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetProcessHeap, GetCommandLineA, VirtualAlloc, RaiseException, ResumeThread, ExitThread, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, GetCurrentThread, SetThreadPriority, MoveFileExW, RemoveDirectoryW, WriteFile, InterlockedDecrement, OpenProcess, LocalAlloc, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleHandleA, GetLongPathNameW, GetModuleHandleW, LocalFree, GetLocalTime, GetVersionExA, GetModuleFileNameA, lstrcpyW, GetModuleFileNameW, lstrlenW, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, CreateFileA, SetStdHandle, CreateMutexW, ReleaseMutex, CloseHandle, GetLastError, GetOEMCP, LCMapStringA, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo<BR>> USER32.dll: GetScrollInfo, IsMenu, GetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, LoadBitmapA, SetWindowRgn, MessageBoxA, GetWindow, SetWindowPos, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, GetAsyncKeyState, TranslateMessage, EndDialog, PostThreadMessageA, MsgWaitForMultipleObjects, GetDesktopWindow, GetClassInfoExW, RegisterClassExW, CopyRect, LoadImageW, GetMessageA, GetCapture, ReleaseCapture, SetCapture, IsWindowVisible, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, IsWindowUnicode, DrawFrameControl, SetActiveWindow, DialogBoxParamW, SetForegroundWindow, FrameRect, GetDlgItemTextA, DispatchMessageA, PeekMessageA, MoveWindow, UpdateWindow, GetSysColor, GetDlgItemTextW, MessageBoxW, IsDlgButtonChecked, CheckDlgButton, EnableWindow, DrawTextW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetDC, ReleaseDC, GetWindowRect, GetSystemMetrics, KillTimer, GetWindowLongA, ShowWindow, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, SetWindowLongW, PostMessageA, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ClientToScreen, SendMessageA, GetDlgItem, IsWindow, InvalidateRect, CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetMenuInfo<BR>> GDI32.dll: LineTo, GetTextExtentPoint32W, GetTextAlign, GetObjectA, SetPixel, GdiFlush, Polygon, BitBlt, GetPixel, CombineRgn, CreateRectRgn, StretchBlt, RoundRect, ExcludeClipRect, TextOutW, SetTextAlign, CreatePen, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, GetStockObject, SetTextColor, SetBkMode, SetWindowOrgEx, GetWindowOrgEx, GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, DeleteDC, DeleteObject, PlgBlt, SelectObject, CreateCompatibleBitmap, MoveToEx, CreateCompatibleDC<BR>> comdlg32.dll: GetOpenFileNameW<BR>> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, CryptReleaseContext, CryptAcquireContextA, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, RegQueryValueExW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegEnumValueW, RegCloseKey<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW<BR>> ole32.dll: CLSIDFromString, CoUninitialize, StringFromIID, CoCreateInstance, CreateStreamOnHGlobal, CoGetMalloc, CoInitialize, IIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> PSAPI.DLL: GetProcessMemoryInfo<BR><BR>( 11 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate<BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f</a>
- PJETV
- Visiteur Confirmé
- Messages: 10
- Inscription: 23 Nov 2008 12:01
3 messages
• Page 1 sur 1
Sujets similaires
Windows 11 bloque sur une màj...Bonjour, et désolé si par le passé il a pu m'arriver de rager contre des hackers, certains sont des gens normaux, qui ont juste je dirait un hobby fort gênant parfois, et certainement très discutable.Bref, avant d'envisager le pire et donc une réinstallation partielle, j'aimerais avoir l'avis de que ...
Réponses: 9
récupération d'une image windowsBonjour à tous !Après plusieurs jours (eh oui !) à tenter de sauver mon D.D. je l'ai en finale effacé avec Killdisk (6 h pour 1,5 To)...Je lui réinstalle Win 10 (c'est en cours)Quand il était en état j'avais créé une image disque et un backup sur un D.D. amovible.J'espère récupérer ma précédente in ...
Réponses: 8
Téléchargement Windows 11Bonjour,Je vous mets le lien de téléchargement officiel de Windows 11:https://www.microsoft.com/fr-fr/software-download/windows11Bonne journée.
Réponses: 31
Windows s'est de nouveau ralentiBonjour !J'y reviens: Après une manip, peut être malheureuse, mais qui a fonctionné, de modif du grub d'Ubuntu, Win 10 (issu de Win 7) est entré en hibernation.Il se charge complètement en une heure environ, puis chaque ordre (clic sur une appli) met une à deux minutes pour être actif, puis plusieur ...
Réponses: 1
24H2 mise à jour majeure Windows 11Bonjour à tous,Disponible depuis ce début mois sur les PC éligibles, la release 24H2 de Windows 11 peut être téléchargé depuis l'assistant Upgrade ... Cette mise à jour semble essentielle avec l'introduction importante de l'IA dans le système d'exploitation !!Pour plus d'information, je vous invite ...
Réponses: 1
Défaut d'installation vmware-workstation-windows-17.6.0-4873Bonjour,J'ai besoin d'installer vmware rapidement. N'arrivant pas à régler le problème de l'hyper V sur des anciennes versions de vwware sur windows 11 version 23H2 je souhaite passer sur la dernière version, la v17 qui semble avoir corriger ces problèmes.Le problème c'est qu'à la fin de l'installat ...
Réponses: 4
Récupération fichier disparu sur Windows 10Bonjour,En tapant dans Word, le texte a subitement dusparu. Impossible de le récupérer. Je l'avais déja partiellement enregistré la veille : impossible également derécupérer ce dernier. Que faire ? Toutce que j'ai pu récupérer c'est une partie du texte que j'avais enregistré préalablement dans Drive ...
Réponses: 1
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 59 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |