Bonjour,
Il y a maintenant quelques semaines, j'ai eu un Virus sur le PC de mon fils. J'ai passé un antivirus (je ne sais plus lequel), il a détecté et supprimer des fihciers (je ne sais plus lesquels) et depuis, Windowsupdate ne fonctionne plus (Windows XP SP2).
Pire, quand je lance windowsupdate de façon mauelle, je suis automatiquement redirigé sur le site www.msn.com...bizarre.
J'ai tout essayé les différentes solutions que j'ai trouvé sur le net... et je vfous soumets donc ce bug..
Merci d'avance.
Configuration: Windows XP
Internet Explorer 7.0
Rapport HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:19, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesMaxtorManagerAppOnetouch.exe
C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesPhilips ToUcam CameraVProperty.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSBBSTOREDSSDSSAGENT.EXE
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMaxtorMaxtor BackupMaxBackServiceInt.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMaxtorUtilsSyncServices.exe
C:WINDOWSsystem32slserv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1FICHIE~1MICROS~1MsinfoOFFPROV.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeSearchURLHookSearchPageURL.dll (file missing)
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:Program FilesPeer2Peer-EN bPeer.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [MaxtorOneTouch] C:Program FilesMaxtorManagerAppOnetouch.exe
O4 - HKLM..Run: [mxomssmenu] "C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [ToUcamVProperty] C:Program FilesPhilips ToUcam CameraVProperty.exe
O4 - HKLM..Run: [C:WINDOWSsystem32kddso.exe] C:WINDOWSsystem32kddso.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [DSS] C:WINDOWSBBSTOREDSSDSSAGENT.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobt ... module.exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:Program FilesMaxtorMaxtor BackupMaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:Program FilesMaxtorUtilsSyncServices.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:WINDOWSSYSTEM32slserv.exe
Il y a actuellement 126 visiteurs
Jeudi 02 Mai 2024
       |
Pb windows update XP SP2
3 messages
• Page 1 sur 1
le 23 Nov 2008 21:53
Bonjour.
_ Via HiJackThis, tu supprimes les lignes:
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
_ Tu vas sur http://www.virustotal.com/fr/ puis tu cliques sur Parcourir.
Tu sélectionnes le fichier C:WINDOWSBBSTOREDSSDSSAGENT.EXE et tu cliques sur Ouvrir.
Tu cliques ensuite sur Envoyer le fichier.
A la fin de l'analyse, tu cliques sur Formaté en haut à gauche puis, dans la nouvelle fenêtre, tu cliques sur le bouton
pour faire apparaître le rapport dans la fenêtre en question.
Tu sélectionnes ce rapport puis fais un copier-coller et tu le colles dans ton prochain message.
Tu refais la même manipulation avec le fichier C:Program FilesPeer2Peer-EN bPeer.dll & C:WINDOWSsystem32kddso.exe.
_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.
Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.
Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.
_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.
_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.
Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.
_ Via HiJackThis, tu supprimes les lignes:
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [InstallProgram] C:Documents and SettingsPaulLocal SettingsTemporary Internet FilesContent.IE5PTZ9M41Isetup_100546_3_[1].exe
O17 - HKLMSystemCCSServicesTcpip..{85EAA73A-56F5-47B5-AFC1-A5149F06B802}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{A9F5FFA5-925C-4836-9FE6-629EAE1EB1AA}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{AAC3464C-3E25-423A-BD74-32838E004949}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCCSServicesTcpip..{C8C7E777-CF2F-426F-9F1E-93D34F0AEEB4}: NameServer = 85.255.113.194,85.255.112.177
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCS3ServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.113.194 85.255.112.177
_ Tu vas sur http://www.virustotal.com/fr/ puis tu cliques sur Parcourir.
Tu sélectionnes le fichier C:WINDOWSBBSTOREDSSDSSAGENT.EXE et tu cliques sur Ouvrir.
Tu cliques ensuite sur Envoyer le fichier.
A la fin de l'analyse, tu cliques sur Formaté en haut à gauche puis, dans la nouvelle fenêtre, tu cliques sur le bouton
pour faire apparaître le rapport dans la fenêtre en question.
Tu sélectionnes ce rapport puis fais un copier-coller et tu le colles dans ton prochain message.
Tu refais la même manipulation avec le fichier C:Program FilesPeer2Peer-EN bPeer.dll & C:WINDOWSsystem32kddso.exe.
_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.
Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.
Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.
_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.
_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.
Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.
-
r@in | b0w - PC-Infopraticien
- Messages: 7714
- Inscription: 09 Déc 2007 12:37
- Localisation: Parrot Sec
Analyse des fichiers
le 29 Nov 2008 10:11
voilà les analyse des fichiers par Virustotal :
DSSAGENT.EXE
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 BACKDOOR.Trojan
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 PossibleThreat
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 Spyware.Win32.BrodcastDSSAGENT
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 Spyware:Win32/BrodcastDSSAGENT
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 Generic Malware
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 590336 bytes
MD5...: b6e6d9e77b32ed3cccdf6d1bf707f32b
SHA1..: 5ef2dd601a5c66388f91f20a760aeb7e95c2cdf2
SHA256: 6f12cf1b9d4eb53e88d4678e9ef305e0088fd354c5cd5e9017ada31b4e4e608a
SHA512: c5a1e5db829b9cbf97d5148ec6545f2d6ae7cc108f9eff20fd217fae9138f015<BR>b53c22e9fc3cb15278a5dd3b40502c79649322000652919d43cc3d9ac9dc0d54<BR>
ssdeep: 12288:jM9MUYDRGpkvP50mOPDM3IIwvw3Yq0MXT7EJ902lb:OMU3uZALM3bw4Yq1<BR>AHX<BR>
PEiD..: InstallShield 2000
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46b3a0<BR>timedatestamp.....: 0x3803c734 (Tue Oct 12 23:41:40 1999)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7a69a 0x7a800 6.55 283f190747f28e6985e0f77174c653bb<BR>.rdata 0x7c000 0xb4da 0xb600 6.00 b0cca816f2960b1f0be6ad7bc13e4455<BR>.data 0x88000 0xfe90 0x9c00 4.43 b8fc3642852e015663cf5388732c2f65<BR>.rsrc 0x98000 0x3d0 0x400 3.17 5f58f1b546fd55f6da6d2ca5a9895bed<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: GetWindowsDirectoryA, GetModuleFileNameA, SetCurrentDirectoryA, GetTickCount, GetCurrentDirectoryA, GetLastError, CreateProcessA, GetTempFileNameA, GetProcAddress, OpenMutexA, Sleep, FreeLibrary, GetDiskFreeSpaceA, CreateEventA, SetEvent, ResumeThread, GetExitCodeThread, CreateDirectoryA, GetCurrentThreadId, OutputDebugStringA, CreateMutexA, WaitForSingleObject, WriteFile, GetFileSize, DeleteFileA, SetFilePointer, ReadFile, CloseHandle, LoadLibraryA, SetErrorMode, GetFileAttributesA, SetLastError, TlsGetValue, FileTimeToLocalFileTime, FileTimeToSystemTime, RemoveDirectoryA, InterlockedIncrement, GetLocaleInfoW, SetEnvironmentVariableA, CompareStringW, GetFullPathNameA, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeA, VirtualLock, GetVersionExA, VirtualUnlock, GetSystemTime, QueryPerformanceCounter, FindFirstFileA, FindNextFileA, FindClose, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, InitializeCriticalSection, GetCurrentProcessId, GetModuleHandleA, TerminateThread, DeleteCriticalSection, GetPrivateProfileIntA, GetSystemDirectoryA, WinExec, RtlUnwind, CreateFileA, GetTimeZoneInformation, GetLocalTime, CreateThread, TlsSetValue, ExitThread, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, InterlockedDecrement, HeapAlloc, HeapReAlloc, HeapFree, MoveFileA, SetEndOfFile, GetFileType, TlsAlloc, HeapDestroy, CompareStringA, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, FlushFileBuffers, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, SetStdHandle, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, GetLocaleInfoA<BR>> USER32.dll: PostMessageA, TranslateMessage, DefWindowProcA, PostQuitMessage, DispatchMessageA, LoadCursorA, DestroyWindow, IsWindow, FindWindowA, PeekMessageA, SetWindowLongA, SendMessageA, wsprintfA, GetMessageA, CreateWindowExA, RegisterClassA, PostThreadMessageA<BR>> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyA, RegDeleteValueA, RegEnumKeyExA, RegDeleteKeyA, RegQueryInfoKeyA<BR>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
tbPeer.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 1784856 bytes
MD5...: aac20ff867f631f4cc5b02cc62e0e15f
SHA1..: 7a1c98e96785784f336b9c3716086c26bbd6f461
SHA256: 5af0e776fb1f4e91a29f0b8eaffc7eca26c83e811e2e28a93e8526c8ee90d6df
SHA512: 49d5d97f46bc22be9298fe51c20a90f560ac804dc757e878f0c2e55ccf0c48e3<BR>587ab79cbc12c34cca65f5ec557eb2f7dbec4ea833bdb07cd0ecaf8eacabc0ca<BR>
ssdeep: 24576:NzsJeUiOskE2Yxi6oeJ38iuZb1K/AqPEGtJkfQNcoOqcNPDY8VWRWciGYz<BR>VQ6fs:NK3b1K/pPE8kmTyN/WRnipzVQ4s<BR>
PEiD..: -
TrID..: File type identification<BR>Windows OCX File (71.0%)<BR>Win32 Executable MS Visual C++ (generic) (21.6%)<BR>Win32 Executable Generic (4.9%)<BR>Generic Win/DOS Executable (1.1%)<BR>DOS Executable Generic (1.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100d0d27<BR>timedatestamp.....: 0x48cddae2 (Mon Sep 15 03:47:46 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfea58 0xfec00 6.55 66140bee4b1c342be7721463a297bd72<BR>.rdata 0x100000 0x513bf 0x51400 4.52 845a1f5fa5a367da5d1f4f23862ebe75<BR>.data 0x152000 0x5f40 0x4000 4.75 fc9f27b3bd011562bc8319e46d5fbcea<BR>.rsrc 0x158000 0x49ef0 0x4a000 5.34 4d73cbf2d46eebb4dba34b02e2f64857<BR>.reloc 0x1a2000 0x14b3a 0x14c00 5.94 2d81059c82469744da070bffee4673cb<BR><BR>( 18 imports ) <BR>> COMCTL32.dll: InitCommonControlsEx, ImageList_ReplaceIcon, CreatePropertySheetPageW, _TrackMouseEvent, PropertySheetW, CreateToolbarEx, ImageList_Create<BR>> WININET.dll: FindCloseUrlCache, FindFirstUrlCacheEntryA, GetUrlCacheEntryInfoW, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, InternetCloseHandle, InternetSetOptionA, InternetSetCookieW, HttpQueryInfoA, InternetCrackUrlW, InternetCrackUrlA, InternetSetOptionExA, InternetOpenA, HttpSendRequestA, InternetGetLastResponseInfoA, InternetReadFile, InternetCanonicalizeUrlA, InternetGetConnectedState, InternetOpenUrlW, InternetOpenW, InternetSetOptionW, InternetCanonicalizeUrlW, HttpOpenRequestA, InternetQueryOptionA, InternetConnectA<BR>> SHLWAPI.dll: PathFileExistsW<BR>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW<BR>> MSIMG32.dll: GradientFill<BR>> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<BR>> CRYPT32.dll: CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CryptMsgClose, CryptUnprotectData, CryptProtectData, CertCloseStore, CertFreeCertificateContext, CryptQueryObject<BR>> WINMM.dll: timeGetTime, PlaySoundA, sndPlaySoundW, PlaySoundW<BR>> KERNEL32.dll: lstrcpyA, GetTickCount, CopyFileW, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCurrentProcessId, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, TerminateThread, GetExitCodeThread, CreateThread, OutputDebugStringA, CreateProcessW, ExpandEnvironmentStringsW, Sleep, WaitForSingleObject, CreateSemaphoreW, ReleaseSemaphore, GetFileAttributesW, FreeResource, LockResource, LoadResource, FindResourceW, GetTimeFormatW, GetDateFormatW, Beep, CreateDirectoryW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLocaleInfoW, GetACP, GetCurrentThreadId, HeapSize, GetStdHandle, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetProcessHeap, GetCommandLineA, VirtualAlloc, RaiseException, ResumeThread, ExitThread, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, GetCurrentThread, SetThreadPriority, MoveFileExW, RemoveDirectoryW, WriteFile, InterlockedDecrement, OpenProcess, LocalAlloc, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleHandleA, GetLongPathNameW, GetModuleHandleW, LocalFree, GetLocalTime, GetVersionExA, GetModuleFileNameA, lstrcpyW, GetModuleFileNameW, lstrlenW, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, CreateFileA, SetStdHandle, CreateMutexW, ReleaseMutex, CloseHandle, GetLastError, GetOEMCP, LCMapStringA, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo<BR>> USER32.dll: GetScrollInfo, IsMenu, GetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, LoadBitmapA, SetWindowRgn, MessageBoxA, GetWindow, SetWindowPos, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, GetAsyncKeyState, TranslateMessage, EndDialog, PostThreadMessageA, MsgWaitForMultipleObjects, GetDesktopWindow, GetClassInfoExW, RegisterClassExW, CopyRect, LoadImageW, GetMessageA, GetCapture, ReleaseCapture, SetCapture, IsWindowVisible, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, IsWindowUnicode, DrawFrameControl, SetActiveWindow, DialogBoxParamW, SetForegroundWindow, FrameRect, GetDlgItemTextA, DispatchMessageA, PeekMessageA, MoveWindow, UpdateWindow, GetSysColor, GetDlgItemTextW, MessageBoxW, IsDlgButtonChecked, CheckDlgButton, EnableWindow, DrawTextW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetDC, ReleaseDC, GetWindowRect, GetSystemMetrics, KillTimer, GetWindowLongA, ShowWindow, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, SetWindowLongW, PostMessageA, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ClientToScreen, SendMessageA, GetDlgItem, IsWindow, InvalidateRect, CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetMenuInfo<BR>> GDI32.dll: LineTo, GetTextExtentPoint32W, GetTextAlign, GetObjectA, SetPixel, GdiFlush, Polygon, BitBlt, GetPixel, CombineRgn, CreateRectRgn, StretchBlt, RoundRect, ExcludeClipRect, TextOutW, SetTextAlign, CreatePen, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, GetStockObject, SetTextColor, SetBkMode, SetWindowOrgEx, GetWindowOrgEx, GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, DeleteDC, DeleteObject, PlgBlt, SelectObject, CreateCompatibleBitmap, MoveToEx, CreateCompatibleDC<BR>> comdlg32.dll: GetOpenFileNameW<BR>> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, CryptReleaseContext, CryptAcquireContextA, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, RegQueryValueExW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegEnumValueW, RegCloseKey<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW<BR>> ole32.dll: CLSIDFromString, CoUninitialize, StringFromIID, CoCreateInstance, CreateStreamOnHGlobal, CoGetMalloc, CoInitialize, IIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> PSAPI.DLL: GetProcessMemoryInfo<BR><BR>( 11 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate<BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f</a>
DSSAGENT.EXE
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 BACKDOOR.Trojan
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 PossibleThreat
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 Spyware.Win32.BrodcastDSSAGENT
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 Spyware:Win32/BrodcastDSSAGENT
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 Generic Malware
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 590336 bytes
MD5...: b6e6d9e77b32ed3cccdf6d1bf707f32b
SHA1..: 5ef2dd601a5c66388f91f20a760aeb7e95c2cdf2
SHA256: 6f12cf1b9d4eb53e88d4678e9ef305e0088fd354c5cd5e9017ada31b4e4e608a
SHA512: c5a1e5db829b9cbf97d5148ec6545f2d6ae7cc108f9eff20fd217fae9138f015<BR>b53c22e9fc3cb15278a5dd3b40502c79649322000652919d43cc3d9ac9dc0d54<BR>
ssdeep: 12288:jM9MUYDRGpkvP50mOPDM3IIwvw3Yq0MXT7EJ902lb:OMU3uZALM3bw4Yq1<BR>AHX<BR>
PEiD..: InstallShield 2000
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x46b3a0<BR>timedatestamp.....: 0x3803c734 (Tue Oct 12 23:41:40 1999)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7a69a 0x7a800 6.55 283f190747f28e6985e0f77174c653bb<BR>.rdata 0x7c000 0xb4da 0xb600 6.00 b0cca816f2960b1f0be6ad7bc13e4455<BR>.data 0x88000 0xfe90 0x9c00 4.43 b8fc3642852e015663cf5388732c2f65<BR>.rsrc 0x98000 0x3d0 0x400 3.17 5f58f1b546fd55f6da6d2ca5a9895bed<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: GetWindowsDirectoryA, GetModuleFileNameA, SetCurrentDirectoryA, GetTickCount, GetCurrentDirectoryA, GetLastError, CreateProcessA, GetTempFileNameA, GetProcAddress, OpenMutexA, Sleep, FreeLibrary, GetDiskFreeSpaceA, CreateEventA, SetEvent, ResumeThread, GetExitCodeThread, CreateDirectoryA, GetCurrentThreadId, OutputDebugStringA, CreateMutexA, WaitForSingleObject, WriteFile, GetFileSize, DeleteFileA, SetFilePointer, ReadFile, CloseHandle, LoadLibraryA, SetErrorMode, GetFileAttributesA, SetLastError, TlsGetValue, FileTimeToLocalFileTime, FileTimeToSystemTime, RemoveDirectoryA, InterlockedIncrement, GetLocaleInfoW, SetEnvironmentVariableA, CompareStringW, GetFullPathNameA, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeA, VirtualLock, GetVersionExA, VirtualUnlock, GetSystemTime, QueryPerformanceCounter, FindFirstFileA, FindNextFileA, FindClose, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, InitializeCriticalSection, GetCurrentProcessId, GetModuleHandleA, TerminateThread, DeleteCriticalSection, GetPrivateProfileIntA, GetSystemDirectoryA, WinExec, RtlUnwind, CreateFileA, GetTimeZoneInformation, GetLocalTime, CreateThread, TlsSetValue, ExitThread, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, InterlockedDecrement, HeapAlloc, HeapReAlloc, HeapFree, MoveFileA, SetEndOfFile, GetFileType, TlsAlloc, HeapDestroy, CompareStringA, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, FlushFileBuffers, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, SetStdHandle, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, GetLocaleInfoA<BR>> USER32.dll: PostMessageA, TranslateMessage, DefWindowProcA, PostQuitMessage, DispatchMessageA, LoadCursorA, DestroyWindow, IsWindow, FindWindowA, PeekMessageA, SetWindowLongA, SendMessageA, wsprintfA, GetMessageA, CreateWindowExA, RegisterClassA, PostThreadMessageA<BR>> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyA, RegDeleteValueA, RegEnumKeyExA, RegDeleteKeyA, RegQueryInfoKeyA<BR>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=b6e6d9e77b32ed3cccdf6d1bf707f32b</a>
tbPeer.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.28 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.537 2008.11.28 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.28 -
Prevx1 V2 2008.11.29 -
Rising 21.05.51.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.28 -
Information additionnelle
File size: 1784856 bytes
MD5...: aac20ff867f631f4cc5b02cc62e0e15f
SHA1..: 7a1c98e96785784f336b9c3716086c26bbd6f461
SHA256: 5af0e776fb1f4e91a29f0b8eaffc7eca26c83e811e2e28a93e8526c8ee90d6df
SHA512: 49d5d97f46bc22be9298fe51c20a90f560ac804dc757e878f0c2e55ccf0c48e3<BR>587ab79cbc12c34cca65f5ec557eb2f7dbec4ea833bdb07cd0ecaf8eacabc0ca<BR>
ssdeep: 24576:NzsJeUiOskE2Yxi6oeJ38iuZb1K/AqPEGtJkfQNcoOqcNPDY8VWRWciGYz<BR>VQ6fs:NK3b1K/pPE8kmTyN/WRnipzVQ4s<BR>
PEiD..: -
TrID..: File type identification<BR>Windows OCX File (71.0%)<BR>Win32 Executable MS Visual C++ (generic) (21.6%)<BR>Win32 Executable Generic (4.9%)<BR>Generic Win/DOS Executable (1.1%)<BR>DOS Executable Generic (1.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100d0d27<BR>timedatestamp.....: 0x48cddae2 (Mon Sep 15 03:47:46 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfea58 0xfec00 6.55 66140bee4b1c342be7721463a297bd72<BR>.rdata 0x100000 0x513bf 0x51400 4.52 845a1f5fa5a367da5d1f4f23862ebe75<BR>.data 0x152000 0x5f40 0x4000 4.75 fc9f27b3bd011562bc8319e46d5fbcea<BR>.rsrc 0x158000 0x49ef0 0x4a000 5.34 4d73cbf2d46eebb4dba34b02e2f64857<BR>.reloc 0x1a2000 0x14b3a 0x14c00 5.94 2d81059c82469744da070bffee4673cb<BR><BR>( 18 imports ) <BR>> COMCTL32.dll: InitCommonControlsEx, ImageList_ReplaceIcon, CreatePropertySheetPageW, _TrackMouseEvent, PropertySheetW, CreateToolbarEx, ImageList_Create<BR>> WININET.dll: FindCloseUrlCache, FindFirstUrlCacheEntryA, GetUrlCacheEntryInfoW, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, InternetCloseHandle, InternetSetOptionA, InternetSetCookieW, HttpQueryInfoA, InternetCrackUrlW, InternetCrackUrlA, InternetSetOptionExA, InternetOpenA, HttpSendRequestA, InternetGetLastResponseInfoA, InternetReadFile, InternetCanonicalizeUrlA, InternetGetConnectedState, InternetOpenUrlW, InternetOpenW, InternetSetOptionW, InternetCanonicalizeUrlW, HttpOpenRequestA, InternetQueryOptionA, InternetConnectA<BR>> SHLWAPI.dll: PathFileExistsW<BR>> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW<BR>> MSIMG32.dll: GradientFill<BR>> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<BR>> CRYPT32.dll: CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CryptMsgClose, CryptUnprotectData, CryptProtectData, CertCloseStore, CertFreeCertificateContext, CryptQueryObject<BR>> WINMM.dll: timeGetTime, PlaySoundA, sndPlaySoundW, PlaySoundW<BR>> KERNEL32.dll: lstrcpyA, GetTickCount, CopyFileW, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, SetLastError, GetCurrentProcessId, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, TerminateThread, GetExitCodeThread, CreateThread, OutputDebugStringA, CreateProcessW, ExpandEnvironmentStringsW, Sleep, WaitForSingleObject, CreateSemaphoreW, ReleaseSemaphore, GetFileAttributesW, FreeResource, LockResource, LoadResource, FindResourceW, GetTimeFormatW, GetDateFormatW, Beep, CreateDirectoryW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLocaleInfoW, GetACP, GetCurrentThreadId, HeapSize, GetStdHandle, ExitProcess, VirtualFree, HeapCreate, HeapDestroy, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetProcessHeap, GetCommandLineA, VirtualAlloc, RaiseException, ResumeThread, ExitThread, GetSystemTimeAsFileTime, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, GetCurrentThread, SetThreadPriority, MoveFileExW, RemoveDirectoryW, WriteFile, InterlockedDecrement, OpenProcess, LocalAlloc, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleHandleA, GetLongPathNameW, GetModuleHandleW, LocalFree, GetLocalTime, GetVersionExA, GetModuleFileNameA, lstrcpyW, GetModuleFileNameW, lstrlenW, GetThreadLocale, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, CreateFileA, SetStdHandle, CreateMutexW, ReleaseMutex, CloseHandle, GetLastError, GetOEMCP, LCMapStringA, LCMapStringW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo<BR>> USER32.dll: GetScrollInfo, IsMenu, GetMenuInfo, GetMenuItemID, GetMenuState, CheckMenuItem, TrackPopupMenu, GetMonitorInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, LoadBitmapA, SetWindowRgn, MessageBoxA, GetWindow, SetWindowPos, CallWindowProcW, GetMenuItemCount, InsertMenuItemW, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, EnableMenuItem, EndMenu, GetAsyncKeyState, TranslateMessage, EndDialog, PostThreadMessageA, MsgWaitForMultipleObjects, GetDesktopWindow, GetClassInfoExW, RegisterClassExW, CopyRect, LoadImageW, GetMessageA, GetCapture, ReleaseCapture, SetCapture, IsWindowVisible, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, FillRect, IsWindowUnicode, DrawFrameControl, SetActiveWindow, DialogBoxParamW, SetForegroundWindow, FrameRect, GetDlgItemTextA, DispatchMessageA, PeekMessageA, MoveWindow, UpdateWindow, GetSysColor, GetDlgItemTextW, MessageBoxW, IsDlgButtonChecked, CheckDlgButton, EnableWindow, DrawTextW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, FindWindowW, SetWindowsHookExA, UnhookWindowsHookEx, GetMenuItemInfoA, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, GetDC, ReleaseDC, GetWindowRect, GetSystemMetrics, KillTimer, GetWindowLongA, ShowWindow, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, RegisterWindowMessageW, SetWindowLongW, PostMessageA, LoadCursorA, SetCursor, GetWindowLongW, GetParent, ClientToScreen, SendMessageA, GetDlgItem, IsWindow, InvalidateRect, CallWindowProcA, GetDlgCtrlID, GetClientRect, SetWindowTextW, SetWindowTextA, wsprintfW, SetDlgItemTextW, SetMenuInfo<BR>> GDI32.dll: LineTo, GetTextExtentPoint32W, GetTextAlign, GetObjectA, SetPixel, GdiFlush, Polygon, BitBlt, GetPixel, CombineRgn, CreateRectRgn, StretchBlt, RoundRect, ExcludeClipRect, TextOutW, SetTextAlign, CreatePen, Rectangle, SetBkColor, CreateSolidBrush, CreateFontIndirectW, GetLayout, GetStockObject, SetTextColor, SetBkMode, SetWindowOrgEx, GetWindowOrgEx, GetDeviceCaps, GetTextColor, GetBkColor, GetBkMode, DeleteDC, DeleteObject, PlgBlt, SelectObject, CreateCompatibleBitmap, MoveToEx, CreateCompatibleDC<BR>> comdlg32.dll: GetOpenFileNameW<BR>> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, CryptReleaseContext, CryptAcquireContextA, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, RegQueryValueExW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegEnumValueW, RegCloseKey<BR>> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, ShellExecuteW, SHCreateDirectoryExW<BR>> ole32.dll: CLSIDFromString, CoUninitialize, StringFromIID, CoCreateInstance, CreateStreamOnHGlobal, CoGetMalloc, CoInitialize, IIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> PSAPI.DLL: GetProcessMemoryInfo<BR><BR>( 11 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate<BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=aac20ff867f631f4cc5b02cc62e0e15f</a>
- PJETV
- Visiteur Confirmé
- Messages: 10
- Inscription: 23 Nov 2008 12:01
3 messages
• Page 1 sur 1
Sujets similaires
[Réglé] isolation impossible du noyau sur mon pc windows 10Bonsoir heraclesmerci tout d'abord de me répondre aussi vite, j'ai donc effectué les deux lignes de commande comme tu m'as indiqué, voici le fichier texte : https://www.cjoint.com/c/NDluFy2UUrJVoici la capture écran générale de mon gestionnaire de périphériques : si cela peut un petit peu t'aider . ...
Réponses: 22
[Réglé] bloc note sous windows 11Bonjour, avec Windows 11 le bloc note a changé de comportement. J'aimerai savoir s'il est possible de revenir à l'ancienne méthode, à savoir que lorsqu?on l'ouvre il n'affiche pas systématiquement tous les notes qui ont été crées avant et à la fermeture lors d'une modif qu'il propose d?enregistrer. ...
Réponses: 2
Incohérences dans Windows 10 (11?)Bonjour Couize,C'est lié à la différence entre le nombre de coeurs et le nombre de processeurs logiques. Tout est dit iciPar exemple, lance powershell admin puis copie colle la commande ci-dessous et valide par la touche Entrée de ton clavier.Code: Tout sélectionnerGet-WmiObject -class Win32_proces ...
Réponses: 3
Le chat et Windows 10, me trouveras tu ?CoucouSi tu possèdes Windows 10, alors sache que je me suis caché dedans, quelque part… Arriveras tu a me retrouver ?Un petit indice ? " le chat commente et aide la communauté "A vos écrans
Réponses: 17
plantage à répétition de WindowsBonjours à tous Depuis quelque temps Windows 11 plante aléatoirement en me mettant l'exception logicielle inconnue (0xe0434352) le code erreur apparaît plusieurs fois et à un moment sa freeze mais juste l'image le jeu continue de tournée en arrière plan... Généralement quand ca arrive si je suis su ...
Réponses: 1
[Réglé] Impossible d'intaller Windows 10 (SSD)Bonjour, Bonne année à toute la communauté de PC Informatique. Vous m'avez manquer.Aujourd'hui je suis face à la nouvelle technologie Et ouep, c'est la vie vache qui rie.Je suis confronté à un soucie de compatibilité.En effet, je suis sur un pc Toshiba Satellite C50-A-1JM qui était sous windows 8.1 ...
Réponses: 14
encore un probleme mise à jour windows KB5001716Salut à vous cela commence, j'avoue, à devenir pénible, j'en suis désolé, mais ce soir au 5 mars 2024 est apparu un nouveau problème sur Windows update la mise à jour KB5001716 ne veut pas s'installer, j'ai eu beau redémarrer mon pc pour voir si cela pouvait fonctionner rien à faire cette mise à jou ...
Réponses: 28
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 6 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |