Message « Virus Alert! » à côté de l'horloge

sahinwila · le 1 octobre 2008

Bonsoir,

Voici le rapport de VundoFix :

VundoFix V7.0.6

Scan started at 23:43:45 1/10/2008

Listing files found while scanning....

C:\Windows\system32\divxdec_0407.dll

C:\Windows\system32\divxdec_0411.dll

Beginning removal...

Attempting to delete C:\Windows\system32\divxdec_0407.dll

C:\Windows\system32\divxdec_0407.dll Has been deleted!

Attempting to delete C:\Windows\system32\divxdec_0411.dll

C:\Windows\system32\divxdec_0411.dll Has been deleted!

Performing Repairs to the registry.

Done!

Et celui de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:35:49, on 2/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\SYSTEM32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Miramar\PC MACLAN\ATMsg.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE

C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\windows\Explorer.EXE

c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\windows\System32\tcpsvcs.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\windows\System32\svchost.exe

C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\windowsautomaticupdates.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\windows\system32\wscntfy.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\windows\system32\PuXpMan2.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Calendrier\Cld2000.exe

C:\windows\system32\ctfmon.exe

C:\windows\System32\svchost.exe

C:\Program Files\Norton Utilities\SYSDOC32.EXE

C:\Documents and Settings\Myriam1\Application Data\wintos.exe

C:\Documents and Settings\Myriam1\Application Data\wint.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {F503FB99-B802-4E95-A767-959739D786B1} - (no file)

O4 - HKLM\..\Run: [Miramar Systems, Inc.] "C:\Program Files\Miramar\PC MACLAN\atmsg.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mspwr] C:\windows\system32\PuXpMan2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows USB Control] C:\Documents and Settings\Myriam1\Application Data\wintos.exe

O4 - HKCU\..\Run: [Windows USB Controlling] C:\Documents and Settings\Myriam1\Application Data\wint.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search -

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\windows\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\windows\System32\shdocvw.dll

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU)

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O15 - Trusted Zone: http://www.rigolus.com

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166749772390

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_10.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F439862-B2F0-43D1-AC84-B54AB1989D1F}: NameServer = 195.238.2.21,195.238.2.22

O20 - AppInit_DLLs: qxxwxh.dll hduywz.dll

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: docoom online S.L.: docoom backup update permissions manager. 12662. - Unknown owner - C:\Program Files\docoom\docoom backup\udocoom.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE

O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

O24 - Desktop Component 0: Privacy Protection - (no file)

--

End of file - 15579 bytes

D'avance merci.

Myriam

Lien Rag · le 4 octobre 2008

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Parcours tes dossiers jusque à ce fichier, si tu le trouves :

C:\Documents and Settings\Myriam1\Application Data\wintos.exe

C:\Documents and Settings\Myriam1\Application Data\wint.exe

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Modifié le 4 octobre 2008 par Lien Rag

sahinwila · le 4 octobre 2008

J'ai ajouté le rapport d'un troisième fichier que je trouvais suspect.

PS : j'ai demandé "réanalysé" pour les 3 fichiers.

Fichier wintos.exe reçu le 2008.10.04 13:22:18 (CET)Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.10.3.2 2008.10.03 -

AntiVir 7.8.1.34 2008.10.03 DR/Delphi.Gen

Authentium 5.1.0.4 2008.10.04 -

Avast 4.8.1248.0 2008.10.04 Win32:Trojan-gen {Other}

AVG 8.0.0.161 2008.10.03 Dropper.Generic.ABCY

BitDefender 7.2 2008.10.04 -

CAT-QuickHeal 9.50 2008.10.04 -

ClamAV 0.93.1 2008.10.04 -

DrWeb 4.44.0.09170 2008.10.04 -

eSafe 7.0.17.0 2008.10.02 -

eTrust-Vet 31.6.6127 2008.10.03 Win32/Slenfbot!generic

Ewido 4.0 2008.10.04 -

F-Prot 4.4.4.56 2008.10.03 -

F-Secure 8.0.14332.0 2008.10.04 -

Fortinet 3.113.0.0 2008.10.04 Misc/PUP

GData 19 2008.10.04 Win32:Trojan-gen {Other}

Ikarus T3.1.1.34.0 2008.10.04 VirTool.Win32.DelfInject.AF

K7AntiVirus 7.10.483 2008.10.03 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2008.10.04 -

McAfee 5398 2008.10.04 potentially unwanted program Generic PUP

Microsoft 1.4005 2008.10.04 VirTool:Win32/DelfInject.gen!AF

NOD32 3494 2008.10.03 a variant of Win32/Injector.CR

Norman 5.80.02 2008.10.03 -

Panda 9.0.0.4 2008.10.04 -

PCTools 4.4.2.0 2008.10.03 -

Prevx1 V2 2008.10.04 Malware Downloader

Rising 20.63.62.00 2008.09.28 -

SecureWeb-Gateway 6.7.6 2008.10.04 Trojan.Dropper.Delphi.Gen

Sophos 4.34.0 2008.10.04 -

Sunbelt 3.1.1675.1 2008.09.27 -

Symantec 10 2008.10.04 -

TheHacker 6.3.1.0.100 2008.10.03 -

TrendMicro 8.700.0.1004 2008.10.03 -

VBA32 3.12.8.6 2008.10.03 Worm.Win32.Socks.ahs

ViRobot 2008.10.4.1406 2008.10.04 -

VirusBuster 4.5.11.0 2008.10.03 Packed/newStub

Information additionnelle

File size: 170496 bytes

MD5...: a7ccd848a86435c5f4192361e0ebd4d8

SHA1..: f72c3d80e2d55e339a9edf57cb0fd41a61e21c32

SHA256: f1d28a39d4f7ede7ea4697c8fe541f692f802451ec195293367d42b41f272e31

SHA512:

07dcca02aa37f779396d2896839548ada9882c65469a50efb590a85ad2909f54 995a7a8fc2607d46f86f28399b

13212420745a85fa032249b25e34e88535c1b6

PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

TrID..: File type identification Win32 Executable Generic (58.3%) Win16/32 Executable Delphi generic

(14.1%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.6%) Autodesk FLIC

Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xc54cc timedatestamp.....:

0x43a14136 (Thu Dec 15 10:11:02 2005) machinetype.......: 0x14c (I386) ( 8 sections ) name

viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x45a0 0x4600 6.42

8cb3cf85f8c89b8a04bdac75c0e6f3e8 DATA 0x6000 0x120 0x200 2.92

1bdc64e309c7484fc2deab5994be44d5 BSS 0x7000 0x6fd 0x0 0.00

d41d8cd98f00b204e9800998ecf8427e .idata 0x8000 0x4b6 0x600 3.74

696c5995011d4f4d3bb3306f4e8bd368 .tls 0x9000 0x8 0x0 0.00

d41d8cd98f00b204e9800998ecf8427e .rdata 0xa000 0x24 0x200 0.42

bf71d4493a53f7b80fa35464147abdba .reloc 0xb000 0x4d8 0x600 5.93

887a581fd4396d76cafa0a7e3c42b6ec .rsrc 0xc000 0x23e98 0x24000 7.79

4cbcfa1bff44a590dba35e642cd3b6bf ( 7 imports ) > kernel32.dll: DeleteCriticalSection,

LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc,

GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA,

FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle >

user32.dll: GetKeyboardType, MessageBoxA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA,

RegCloseKey > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA >

advapi32.dll: SetThreadToken > kernel32.dll: SetTapeParameters, SetEvent, ResetEvent, LoadLibraryA,

GetProcAddress, GetModuleFileNameA, GetLastError, GetFileTime, GetComputerNameA,

GenerateConsoleCtrlEvent, FlushViewOfFile > user32.dll: MessageBoxA ( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp...717E500F5CF036F

Antivirus Version Dernière mise à jour Résultat