Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Virus tdlcmd.dll impossible à supprimer

Maheva

Par Maheva
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Télécharge SystemLook de Jpshortstuff sur ton Bureau à partir d'un des liens ci-dessous.

Miroir de téléchargement #1

Miroir de téléchargement #2

  • Double-clique sur SystemLook.exe pour le lancer.
  • Clic droit|Copier le contenu du cadre ci-dessous et clic droit|Coller dans la zone texte de SystemLook :
    :filefind
*classpnp*
*acpi*
*disk.sys*
*halmacpi.*


     

  • Clique sur le bouton Look pour démarrer l'examen.
  • A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.

Nota Bene : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt

Maheva Member

Maheva

Posté(e)
  • Auteur
Posté(e)

Voici le rapport de systemlook

 

 

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 13:20 on 11/12/2009 by Carole (Administrator - Elevation successful)

 

========== filefind ==========

 

Searching for "*classpnp*"

C:\Windows\System32\drivers\Classpnp.sys --a--- 125928 bytes [02:01 07/08/2009] [06:32 11/04/2009] 0767B09C74D935A590B4879D14463B64

C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6000.16386_none_134c6c9faf26c46e.manifest --a--- 4355 bytes [10:21 02/11/2006] [10:09 02/11/2006] 280432B38D68F3CFEFCB0419A262B942

C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6001.18000_none_15832e9bac11d542.manifest --a--- 4355 bytes [02:20 21/01/2008] [02:20 21/01/2008] 341685FB9BE3BDAE559B63CAEF262660

C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6002.18005_none_176ea7a7a933a08e.manifest ------ 4355 bytes [01:31 07/08/2009] [22:14 10/04/2009] 1A0B73BF4C0BE6D9756C49723B702424

C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6001.18000_none_15832e9bac11d542\Classpnp.sys --a--- 127544 bytes [02:24 21/01/2008] [02:24 21/01/2008] 4388CEBB2C6A7F484AC409A90A3C9FAE

C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6002.18005_none_176ea7a7a933a08e\Classpnp.sys --a--- 125928 bytes [02:01 07/08/2009] [06:32 11/04/2009] 0767B09C74D935A590B4879D14463B64

 

Searching for "*acpi*"

C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll --a--- 81920 bytes [04:29 21/11/2008] [23:24 29/08/2005] B8EEE72879838DE037DD2683E1F3869E

C:\Windows\inf\acpi.inf --a--- 8928 bytes [10:25 02/11/2006] [12:05 08/10/2009] 724471693C54330A634FF3AF9FA89B55

C:\Windows\inf\acpi.PNF --a--- 16588 bytes [10:25 02/11/2006] [12:05 08/10/2009] FF05E961679E6324B71FF6DD4C05E1D4

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.inf ------ 8928 bytes [01:59 07/08/2009] [01:56 11/04/2009] 724471693C54330A634FF3AF9FA89B55

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.PNF ------ 16588 bytes [12:05 08/10/2009] [12:05 08/10/2009] 8EE8EA0C597E38F8721A30FA966A777B

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.sys ------ 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\wmiacpi.sys ------ 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.inf ------ 7562 bytes [10:25 02/11/2006] [06:25 02/11/2006] D11CFDD7DAF570AFE519440570A9EE0A

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.PNF ------ 14188 bytes [12:51 02/11/2006] [12:51 02/11/2006] 34DA6CFFBF0D588C5C19A577ED5C1F8C

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys ------ 255592 bytes [10:25 02/11/2006] [09:51 02/11/2006] 192BDBD1540645C4A2AA69F24CCE197F

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\wmiacpi.sys ------ 11264 bytes [10:25 02/11/2006] [08:35 02/11/2006] 701A9F884A294327E9141D73746EE279

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.inf ------ 8928 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1F8E8A211F9E0B85C9105EF864D9EF31

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.PNF ------ 16588 bytes [02:31 21/01/2008] [17:11 08/08/2009] 87C1322715233AB27B9BF7C4BECE47A6

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.sys ------ 266808 bytes [02:23 21/01/2008] [02:23 21/01/2008] FCB8C7210F0135E24C6580F7F649C73C

C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\wmiacpi.sys ------ 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\System32\DriverStore\FileRepository\atk0100.inf_3bcd2d8e\ATKACPI.sys ------ 7680 bytes [07:11 15/12/2006] [07:11 15/12/2006] 97AFFA9D95FFE20EEE6229BC6BE166CF

C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halacpi.dll ------ 141880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 37397E3A201ED97976764ADC7C026D31

C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halmacpi.dll ------ 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74

C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halacpi.dll ------ 141880 bytes [03:49 21/11/2008] [03:33 04/04/2008] A1D0B64B46EEB0FD2F379B1A801C62EB

C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halmacpi.dll ------ 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF

C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halacpi.dll ------ 134760 bytes [10:25 02/11/2006] [09:50 02/11/2006] E58EE39C80E8DB9183F576F242358AD8

C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halmacpi.dll ------ 160872 bytes [10:25 02/11/2006] [09:51 02/11/2006] E3A21FC3407DA84C5FF41B5088A67C3B

C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halacpi.dll ------ 137272 bytes [03:49 21/11/2008] [03:36 04/04/2008] 3982B61970AD98491BD6205D6C16D014

C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halmacpi.dll ------ 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234

C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halacpi.dll ------ 140776 bytes [02:02 07/08/2009] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A

C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halmacpi.dll ------ 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

C:\Windows\System32\DriverStore\fr-FR\acpi.inf_loc --a--- 2204 bytes [11:15 16/04/2008] [11:15 16/04/2008] C1CC6E7F7D5615EC1599E86451FF0395

C:\Windows\System32\drivers\acpi.sys ------ 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7

C:\Windows\System32\drivers\ATKACPI.sys ------ 7680 bytes [07:11 15/12/2006] [07:11 15/12/2006] 97AFFA9D95FFE20EEE6229BC6BE166CF

C:\Windows\System32\drivers\fr-FR\acpi.sys.mui --a--- 11264 bytes [11:15 16/04/2008] [11:15 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3

C:\Windows\System32\drivers\wmiacpi.sys ------ 11264 bytes [08:35 02/11/2006] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\System32\halacpi.dll ------ 140776 bytes [08:30 02/11/2006] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A

C:\Windows\System32\halmacpi.dll ------ 177128 bytes [08:30 02/11/2006] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

C:\Windows\winsxs\Manifests\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01.manifest --a--- 3749 bytes [11:13 16/04/2008] [11:13 16/04/2008] 48AAF4E8C58ADF4CEAD574C1F6BA743B

C:\Windows\winsxs\Manifests\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5.manifest --a--- 3656 bytes [11:14 16/04/2008] [11:14 16/04/2008] 511D7F7691AFF423BE5A7E48B67852EE

C:\Windows\winsxs\Manifests\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48.manifest --a--- 4177 bytes [02:17 21/01/2008] [02:17 21/01/2008] C3945B343A1CD54F03198C3845529127

C:\Windows\winsxs\Manifests\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94.manifest ------ 4177 bytes [01:32 07/08/2009] [01:32 07/08/2009] F4A962D290175FFC4D813C8A32A97961

C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01\acpi.inf_loc --a--- 1904 bytes [11:14 16/04/2008] [11:14 16/04/2008] E75605FCE48B94212621956FA3B428BF

C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01\acpi.sys.mui --a--- 11264 bytes [11:14 16/04/2008] [11:14 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3

C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5\acpi.inf_loc --a--- 2204 bytes [11:15 16/04/2008] [11:15 16/04/2008] C1CC6E7F7D5615EC1599E86451FF0395

C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5\acpi.sys.mui --a--- 11264 bytes [11:15 16/04/2008] [11:15 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.inf --a--- 8928 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1F8E8A211F9E0B85C9105EF864D9EF31

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys --a--- 266808 bytes [02:23 21/01/2008] [02:23 21/01/2008] FCB8C7210F0135E24C6580F7F649C73C

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\wmiacpi.sys --a--- 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.inf --a--- 8928 bytes [01:59 07/08/2009] [01:56 11/04/2009] 724471693C54330A634FF3AF9FA89B55

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.sys --a--- 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7

C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\wmiacpi.sys --a--- 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halacpi.dll --a--- 137272 bytes [03:49 21/11/2008] [03:36 04/04/2008] 3982B61970AD98491BD6205D6C16D014

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halmacpi.dll --a--- 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halacpi.dll --a--- 141880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 37397E3A201ED97976764ADC7C026D31

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll --a--- 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halacpi.dll --a--- 141880 bytes [03:49 21/11/2008] [03:33 04/04/2008] A1D0B64B46EEB0FD2F379B1A801C62EB

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halmacpi.dll --a--- 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halacpi.dll --a--- 140776 bytes [02:02 07/08/2009] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halmacpi.dll --a--- 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

 

Searching for "*disk.sys*"

C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_1f8551c9\ClusDisk.sys ------ 26112 bytes [01:59 07/08/2009] [04:20 11/04/2009] 78533A10D91C7EA6D5BA6A0CEA07CD62

C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_42af4fdc\ClusDisk.sys ------ 20480 bytes [10:25 02/11/2006] [08:36 02/11/2006] 940020D9AF70B38D6E721FAF4424E37E

C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_e7d66a0e\ClusDisk.sys ------ 26112 bytes [02:23 21/01/2008] [02:23 21/01/2008] D4A76DD468211291C62BB80D82EB85A0

C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_296260cb\crcdisk.sys ------ 24632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871

C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_399dba89\crcdisk.sys ------ 22632 bytes [10:25 02/11/2006] [09:49 02/11/2006] 2A213AE086BBEC5E937553C7D9A2B22C

C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys ------ 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A

C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys ------ 55352 bytes [02:23 21/01/2008] [02:23 21/01/2008] 64109E623ABD6955C8FB110B592E68B7

C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys ------ 52840 bytes [10:25 02/11/2006] [09:49 02/11/2006] 841AF4C4D41D3E3B2F244E976B0F7963

C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\flpydisk.sys ------ 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD

C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\flpydisk.sys ------ 20480 bytes [10:25 02/11/2006] [08:51 02/11/2006] 6603957EFF5EC62D25075EA8AC27DE68

C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_4bdb31c0\ramdisk.sys ------ 22528 bytes [02:23 21/01/2008] [02:23 21/01/2008] 94644648375F9F5F10A0B783E90D3A2A

C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_581fa0f3\ramdisk.sys ------ 22528 bytes [10:25 02/11/2006] [08:52 02/11/2006] 50E80F018D1617211D64BE8BCA7399BE

C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_3a103ca8\sffdisk.sys ------ 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86

C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_4daf32a8\sffdisk.sys ------ 13312 bytes [10:25 02/11/2006] [08:51 02/11/2006] 103B79418DA647736EE95645F305F68A

C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_f081f8b7\sffdisk.sys ------ 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86

C:\Windows\System32\drivers\crcdisk.sys ------ 24632 bytes [08:52 02/11/2006] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871

C:\Windows\System32\drivers\disk.sys ------ 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A

C:\Windows\System32\drivers\flpydisk.sys ------ 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD

C:\Windows\System32\drivers\sffdisk.sys ------ 13312 bytes [08:51 02/11/2006] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86

C:\Windows\winsxs\x86_clusdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_ed9445d1044eb92b\ClusDisk.sys --a--- 26112 bytes [02:23 21/01/2008] [02:23 21/01/2008] D4A76DD468211291C62BB80D82EB85A0

C:\Windows\winsxs\x86_clusdisk.inf_31bf3856ad364e35_6.0.6002.18005_none_ef7fbedd01708477\ClusDisk.sys --a--- 26112 bytes [01:59 07/08/2009] [04:20 11/04/2009] 78533A10D91C7EA6D5BA6A0CEA07CD62

C:\Windows\winsxs\x86_crcdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_978b1f9648a639ba\crcdisk.sys --a--- 24632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871

C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys --a--- 55352 bytes [02:23 21/01/2008] [02:23 21/01/2008] 64109E623ABD6955C8FB110B592E68B7

C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys --a--- 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A

C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\flpydisk.sys --a--- 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD

C:\Windows\winsxs\x86_ramdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_b8ecbe6bda091ffc\ramdisk.sys --a--- 22528 bytes [02:23 21/01/2008] [02:23 21/01/2008] 94644648375F9F5F10A0B783E90D3A2A

C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_a43b8902e9e9f3c9\sffdisk.sys --a--- 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86

C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6002.18005_none_a627020ee70bbf15\sffdisk.sys --a--- 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86

 

Searching for "*halmacpi.*"

C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halmacpi.dll ------ 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74

C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halmacpi.dll ------ 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF

C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halmacpi.dll ------ 160872 bytes [10:25 02/11/2006] [09:51 02/11/2006] E3A21FC3407DA84C5FF41B5088A67C3B

C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halmacpi.dll ------ 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234

C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halmacpi.dll ------ 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

C:\Windows\System32\halmacpi.dll ------ 177128 bytes [08:30 02/11/2006] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halmacpi.dll --a--- 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll --a--- 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halmacpi.dll --a--- 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF

C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halmacpi.dll --a--- 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD

 

-=End Of File=-

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Le fichier :

C:\Windows\System32\drivers\Classpnp.sys existe. Tu peux copier coller la ligne pour virustotal, sinon assuyre toi d'avoir affiché les ficheirs masqués (voir tutos). :P

Maheva Member

Maheva

Posté(e)
  • Auteur
Posté(e)

C'est ça a marché.

 

 

 

Fichier Classpnp.sys reçu le 2009.12.12 20:08:35 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.12 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.12 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.12 -

Comodo 3218 2009.12.12 -

DrWeb 5.0.0.12182 2009.12.12 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.12 -

Fortinet 4.0.14.0 2009.12.12 -

GData 19 2009.12.12 -

Ikarus T3.1.1.74.0 2009.12.12 -

Jiangmin 13.0.900 2009.12.12 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.12 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.12 -

Microsoft 1.5302 2009.12.12 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.12 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.12 -

Rising 22.25.05.04 2009.12.12 -

Sophos 4.48.0 2009.12.12 -

Sunbelt 3.2.1858.2 2009.12.12 -

Symantec 1.4.4.12 2009.12.12 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.12 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 125928 bytes

MD5...: 0767b09c74d935a590b4879d14463b64

SHA1..: 92fcf40776856b758d63427bba118e67d71433a6

SHA256: b6547ce44f1c00f50c801efce52ee58c944cd50fe5a70cf005e9a745688036a2

ssdeep: 3072:SPMrFipScl1FzRM4QZO7QIs2g6PXCwlNObw6:MMrFipScl1LM4Q7B6vCEYs<BR>6<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1d00f<BR>timedatestamp.....: 0x49e01ee9 (Sat Apr 11 04:39:05 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfcb5 0xfe00 6.54 a543b98d69bcb97347b8a78f49b2e601<BR>.rdata 0x11000 0x111c 0x1200 5.14 9bb2cf7c0ea464cf5d3754ab95545eb0<BR>.data 0x13000 0xc68 0xe00 7.15 a69c3c6ed14277842f863fc1c6bd447c<BR>PAGE 0x14000 0x683f 0x6a00 6.37 a2e1e1cd0501ab0c7043c49af07e26a5<BR>.edata 0x1b000 0x80c 0xa00 4.73 21b0e497e76a15159ab0eab333f3eca3<BR>PAGE 0x1c000 0x910 0xa00 2.69 c06a2602de1950facce2773e85d165aa<BR>INIT 0x1d000 0xc30 0xe00 5.24 89ec5d5c7feaeefd3d4e9aa6cc8fdc82<BR>.rsrc 0x1e000 0x400 0x400 3.37 c055dfcb62486fbf90e33cbd4a396740<BR>.reloc 0x1f000 0x1610 0x1800 6.53 7d79ee0a4cd8641bca8559bccc2091a9<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: KeWaitForSingleObject, IoFreeWorkItem, ZwClose, RtlQueryRegistryValues, ZwCreateKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, ZwOpenKey, IoFreeIrp, IoFreeMdl, RtlCompareMemory, IoStopTimer, EtwWrite, IoGetDriverObjectExtension, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeQuerySystemTime, _allmul, IoQueueWorkItem, IoAllocateWorkItem, IoReuseIrp, IofCallDriver, KeInitializeEvent, MmBuildMdlForNonPagedPool, IoAllocateMdl, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, ObfDereferenceObject, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, KeInitializeMutex, IoAllocateIrp, IoStartTimer, IoInitializeTimer, KeLeaveCriticalRegion, KeSetEvent, KeEnterCriticalRegion, KeGetCurrentThread, _vsnprintf, IoGetIoPriorityHint, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IofCompleteRequest, DbgPrintEx, EtwUnregister, _allshl, _alldiv, IoGetPagingIoPriority, IoStartNextPacket, MmUnlockPages, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeReleaseMutex, KeSetTimerEx, KeTickCount, IoGetDeviceProperty, EtwRegister, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, IoStartPacket, IoSetHardErrorOrVerifyDevice, memmove, IoDeleteDevice, IoCreateDevice, RtlInitString, ObReferenceObjectByPointer, IoInvalidateDeviceRelations, MmProbeAndLockPages, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, KefAcquireSpinLockAtDpcLevel, _alldvrm, IoDetachDevice, ZwSetValueKey, KeInitializeDpc, KeInitializeTimer, ObfReferenceObject, KeBugCheck, KeDelayExecutionThread, RtlDeleteRegistryValue, _vsnwprintf, RtlTimeToTimeFields, InterlockedPopEntrySList, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, InterlockedPushEntrySList, MmUnmapLockedPages, ExVerifySuite, IoBuildPartialMdl, KeCancelTimer, _aulldiv, KeSetTimer, strncmp, RtlWriteRegistryValue, IoReadPartitionTableEx, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, IoGetDeviceObjectPointer, IoBuildSynchronousFsdRequest, RtlCompareUnicodeString, RtlAppendUnicodeStringToString, RtlInitAnsiString, IoGetConfigurationInformation, IoAttachDeviceToDeviceStack, RtlUnwind, memset, memcpy, ExAllocatePoolWithTag, IoReportTargetDeviceChangeAsynchronous, IoInitializeIrp, ExFreePoolWithTag<BR>> HAL.dll: KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<BR><BR>( 60 exports ) <BR>ClassAcquireChildLock, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassBuildRequest, ClassCheckMediaState, ClassClaimDevice, ClassCleanupMediaChangeDetection, ClassCompleteRequest, ClassCreateDeviceObject, ClassDebugPrint, ClassDeleteSrbLookasideList, ClassDeviceControl, ClassDisableMediaChangeDetection, ClassEnableMediaChangeDetection, ClassFindModePage, ClassForwardIrpSynchronous, ClassGetDescriptor, ClassGetDeviceParameter, ClassGetDriverExtension, ClassGetFsContext, ClassGetVpb, ClassInitialize, ClassInitializeEx, ClassInitializeMediaChangeDetection, ClassInitializeSrbLookasideList, ClassInitializeTestUnitPolling, ClassInternalIoControl, ClassInterpretSenseInfo, ClassInvalidateBusRelations, ClassIoComplete, ClassIoCompleteAssociated, ClassMarkChildMissing, ClassMarkChildrenMissing, ClassModeSense, ClassNotifyFailurePredicted, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassReleaseChildLock, ClassReleaseQueue, ClassReleaseRemoveLock, ClassRemoveDevice, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassSendDeviceIoControlSynchronous, ClassSendIrpSynchronous, ClassSendNotification, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendStartUnit, ClassSetDeviceParameter, ClassSetFailurePredictionPoll, ClassSetMediaChangeState, ClassSignalCompletion, ClassSpinDownPowerHandler, ClassSplitRequest, ClassStopUnitPowerHandler, ClassUpdateInformationInRegistry, ClassWmiCompleteRequest, ClassWmiFireEvent, DllUnload<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: SCSI Class System Dll<BR>original name: Classpnp.sys<BR>internal name: Classpnp.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.12 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.12 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.12 -

Comodo 3218 2009.12.12 -

DrWeb 5.0.0.12182 2009.12.12 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.12 -

Fortinet 4.0.14.0 2009.12.12 -

GData 19 2009.12.12 -

Ikarus T3.1.1.74.0 2009.12.12 -

Jiangmin 13.0.900 2009.12.12 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.12 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.12 -

Microsoft 1.5302 2009.12.12 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.12 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.12 -

Rising 22.25.05.04 2009.12.12 -

Sophos 4.48.0 2009.12.12 -

Sunbelt 3.2.1858.2 2009.12.12 -

Symantec 1.4.4.12 2009.12.12 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.12 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 125928 bytes

MD5...: 0767b09c74d935a590b4879d14463b64

SHA1..: 92fcf40776856b758d63427bba118e67d71433a6

SHA256: b6547ce44f1c00f50c801efce52ee58c944cd50fe5a70cf005e9a745688036a2

ssdeep: 3072:SPMrFipScl1FzRM4QZO7QIs2g6PXCwlNObw6:MMrFipScl1LM4Q7B6vCEYs<BR>6<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1d00f<BR>timedatestamp.....: 0x49e01ee9 (Sat Apr 11 04:39:05 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfcb5 0xfe00 6.54 a543b98d69bcb97347b8a78f49b2e601<BR>.rdata 0x11000 0x111c 0x1200 5.14 9bb2cf7c0ea464cf5d3754ab95545eb0<BR>.data 0x13000 0xc68 0xe00 7.15 a69c3c6ed14277842f863fc1c6bd447c<BR>PAGE 0x14000 0x683f 0x6a00 6.37 a2e1e1cd0501ab0c7043c49af07e26a5<BR>.edata 0x1b000 0x80c 0xa00 4.73 21b0e497e76a15159ab0eab333f3eca3<BR>PAGE 0x1c000 0x910 0xa00 2.69 c06a2602de1950facce2773e85d165aa<BR>INIT 0x1d000 0xc30 0xe00 5.24 89ec5d5c7feaeefd3d4e9aa6cc8fdc82<BR>.rsrc 0x1e000 0x400 0x400 3.37 c055dfcb62486fbf90e33cbd4a396740<BR>.reloc 0x1f000 0x1610 0x1800 6.53 7d79ee0a4cd8641bca8559bccc2091a9<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: KeWaitForSingleObject, IoFreeWorkItem, ZwClose, RtlQueryRegistryValues, ZwCreateKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, ZwOpenKey, IoFreeIrp, IoFreeMdl, RtlCompareMemory, IoStopTimer, EtwWrite, IoGetDriverObjectExtension, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeQuerySystemTime, _allmul, IoQueueWorkItem, IoAllocateWorkItem, IoReuseIrp, IofCallDriver, KeInitializeEvent, MmBuildMdlForNonPagedPool, IoAllocateMdl, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, ObfDereferenceObject, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, KeInitializeMutex, IoAllocateIrp, IoStartTimer, IoInitializeTimer, KeLeaveCriticalRegion, KeSetEvent, KeEnterCriticalRegion, KeGetCurrentThread, _vsnprintf, IoGetIoPriorityHint, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IofCompleteRequest, DbgPrintEx, EtwUnregister, _allshl, _alldiv, IoGetPagingIoPriority, IoStartNextPacket, MmUnlockPages, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeReleaseMutex, KeSetTimerEx, KeTickCount, IoGetDeviceProperty, EtwRegister, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, IoStartPacket, IoSetHardErrorOrVerifyDevice, memmove, IoDeleteDevice, IoCreateDevice, RtlInitString, ObReferenceObjectByPointer, IoInvalidateDeviceRelations, MmProbeAndLockPages, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, KefAcquireSpinLockAtDpcLevel, _alldvrm, IoDetachDevice, ZwSetValueKey, KeInitializeDpc, KeInitializeTimer, ObfReferenceObject, KeBugCheck, KeDelayExecutionThread, RtlDeleteRegistryValue, _vsnwprintf, RtlTimeToTimeFields, InterlockedPopEntrySList, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, InterlockedPushEntrySList, MmUnmapLockedPages, ExVerifySuite, IoBuildPartialMdl, KeCancelTimer, _aulldiv, KeSetTimer, strncmp, RtlWriteRegistryValue, IoReadPartitionTableEx, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, IoGetDeviceObjectPointer, IoBuildSynchronousFsdRequest, RtlCompareUnicodeString, RtlAppendUnicodeStringToString, RtlInitAnsiString, IoGetConfigurationInformation, IoAttachDeviceToDeviceStack, RtlUnwind, memset, memcpy, ExAllocatePoolWithTag, IoReportTargetDeviceChangeAsynchronous, IoInitializeIrp, ExFreePoolWithTag<BR>> HAL.dll: KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<BR><BR>( 60 exports ) <BR>ClassAcquireChildLock, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassBuildRequest, ClassCheckMediaState, ClassClaimDevice, ClassCleanupMediaChangeDetection, ClassCompleteRequest, ClassCreateDeviceObject, ClassDebugPrint, ClassDeleteSrbLookasideList, ClassDeviceControl, ClassDisableMediaChangeDetection, ClassEnableMediaChangeDetection, ClassFindModePage, ClassForwardIrpSynchronous, ClassGetDescriptor, ClassGetDeviceParameter, ClassGetDriverExtension, ClassGetFsContext, ClassGetVpb, ClassInitialize, ClassInitializeEx, ClassInitializeMediaChangeDetection, ClassInitializeSrbLookasideList, ClassInitializeTestUnitPolling, ClassInternalIoControl, ClassInterpretSenseInfo, ClassInvalidateBusRelations, ClassIoComplete, ClassIoCompleteAssociated, ClassMarkChildMissing, ClassMarkChildrenMissing, ClassModeSense, ClassNotifyFailurePredicted, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassReleaseChildLock, ClassReleaseQueue, ClassReleaseRemoveLock, ClassRemoveDevice, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassSendDeviceIoControlSynchronous, ClassSendIrpSynchronous, ClassSendNotification, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendStartUnit, ClassSetDeviceParameter, ClassSetFailurePredictionPoll, ClassSetMediaChangeState, ClassSignalCompletion, ClassSpinDownPowerHandler, ClassSplitRequest, ClassStopUnitPowerHandler, ClassUpdateInformationInRegistry, ClassWmiCompleteRequest, ClassWmiFireEvent, DllUnload<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: SCSI Class System Dll<BR>original name: Classpnp.sys<BR>internal name: Classpnp.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Maheva Member

Maheva

Posté(e)
  • Auteur
Posté(e)

Voici le rapport pour disk.sys

 

 

 

 

Fichier disk.sys reçu le 2009.12.13 09:59:43 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 53736 bytes

MD5...: 5d4aefc3386920236a548271f8f1af6a

SHA1..: 8d8d86438c4c6a76b4238ba09dd4d207c618643a

SHA256: 11b74d6800ec6f7aaefb0b6a9f2e8376c7c3b8db677f03ac3743cb004ca96b08

ssdeep: 1536:JS/Lz3In749RZHnh3aQIGadqaL+Ebx1RUE2O:oL0749RmQtajbx1RsO<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xdbbc<BR>timedatestamp.....: 0x49e01ef2 (Sat Apr 11 04:39:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23da 0x2400 6.33 b88c4b94ccd59941c45c53d912164a7f<BR>.rdata 0x4000 0x5b5 0x600 4.22 36a926a33b7223ab632c6e9a468761ba<BR>.data 0x5000 0x148 0x200 2.41 439ca755095ec54f46e1a9a88452b3dd<BR>PAGE 0x6000 0x5798 0x5800 6.40 9e4fd9606bcd8f409c9f91e058c85e51<BR>PAGE 0xc000 0x150 0x200 1.89 a1db41b8f4f07e71cdf35efd57f32c72<BR>INIT 0xd000 0x173a 0x1800 6.11 09cc427c79be0b723c19e4a8a404cbaa<BR>.rsrc 0xf000 0x3e0 0x400 3.29 2a5fc9cfec830d81ca0d3386393a7f00<BR>.reloc 0x10000 0x97a 0xa00 6.23 c0fefbdcd2e3c3fd1c684ebbf205563a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: IoDeleteDevice, IoAttachDeviceToDeviceStack, ZwClose, ZwMakeTemporaryObject, ZwCreateDirectoryObject, IoRegisterBootDriverReinitialization, IoFreeIrp, IoFreeMdl, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, MmBuildMdlForNonPagedPool, IoAllocateMdl, ZwQueryValueKey, RtlUnicodeStringToInteger, IoReadDiskSignature, IoBuildDeviceIoControlRequest, _vsnprintf, IoGetConfigurationInformation, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, IoCreateSymbolicLink, IoDeleteSymbolicLink, RtlFreeUnicodeString, IoSetDeviceInterfaceState, KeInitializeMutex, InitSafeBootMode, IoRegisterDeviceInterface, HalExamineMBR, KeTickCount, KeBugCheckEx, IoAllocateWorkItem, IoReportTargetDeviceChangeAsynchronous, IoQueueWorkItem, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, ObfDereferenceObject, memmove, IoInvalidateDeviceRelations, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, IoAllocateIrp, _allshr, IoFreeWorkItem, KeWaitForSingleObject, KeReleaseMutex, KeSetEvent, strncmp, IoSetHardErrorOrVerifyDevice, IoRegisterDriverReinitialization, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, ZwOpenKey, _vsnwprintf<BR>> HAL.dll: KeGetCurrentIrql<BR>> CLASSPNP.SYS: ClassScanForSpecial, ClassQueryTimeOutRegistryValue, ClassUpdateInformationInRegistry, ClassInitializeMediaChangeDetection, ClassDeleteSrbLookasideList, ClassGetDeviceParameter, ClassReadDriveCapacity, ClassSignalCompletion, ClassNotifyFailurePredicted, ClassSetFailurePredictionPoll, ClassWmiCompleteRequest, ClassReleaseQueue, ClassInterpretSenseInfo, ClassSpinDownPowerHandler, ClassInitialize, ClassInitializeEx, ClassDeviceControl, ClassClaimDevice, ClassCreateDeviceObject, ClassSendDeviceIoControlSynchronous, ClassSetDeviceParameter, ClassModeSense, ClassFindModePage, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassSendSrbSynchronous, ClassIoComplete, ClassReleaseRemoveLock, ClassCompleteRequest, ClassInitializeSrbLookasideList<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: PnP Disk Driver<BR>original name: disk.sys<BR>internal name: disk.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 53736 bytes

MD5...: 5d4aefc3386920236a548271f8f1af6a

SHA1..: 8d8d86438c4c6a76b4238ba09dd4d207c618643a

SHA256: 11b74d6800ec6f7aaefb0b6a9f2e8376c7c3b8db677f03ac3743cb004ca96b08

ssdeep: 1536:JS/Lz3In749RZHnh3aQIGadqaL+Ebx1RUE2O:oL0749RmQtajbx1RsO<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xdbbc<BR>timedatestamp.....: 0x49e01ef2 (Sat Apr 11 04:39:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23da 0x2400 6.33 b88c4b94ccd59941c45c53d912164a7f<BR>.rdata 0x4000 0x5b5 0x600 4.22 36a926a33b7223ab632c6e9a468761ba<BR>.data 0x5000 0x148 0x200 2.41 439ca755095ec54f46e1a9a88452b3dd<BR>PAGE 0x6000 0x5798 0x5800 6.40 9e4fd9606bcd8f409c9f91e058c85e51<BR>PAGE 0xc000 0x150 0x200 1.89 a1db41b8f4f07e71cdf35efd57f32c72<BR>INIT 0xd000 0x173a 0x1800 6.11 09cc427c79be0b723c19e4a8a404cbaa<BR>.rsrc 0xf000 0x3e0 0x400 3.29 2a5fc9cfec830d81ca0d3386393a7f00<BR>.reloc 0x10000 0x97a 0xa00 6.23 c0fefbdcd2e3c3fd1c684ebbf205563a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: IoDeleteDevice, IoAttachDeviceToDeviceStack, ZwClose, ZwMakeTemporaryObject, ZwCreateDirectoryObject, IoRegisterBootDriverReinitialization, IoFreeIrp, IoFreeMdl, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, MmBuildMdlForNonPagedPool, IoAllocateMdl, ZwQueryValueKey, RtlUnicodeStringToInteger, IoReadDiskSignature, IoBuildDeviceIoControlRequest, _vsnprintf, IoGetConfigurationInformation, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, IoCreateSymbolicLink, IoDeleteSymbolicLink, RtlFreeUnicodeString, IoSetDeviceInterfaceState, KeInitializeMutex, InitSafeBootMode, IoRegisterDeviceInterface, HalExamineMBR, KeTickCount, KeBugCheckEx, IoAllocateWorkItem, IoReportTargetDeviceChangeAsynchronous, IoQueueWorkItem, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, ObfDereferenceObject, memmove, IoInvalidateDeviceRelations, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, IoAllocateIrp, _allshr, IoFreeWorkItem, KeWaitForSingleObject, KeReleaseMutex, KeSetEvent, strncmp, IoSetHardErrorOrVerifyDevice, IoRegisterDriverReinitialization, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, ZwOpenKey, _vsnwprintf<BR>> HAL.dll: KeGetCurrentIrql<BR>> CLASSPNP.SYS: ClassScanForSpecial, ClassQueryTimeOutRegistryValue, ClassUpdateInformationInRegistry, ClassInitializeMediaChangeDetection, ClassDeleteSrbLookasideList, ClassGetDeviceParameter, ClassReadDriveCapacity, ClassSignalCompletion, ClassNotifyFailurePredicted, ClassSetFailurePredictionPoll, ClassWmiCompleteRequest, ClassReleaseQueue, ClassInterpretSenseInfo, ClassSpinDownPowerHandler, ClassInitialize, ClassInitializeEx, ClassDeviceControl, ClassClaimDevice, ClassCreateDeviceObject, ClassSendDeviceIoControlSynchronous, ClassSetDeviceParameter, ClassModeSense, ClassFindModePage, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassSendSrbSynchronous, ClassIoComplete, ClassReleaseRemoveLock, ClassCompleteRequest, ClassInitializeSrbLookasideList<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: PnP Disk Driver<BR>original name: disk.sys<BR>internal name: disk.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Maheva Member

Maheva

Posté(e)
  • Auteur
Posté(e)

Celui de acpi.sys

 

 

Fichier acpi.sys reçu le 2009.12.13 10:04:11 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 265688 bytes

MD5...: 82b296ae1892fe3dbee00c9cf92f8ac7

SHA1..: 5f12aadb1494122d18de6655bb81792228d914a2

SHA256: 54b22ba63e1da616b546992141b0c3117ba057283b8f60cb9bece203661febf3

ssdeep: 3072:SZd3mZrVdKVW+V1tPK53DuqV21+qEcPxMHZjslIKomFfdsPE0TqZezq6O8p<BR>kYLGk:S3W5X7xu6GEYe5jBKomFis0T6KOAGhYl<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3d490<BR>timedatestamp.....: 0x49e01a37 (Sat Apr 11 04:19:03 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23af7 0x23c00 6.55 650de87dfdb2933e54e20f5a802db3a5<BR>.rdata 0x25000 0x1aad 0x1c00 5.55 7f6ccc9b1d7ad8b122fb636df9bdbee8<BR>.data 0x27000 0x3534 0x2000 3.75 725ee92f4c76e3a02773d53255d97dc4<BR>PAGE 0x2b000 0xfa5e 0xfc00 6.60 bea557dc0ffaac3a1e9755c5bd2d2964<BR>.edata 0x3b000 0x77 0x200 1.51 2a8c66c6d954c56804ce2bd4d6e4254b<BR>PAGE 0x3c000 0x4cc 0x600 3.51 79129a22e6468918be484deae17e1b2e<BR>INIT 0x3d000 0x17be 0x1800 5.97 2d22256336395421100d52b1fc4cd23e<BR>.rsrc 0x3f000 0x2160 0x2200 4.17 9c7b3e1fcef6716a3e86a910801dbfa0<BR>.reloc 0x42000 0x309a 0x3200 6.56 9984b4a477e2b300f0d7d4e53ff9680a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: InterlockedCompareExchange, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoInvalidateDeviceRelations, IoRequestDeviceEject, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, strstr, IoGetAttachedDeviceReference, InterlockedPopEntrySList, InterlockedPushEntrySList, KeWaitForSingleObject, KeInitializeEvent, ExfInterlockedInsertTailList, EmClientRuleEvaluate, IofCompleteRequest, IoInvalidateDeviceState, RtlCompareMemory, ObReferenceObjectByPointer, ObfDereferenceObject, ObReferenceObjectByHandle, PoRequestPowerIrp, ExQueueWorkItem, ZwClose, PsCreateSystemThread, IoReleaseCancelSpinLock, InterlockedExchange, KeQuerySystemTime, _strtoui64, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IofCallDriver, IoBuildSynchronousFsdRequest, IoSetDependency, IoDuplicateDependency, PoStartNextPowerIrp, PoSetPowerState, IoAcquireCancelSpinLock, KdEnableDebugger, KdDisableDebugger, PoCallDriver, PoSetSystemWake, ExDeleteNPagedLookasideList, IoDetachDevice, MmUnlockPagableImageSection, MmLockPagableDataSection, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, RtlIntegerToUnicodeString, EmProviderRegister, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsstr, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, EmClientQueryRuleState, KeInsertQueueDpc, ZwSetSystemInformation, IoSetDeviceInterfaceState, RtlAddRange, ExfInterlockedCompareExchange64, IoSetDevicePropertyData, IoGetDevicePropertyData, ExRegisterCallback, ExCreateCallback, _strupr, MmMapIoSpace, RtlEqualUnicodeString, MmGetPhysicalAddress, HeadlessDispatch, PoShutdownBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeRevertToUserAffinityThread, KeTickCount, KeQueryTimeIncrement, KeSetSystemAffinityThread, READ_REGISTER_UCHAR, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, RtlDeleteRange, RtlFindRange, KeStartDynamicProcessor, RtlIoEncodeMemIoResource, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, RtlUnicodeStringToInteger, ZwEnumerateKey, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, MmUnmapIoSpace, RtlFindLeastSignificantBit, IoWMIRegistrationControl, IoWMIWriteEvent, KeClearEvent, EtwRegister, EtwWrite, EtwEventEnabled, ObfReferenceObject, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, RtlInvertRangeList, RtlIsRangeAvailable, InterlockedDecrement, InterlockedIncrement, RtlCmDecodeMemIoResource, _aulldiv, RtlIoDecodeMemIoResource, memcpy, memmove, KeSetEvent, memset, RtlCopyUnicodeString, KeInitializeTimer, ExInitializeNPagedLookasideList, HalDispatchTable, ExAllocatePoolWithTag, RtlFreeRangeList, KeQueryActiveProcessors, RtlInitializeRangeList, ExUnregisterCallback, ExNotifyCallback, DbgBreakPoint, READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, KeQueryInterruptTime, HalPrivateDispatchTable, InitSafeBootMode, RtlGetNextRange, RtlGetFirstRange, RtlInvertRangeListEx, RtlCopyRangeList, KeRegisterProcessorChangeCallback, RtlQueryRegistryValues, RtlDeleteOwnersRanges, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoGetDeviceProperty, RtlAnsiCharToUnicodeChar, RtlUnicodeToMultiByteN, DbgPrint, ExFreePoolWithTag, ZwPowerInformation, KeBugCheckEx, KeInitializeDpc, IoRegisterDeviceInterface, IoConnectInterruptEx<BR>> HAL.dll: HalGetInterruptTargetInformation, HalConvertDeviceIdtToIrql, WRITE_PORT_ULONG, READ_PORT_ULONG, KeFlushWriteBuffer, HalGetProcessorIdByNtNumber, WRITE_PORT_USHORT, READ_PORT_USHORT, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalSetBusDataByOffset, HalGetBusDataByOffset, KdComPortInUse, WRITE_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_UCHAR, KeQueryPerformanceCounter, KfAcquireSpinLock, KfReleaseSpinLock, HalGetMessageRoutingInfo<BR>> WMILIB.SYS: WmiCompleteRequest, WmiSystemControl<BR><BR>( 2 exports ) <BR>DeRegisterOpRegionHandler, RegisterOpRegionHandler<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Win64 Executable Generic (87.2%)<BR>Win32 Executable Generic (8.6%)<BR>Generic Win/DOS Executable (2.0%)<BR>DOS Executable Generic (2.0%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: ACPI Driver for NT<BR>original name: ACPI.sys<BR>internal name: ACPI.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.12 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 265688 bytes

MD5...: 82b296ae1892fe3dbee00c9cf92f8ac7

SHA1..: 5f12aadb1494122d18de6655bb81792228d914a2

SHA256: 54b22ba63e1da616b546992141b0c3117ba057283b8f60cb9bece203661febf3

ssdeep: 3072:SZd3mZrVdKVW+V1tPK53DuqV21+qEcPxMHZjslIKomFfdsPE0TqZezq6O8p<BR>kYLGk:S3W5X7xu6GEYe5jBKomFis0T6KOAGhYl<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3d490<BR>timedatestamp.....: 0x49e01a37 (Sat Apr 11 04:19:03 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23af7 0x23c00 6.55 650de87dfdb2933e54e20f5a802db3a5<BR>.rdata 0x25000 0x1aad 0x1c00 5.55 7f6ccc9b1d7ad8b122fb636df9bdbee8<BR>.data 0x27000 0x3534 0x2000 3.75 725ee92f4c76e3a02773d53255d97dc4<BR>PAGE 0x2b000 0xfa5e 0xfc00 6.60 bea557dc0ffaac3a1e9755c5bd2d2964<BR>.edata 0x3b000 0x77 0x200 1.51 2a8c66c6d954c56804ce2bd4d6e4254b<BR>PAGE 0x3c000 0x4cc 0x600 3.51 79129a22e6468918be484deae17e1b2e<BR>INIT 0x3d000 0x17be 0x1800 5.97 2d22256336395421100d52b1fc4cd23e<BR>.rsrc 0x3f000 0x2160 0x2200 4.17 9c7b3e1fcef6716a3e86a910801dbfa0<BR>.reloc 0x42000 0x309a 0x3200 6.56 9984b4a477e2b300f0d7d4e53ff9680a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: InterlockedCompareExchange, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoInvalidateDeviceRelations, IoRequestDeviceEject, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, strstr, IoGetAttachedDeviceReference, InterlockedPopEntrySList, InterlockedPushEntrySList, KeWaitForSingleObject, KeInitializeEvent, ExfInterlockedInsertTailList, EmClientRuleEvaluate, IofCompleteRequest, IoInvalidateDeviceState, RtlCompareMemory, ObReferenceObjectByPointer, ObfDereferenceObject, ObReferenceObjectByHandle, PoRequestPowerIrp, ExQueueWorkItem, ZwClose, PsCreateSystemThread, IoReleaseCancelSpinLock, InterlockedExchange, KeQuerySystemTime, _strtoui64, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IofCallDriver, IoBuildSynchronousFsdRequest, IoSetDependency, IoDuplicateDependency, PoStartNextPowerIrp, PoSetPowerState, IoAcquireCancelSpinLock, KdEnableDebugger, KdDisableDebugger, PoCallDriver, PoSetSystemWake, ExDeleteNPagedLookasideList, IoDetachDevice, MmUnlockPagableImageSection, MmLockPagableDataSection, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, RtlIntegerToUnicodeString, EmProviderRegister, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsstr, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, EmClientQueryRuleState, KeInsertQueueDpc, ZwSetSystemInformation, IoSetDeviceInterfaceState, RtlAddRange, ExfInterlockedCompareExchange64, IoSetDevicePropertyData, IoGetDevicePropertyData, ExRegisterCallback, ExCreateCallback, _strupr, MmMapIoSpace, RtlEqualUnicodeString, MmGetPhysicalAddress, HeadlessDispatch, PoShutdownBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeRevertToUserAffinityThread, KeTickCount, KeQueryTimeIncrement, KeSetSystemAffinityThread, READ_REGISTER_UCHAR, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, RtlDeleteRange, RtlFindRange, KeStartDynamicProcessor, RtlIoEncodeMemIoResource, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, RtlUnicodeStringToInteger, ZwEnumerateKey, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, MmUnmapIoSpace, RtlFindLeastSignificantBit, IoWMIRegistrationControl, IoWMIWriteEvent, KeClearEvent, EtwRegister, EtwWrite, EtwEventEnabled, ObfReferenceObject, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, RtlInvertRangeList, RtlIsRangeAvailable, InterlockedDecrement, InterlockedIncrement, RtlCmDecodeMemIoResource, _aulldiv, RtlIoDecodeMemIoResource, memcpy, memmove, KeSetEvent, memset, RtlCopyUnicodeString, KeInitializeTimer, ExInitializeNPagedLookasideList, HalDispatchTable, ExAllocatePoolWithTag, RtlFreeRangeList, KeQueryActiveProcessors, RtlInitializeRangeList, ExUnregisterCallback, ExNotifyCallback, DbgBreakPoint, READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, KeQueryInterruptTime, HalPrivateDispatchTable, InitSafeBootMode, RtlGetNextRange, RtlGetFirstRange, RtlInvertRangeListEx, RtlCopyRangeList, KeRegisterProcessorChangeCallback, RtlQueryRegistryValues, RtlDeleteOwnersRanges, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoGetDeviceProperty, RtlAnsiCharToUnicodeChar, RtlUnicodeToMultiByteN, DbgPrint, ExFreePoolWithTag, ZwPowerInformation, KeBugCheckEx, KeInitializeDpc, IoRegisterDeviceInterface, IoConnectInterruptEx<BR>> HAL.dll: HalGetInterruptTargetInformation, HalConvertDeviceIdtToIrql, WRITE_PORT_ULONG, READ_PORT_ULONG, KeFlushWriteBuffer, HalGetProcessorIdByNtNumber, WRITE_PORT_USHORT, READ_PORT_USHORT, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalSetBusDataByOffset, HalGetBusDataByOffset, KdComPortInUse, WRITE_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_UCHAR, KeQueryPerformanceCounter, KfAcquireSpinLock, KfReleaseSpinLock, HalGetMessageRoutingInfo<BR>> WMILIB.SYS: WmiCompleteRequest, WmiSystemControl<BR><BR>( 2 exports ) <BR>DeRegisterOpRegionHandler, RegisterOpRegionHandler<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Win64 Executable Generic (87.2%)<BR>Win32 Executable Generic (8.6%)<BR>Generic Win/DOS Executable (2.0%)<BR>DOS Executable Generic (2.0%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: ACPI Driver for NT<BR>original name: ACPI.sys<BR>internal name: ACPI.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Maheva Member

Maheva

Posté(e)
  • Auteur
Posté(e)

Celui de halmacpi.dll

 

 

Fichier halmacpi.dll reçu le 2009.12.13 10:12:53 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.13 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 177128 bytes

MD5...: b8d52005181a15d7d1470cbf2af214dd

SHA1..: 5be37b8e2cdf4cea334d0070ecf0421b08936732

SHA256: b6d9de353b13e61eaccdc41eb73043919b7f3cb232756233f0d732071023afe8

ssdeep: 3072:0cO3wEqEyxFOY1lHgpm7p7QmNNxQuUaWf+tE6zPPZJnifFxV1DIs:0ctd6Y<BR>1lz7vbWfQP2fTIs<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x0<BR>timedatestamp.....: 0x49e018d9 (Sat Apr 11 04:13:13 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 12 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x15494 0x15600 6.73 0bfa8446e3ab601ba8e0e91eb3d85139<BR>_PAGELK 0x17000 0x150b 0x1600 5.90 20e6fcbff686f899aba43894f3ec8f4c<BR>.data 0x19000 0x3ca3 0xc00 3.01 f687241e14db8ff585f12b28b8e34cf3<BR>INITDAT 0x1d000 0x1e0 0x200 2.79 72f4d24ad8699caa32b7a3fe1c89f685<BR>PAGELK 0x1e000 0x4416 0x4600 6.65 ad808b3f165155d0865ef7f98317518a<BR>PAGELK16 0x23000 0x82 0x200 1.61 5fe7505eff85308dbc158fb8dc2cc406<BR>PAGE 0x24000 0x2b44 0x2c00 6.55 ce9839e32fc0280ffbb4f99f46db62cb<BR>PAGEKD 0x27000 0x2518 0x2600 6.43 ce9ceb21bdbbd6bc16fc40688eae88ea<BR>.edata 0x2a000 0xecb 0x1000 5.43 d3d253b515907048894c940570cc1783<BR>INIT 0x2b000 0x42a6 0x4400 6.37 9aaca8bf779ccf95b2085b02c3f5a5eb<BR>.rsrc 0x30000 0x410 0x600 2.49 0b783164b370415d24915802dd619b79<BR>.reloc 0x31000 0x1fde 0x2000 6.46 595347ec37d66061f4cd46492d50ea51<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: KiIpiServiceRoutine, KeProfileInterrupt, KeUpdateRunTime, KeWaitForSingleObject, RtlMoveMemory, IoAllocateAdapterChannel, ObCreateObject, MmAllocateMappingAddress, MmUnmapReservedMapping, MmMapLockedPagesWithReservedMapping, memcpy, MmMapLockedPagesSpecifyCache, MmGetPhysicalAddress, MmAllocateContiguousMemorySpecifyCache, MmFreeContiguousMemory, RtlFindClearBitsAndSet, KeRemoveDeviceQueue, RtlClearBits, ObfDereferenceObject, Mm64BitPhysicalAddress, IoFreeMdl, IoAllocateMdl, MmUnlockPagableImageSection, MmLockPagableDataSection, MmMapIoSpace, ExAllocatePoolWithTag, RtlSetAllBits, RtlInitializeBitMap, KeInitializeDeviceQueue, ZwClose, ObInsertObject, ObReferenceObjectByPointer, IoAdapterObjectType, memset, KeSetEvent, ExFreePoolWithTag, MmUnmapLockedPages, RtlSetBits, IoRegisterPlugPlayNotification, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoGetDeviceInterfaces, _allshr, ExQueueWorkItem, KeInsertDeviceQueue, RtlCompareMemory, ExiAcquireFastMutex, ExiReleaseFastMutex, KeQuerySystemTime, WheaReportHwError, WheaGetErrorSource, KeRevertToUserAffinityThread, KeSetSystemAffinityThread, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQueryActiveProcessors, KeSetTimerEx, KeInitializeMutex, KeInitializeTimerEx, KeInitializeDpc, _allmul, ZwQueryValueKey, ZwOpenKey, KiDispatchInterrupt, KiDeliverApc, KiCheckForSListAddress, MmUnmapIoSpace, EmpProviderRegister, DbgPrint, KeFindConfigurationNextEntry, KeFindConfigurationEntry, strncmp, RtlEqualString, RtlInitString, ZwEnumerateValueKey, PsChargeProcessCpuCycles, ZwSetValueKey, ZwCreateKey, InbvDisplayString, IoAssignDriveLetters, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, _stricmp, InbvCheckDisplayOwnership, KiBugCheckData, WRITE_REGISTER_UCHAR, InbvAcquireDisplayOwnership, EtwWrite, EtwEventEnabled, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _aulldiv, KeSetTimeIncrement, HalPrivateDispatchTable, _vsnwprintf, RtlFindLeastSignificantBit, _wcsicmp, KeRevertToUserAffinityThreadEx, KeSetSystemAffinityThreadEx, MmLockPagableSectionByHandle, KeEnterKernelDebugger, KdDebuggerEnabled, KdDebuggerNotPresent, InbvSetScrollRegion, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvSetTextColor, InbvSolidColorFill, InbvResetDisplay, InbvIsBootDriverInstalled, RtlIntegerToUnicodeString, RtlClearAllBits, RtlAreBitsClear, RtlFindNextForwardRunClear, RtlFindFirstRunClear, RtlTestBit, IoGetStackLimits, PoSetFixedWakeSource, RtlTimeFieldsToTime, RtlTimeToTimeFields, DbgPrintEx, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, EtwRegister, MmIsVerifierEnabled, IofCompleteRequest, PoStartNextPowerIrp, ObfReferenceObject, IoReportDetectedDevice, IoCreateDriver, MmAllocateContiguousMemory, PoSetHiberRange, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, ExReleaseSpinLockShared, ExAcquireSpinLockShared, ExReleaseSpinLockExclusive, ExAcquireSpinLockExclusive, IoReportHalResourceUsage, ZwPowerInformation, ExRegisterCallback, ExCreateCallback, HalDispatchTable, KeQueryTimeIncrement, KeTickCount, _alldiv, atoi, strstr, WheaRegisterErrSrcInitializer, ZwQueryLicenseValue, KeRegisterBugCheckCallback, KeSetProfileIrql, PsGetCurrentProcessId, _allshl, EmClientQueryRuleState, Kei386EoiHelper, KeUpdateSystemTime, KeSaveStateForHibernate, KeBugCheckEx, ZwQueryKey, DbgBreakPoint, ZwDeleteValueKey, _aulldvrm, _alldvrm, RtlUnwind<BR>> KDCOM.dll: KdRestore<BR>> PSHED.dll: PshedRetrieveErrorInfo, PshedIsSystemWheaEnabled, PshedGetErrorSourceInfo<BR><BR>( 113 exports ) <BR>ExAcquireFastMutex, ExReleaseFastMutex, ExTryToAcquireFastMutex, HalAcquireDisplayOwnership, HalAdjustResourceList, HalAllProcessorsStarted, HalAllocateAdapterChannel, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalAssignSlotResources, HalBeginSystemInterrupt, HalBugCheckSystem, HalCalibratePerformanceCounter, HalClearSoftwareInterrupt, HalConvertDeviceIdtToIrql, HalDisableInterrupt, HalDisplayString, HalEnableInterrupt, HalEndSystemInterrupt, HalEnumerateEnvironmentVariablesEx, HalFlushCommonBuffer, HalFreeCommonBuffer, HalGetAdapter, HalGetBusData, HalGetBusDataByOffset, HalGetEnvironmentVariable, HalGetEnvironmentVariableEx, HalGetInterruptTargetInformation, HalGetInterruptVector, HalGetMessageRoutingInfo, HalGetProcessorIdByNtNumber, HalGetVectorInput, HalHandleNMI, HalInitSystem, HalInitializeBios, HalInitializeOnResume, HalInitializeProcessor, HalMakeBeep, HalProcessorIdle, HalQueryDisplayParameters, HalQueryEnvironmentVariableInfoEx, HalQueryMaximumProcessorCount, HalQueryRealTimeClock, HalReadDmaCounter, HalRegisterDynamicProcessor, HalRegisterErrataCallbacks, HalReportResourceUsage, HalRequestIpi, HalRequestSoftwareInterrupt, HalReturnToFirmware, HalSetBusData, HalSetBusDataByOffset, HalSetDisplayParameters, HalSetEnvironmentVariable, HalSetEnvironmentVariableEx, HalSetProfileInterval, HalSetRealTimeClock, HalSetTimeIncrement, HalStartDynamicProcessor, HalStartNextProcessor, HalStartProfileInterrupt, HalStopProfileInterrupt, HalSystemVectorDispatchEntry, HalTranslateBusAddress, IoAssignDriveLetters, IoFlushAdapterBuffers, IoFreeAdapterChannel, IoFreeMapRegisters, IoMapTransfer, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, KdComPortInUse, KeAcquireInStackQueuedSpinLock, KeAcquireInStackQueuedSpinLockRaiseToSynch, KeAcquireQueuedSpinLock, KeAcquireQueuedSpinLockRaiseToSynch, KeAcquireSpinLock, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, KeGetCurrentIrql, KeLowerIrql, KeQueryPerformanceCounter, KeRaiseIrql, KeRaiseIrqlToDpcLevel, KeRaiseIrqlToSynchLevel, KeReleaseInStackQueuedSpinLock, KeReleaseQueuedSpinLock, KeReleaseSpinLock, KeStallExecutionProcessor, KeTryToAcquireQueuedSpinLock, KeTryToAcquireQueuedSpinLockRaiseToSynch, KfAcquireSpinLock, KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock, READ_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_ULONG, READ_PORT_BUFFER_USHORT, READ_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, WRITE_PORT_BUFFER_UCHAR, WRITE_PORT_BUFFER_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR, WRITE_PORT_ULONG, WRITE_PORT_USHORT, x86BiosAllocateBuffer, x86BiosCall, x86BiosFreeBuffer, x86BiosReadMemory, x86BiosWriteMemory<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Windows Screen Saver (51.1%)<BR>Win32 Executable Generic (33.2%)<BR>Generic Win/DOS Executable (7.8%)<BR>DOS Executable Generic (7.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Hardware Abstraction Layer DLL<BR>original name: halmacpi.dll<BR>internal name: halmacpi.dll<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.43 2009.12.13 -

AhnLab-V3 5.0.0.2 2009.12.12 -

AntiVir 7.9.1.108 2009.12.11 -

Antiy-AVL 2.0.3.7 2009.12.11 -

Authentium 5.2.0.5 2009.12.02 -

Avast 4.8.1351.0 2009.12.12 -

AVG 8.5.0.427 2009.12.13 -

BitDefender 7.2 2009.12.13 -

CAT-QuickHeal 10.00 2009.12.12 -

ClamAV 0.94.1 2009.12.13 -

Comodo 3226 2009.12.13 -

DrWeb 5.0.0.12182 2009.12.13 -

eSafe 7.0.17.0 2009.12.10 -

eTrust-Vet 35.1.7171 2009.12.11 -

F-Prot 4.5.1.85 2009.12.12 -

F-Secure 9.0.15370.0 2009.12.13 -

Fortinet 4.0.14.0 2009.12.13 -

GData 19 2009.12.13 -

Ikarus T3.1.1.74.0 2009.12.13 -

Jiangmin 13.0.900 2009.12.13 -

K7AntiVirus 7.10.918 2009.12.11 -

Kaspersky 7.0.0.125 2009.12.13 -

McAfee 5830 2009.12.12 -

McAfee+Artemis 5830 2009.12.12 -

McAfee-GW-Edition 6.8.5 2009.12.13 -

Microsoft 1.5302 2009.12.13 -

NOD32 4682 2009.12.12 -

Norman 6.04.03 2009.12.12 -

nProtect 2009.1.8.0 2009.12.13 -

Panda 10.0.2.2 2009.12.12 -

PCTools 7.0.3.5 2009.12.12 -

Prevx 3.0 2009.12.13 -

Rising 22.25.06.05 2009.12.13 -

Sophos 4.48.0 2009.12.13 -

Sunbelt 3.2.1858.2 2009.12.13 -

Symantec 1.4.4.12 2009.12.13 -

TheHacker 6.5.0.2.092 2009.12.12 -

TrendMicro 9.100.0.1001 2009.12.13 -

VBA32 3.12.12.0 2009.12.12 -

ViRobot 2009.12.12.2085 2009.12.12 -

VirusBuster 5.0.21.0 2009.12.12 -

 

Information additionnelle

File size: 177128 bytes

MD5...: b8d52005181a15d7d1470cbf2af214dd

SHA1..: 5be37b8e2cdf4cea334d0070ecf0421b08936732

SHA256: b6d9de353b13e61eaccdc41eb73043919b7f3cb232756233f0d732071023afe8

ssdeep: 3072:0cO3wEqEyxFOY1lHgpm7p7QmNNxQuUaWf+tE6zPPZJnifFxV1DIs:0ctd6Y<BR>1lz7vbWfQP2fTIs<BR>

PEiD..: -

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x0<BR>timedatestamp.....: 0x49e018d9 (Sat Apr 11 04:13:13 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 12 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x15494 0x15600 6.73 0bfa8446e3ab601ba8e0e91eb3d85139<BR>_PAGELK 0x17000 0x150b 0x1600 5.90 20e6fcbff686f899aba43894f3ec8f4c<BR>.data 0x19000 0x3ca3 0xc00 3.01 f687241e14db8ff585f12b28b8e34cf3<BR>INITDAT 0x1d000 0x1e0 0x200 2.79 72f4d24ad8699caa32b7a3fe1c89f685<BR>PAGELK 0x1e000 0x4416 0x4600 6.65 ad808b3f165155d0865ef7f98317518a<BR>PAGELK16 0x23000 0x82 0x200 1.61 5fe7505eff85308dbc158fb8dc2cc406<BR>PAGE 0x24000 0x2b44 0x2c00 6.55 ce9839e32fc0280ffbb4f99f46db62cb<BR>PAGEKD 0x27000 0x2518 0x2600 6.43 ce9ceb21bdbbd6bc16fc40688eae88ea<BR>.edata 0x2a000 0xecb 0x1000 5.43 d3d253b515907048894c940570cc1783<BR>INIT 0x2b000 0x42a6 0x4400 6.37 9aaca8bf779ccf95b2085b02c3f5a5eb<BR>.rsrc 0x30000 0x410 0x600 2.49 0b783164b370415d24915802dd619b79<BR>.reloc 0x31000 0x1fde 0x2000 6.46 595347ec37d66061f4cd46492d50ea51<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: KiIpiServiceRoutine, KeProfileInterrupt, KeUpdateRunTime, KeWaitForSingleObject, RtlMoveMemory, IoAllocateAdapterChannel, ObCreateObject, MmAllocateMappingAddress, MmUnmapReservedMapping, MmMapLockedPagesWithReservedMapping, memcpy, MmMapLockedPagesSpecifyCache, MmGetPhysicalAddress, MmAllocateContiguousMemorySpecifyCache, MmFreeContiguousMemory, RtlFindClearBitsAndSet, KeRemoveDeviceQueue, RtlClearBits, ObfDereferenceObject, Mm64BitPhysicalAddress, IoFreeMdl, IoAllocateMdl, MmUnlockPagableImageSection, MmLockPagableDataSection, MmMapIoSpace, ExAllocatePoolWithTag, RtlSetAllBits, RtlInitializeBitMap, KeInitializeDeviceQueue, ZwClose, ObInsertObject, ObReferenceObjectByPointer, IoAdapterObjectType, memset, KeSetEvent, ExFreePoolWithTag, MmUnmapLockedPages, RtlSetBits, IoRegisterPlugPlayNotification, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoGetDeviceInterfaces, _allshr, ExQueueWorkItem, KeInsertDeviceQueue, RtlCompareMemory, ExiAcquireFastMutex, ExiReleaseFastMutex, KeQuerySystemTime, WheaReportHwError, WheaGetErrorSource, KeRevertToUserAffinityThread, KeSetSystemAffinityThread, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQueryActiveProcessors, KeSetTimerEx, KeInitializeMutex, KeInitializeTimerEx, KeInitializeDpc, _allmul, ZwQueryValueKey, ZwOpenKey, KiDispatchInterrupt, KiDeliverApc, KiCheckForSListAddress, MmUnmapIoSpace, EmpProviderRegister, DbgPrint, KeFindConfigurationNextEntry, KeFindConfigurationEntry, strncmp, RtlEqualString, RtlInitString, ZwEnumerateValueKey, PsChargeProcessCpuCycles, ZwSetValueKey, ZwCreateKey, InbvDisplayString, IoAssignDriveLetters, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, _stricmp, InbvCheckDisplayOwnership, KiBugCheckData, WRITE_REGISTER_UCHAR, InbvAcquireDisplayOwnership, EtwWrite, EtwEventEnabled, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _aulldiv, KeSetTimeIncrement, HalPrivateDispatchTable, _vsnwprintf, RtlFindLeastSignificantBit, _wcsicmp, KeRevertToUserAffinityThreadEx, KeSetSystemAffinityThreadEx, MmLockPagableSectionByHandle, KeEnterKernelDebugger, KdDebuggerEnabled, KdDebuggerNotPresent, InbvSetScrollRegion, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvSetTextColor, InbvSolidColorFill, InbvResetDisplay, InbvIsBootDriverInstalled, RtlIntegerToUnicodeString, RtlClearAllBits, RtlAreBitsClear, RtlFindNextForwardRunClear, RtlFindFirstRunClear, RtlTestBit, IoGetStackLimits, PoSetFixedWakeSource, RtlTimeFieldsToTime, RtlTimeToTimeFields, DbgPrintEx, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, EtwRegister, MmIsVerifierEnabled, IofCompleteRequest, PoStartNextPowerIrp, ObfReferenceObject, IoReportDetectedDevice, IoCreateDriver, MmAllocateContiguousMemory, PoSetHiberRange, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, ExReleaseSpinLockShared, ExAcquireSpinLockShared, ExReleaseSpinLockExclusive, ExAcquireSpinLockExclusive, IoReportHalResourceUsage, ZwPowerInformation, ExRegisterCallback, ExCreateCallback, HalDispatchTable, KeQueryTimeIncrement, KeTickCount, _alldiv, atoi, strstr, WheaRegisterErrSrcInitializer, ZwQueryLicenseValue, KeRegisterBugCheckCallback, KeSetProfileIrql, PsGetCurrentProcessId, _allshl, EmClientQueryRuleState, Kei386EoiHelper, KeUpdateSystemTime, KeSaveStateForHibernate, KeBugCheckEx, ZwQueryKey, DbgBreakPoint, ZwDeleteValueKey, _aulldvrm, _alldvrm, RtlUnwind<BR>> KDCOM.dll: KdRestore<BR>> PSHED.dll: PshedRetrieveErrorInfo, PshedIsSystemWheaEnabled, PshedGetErrorSourceInfo<BR><BR>( 113 exports ) <BR>ExAcquireFastMutex, ExReleaseFastMutex, ExTryToAcquireFastMutex, HalAcquireDisplayOwnership, HalAdjustResourceList, HalAllProcessorsStarted, HalAllocateAdapterChannel, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalAssignSlotResources, HalBeginSystemInterrupt, HalBugCheckSystem, HalCalibratePerformanceCounter, HalClearSoftwareInterrupt, HalConvertDeviceIdtToIrql, HalDisableInterrupt, HalDisplayString, HalEnableInterrupt, HalEndSystemInterrupt, HalEnumerateEnvironmentVariablesEx, HalFlushCommonBuffer, HalFreeCommonBuffer, HalGetAdapter, HalGetBusData, HalGetBusDataByOffset, HalGetEnvironmentVariable, HalGetEnvironmentVariableEx, HalGetInterruptTargetInformation, HalGetInterruptVector, HalGetMessageRoutingInfo, HalGetProcessorIdByNtNumber, HalGetVectorInput, HalHandleNMI, HalInitSystem, HalInitializeBios, HalInitializeOnResume, HalInitializeProcessor, HalMakeBeep, HalProcessorIdle, HalQueryDisplayParameters, HalQueryEnvironmentVariableInfoEx, HalQueryMaximumProcessorCount, HalQueryRealTimeClock, HalReadDmaCounter, HalRegisterDynamicProcessor, HalRegisterErrataCallbacks, HalReportResourceUsage, HalRequestIpi, HalRequestSoftwareInterrupt, HalReturnToFirmware, HalSetBusData, HalSetBusDataByOffset, HalSetDisplayParameters, HalSetEnvironmentVariable, HalSetEnvironmentVariableEx, HalSetProfileInterval, HalSetRealTimeClock, HalSetTimeIncrement, HalStartDynamicProcessor, HalStartNextProcessor, HalStartProfileInterrupt, HalStopProfileInterrupt, HalSystemVectorDispatchEntry, HalTranslateBusAddress, IoAssignDriveLetters, IoFlushAdapterBuffers, IoFreeAdapterChannel, IoFreeMapRegisters, IoMapTransfer, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, KdComPortInUse, KeAcquireInStackQueuedSpinLock, KeAcquireInStackQueuedSpinLockRaiseToSynch, KeAcquireQueuedSpinLock, KeAcquireQueuedSpinLockRaiseToSynch, KeAcquireSpinLock, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, KeGetCurrentIrql, KeLowerIrql, KeQueryPerformanceCounter, KeRaiseIrql, KeRaiseIrqlToDpcLevel, KeRaiseIrqlToSynchLevel, KeReleaseInStackQueuedSpinLock, KeReleaseQueuedSpinLock, KeReleaseSpinLock, KeStallExecutionProcessor, KeTryToAcquireQueuedSpinLock, KeTryToAcquireQueuedSpinLockRaiseToSynch, KfAcquireSpinLock, KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock, READ_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_ULONG, READ_PORT_BUFFER_USHORT, READ_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, WRITE_PORT_BUFFER_UCHAR, WRITE_PORT_BUFFER_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR, WRITE_PORT_ULONG, WRITE_PORT_USHORT, x86BiosAllocateBuffer, x86BiosCall, x86BiosFreeBuffer, x86BiosReadMemory, x86BiosWriteMemory<BR>

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Windows Screen Saver (51.1%)<BR>Win32 Executable Generic (33.2%)<BR>Generic Win/DOS Executable (7.8%)<BR>DOS Executable Generic (7.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Hardware Abstraction Layer DLL<BR>original name: halmacpi.dll<BR>internal name: halmacpi.dll<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, ça c'est bien.

 

Télécharge MBR Rootkit Detector de gmer et enregistre-le sur le bureau.

 

Désactiver provisoirement les programmes de protection (antivirus, firewall,anti-spyware...)

 

Double-clique sur mbr.exe, une fenêtre d'invite de commande va s'ouvrir et se refermer,

- Un rapport sera généré : mbr.log.

 

Copie/colle le résultat de ce log dans ta réponse.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...