Portable infecté

[Massa]

Salut Falkra,

 

Je fais ce que tu as dit, mais ça été rapide et le rapport n'est pas long...

Ais-je bien tout fait comme il faut !!?

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/10 18:26

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF21C5000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79CF000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEEB86000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\HIBERFIL.SYS

Status: Locked to the Windows API!

 

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf7003f5e

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf7003f54

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf7003f63

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf7003f6d

 

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf7003f72

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf7003f40

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf7003f45

 

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf7003f7c

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf7003f77

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf7003f68

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0xf7003f4f

 

==EOF==

[Massa]

Slt Falkra,

 

Qu'en est-il de mon dernier rapport ? Est-ce OK ?

[Falkra]

Ce n'est pas normal, et rare.

 

Réessaie Gmer, relance, ne coche que processes et registry pour voir. Ce sera assez rapide.

[Massa]

J'ai relancé GMER avec coché Processes, Registry (le lecteur C et ADS sont restés coché !).

ça fait 30 min que j'ai en bas de la fenêtre: SYSTEM\ControlSet001\Services\ASP.NET\Performance

C'est encore bloqué

[Massa]

J'ai pu fermer GMER normalement avec le bouton stop.

J'ai confirmé que je voulais fermer GMER même si le scan n'était pas fini.

Le scan n'a pas avancé depuis mon précédent message.

Qu'est-ce que je peux faire ?

[Falkra]

Pas normal, ton affaire.

 

Télécharge une copie fraîche de combofix ici pour remplacer celle que tu as sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Refais une passe avec stp.

[Massa]

voici le rapport ComboFix.

Encore merci pour le temps consacré à mon problème

 

ComboFix 10-03-16.05 - Marie-pierre 17/03/2010 19:23:20.8.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\driVERs\ayuogkv.sys

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ayuogkv

-------\Service_ayuogkv

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-17 au 2010-03-17 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-17 18:11 . 2010-03-17 18:11 188789 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll

2010-03-17 17:40 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-10 06:49 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-10 06:49 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-03-10 06:49 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-03-10 06:49 . 2010-03-10 06:49 -------- d-----w- c:\program files\Avira

2010-03-10 06:49 . 2010-03-10 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-03-09 21:41 . 2010-03-09 21:41 -------- d-----w- C:\RootRepeal

2010-03-09 21:28 . 2010-03-09 21:28 -------- d-----w- C:\FOUND.035

2010-03-07 16:09 . 2010-03-07 16:09 -------- d-----w- C:\_OTM

2010-03-07 13:06 . 2010-03-07 13:06 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-23 19:50 . 2010-02-23 19:50 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-23 19:50 . 2010-02-23 19:50 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-20 08:35 3802016 ----a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2010-03-10 07:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-07 13:05 . 2010-03-07 13:05 20 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-03-04 20:35 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\tftp.exe

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-23 21:09 . 2006-05-23 15:29 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-23 19:51 . 2010-02-18 21:53 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-23 19:50 . 2010-02-18 21:53 150888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2010-02-23 19:50 . 2010-02-18 21:53 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-23 19:50 . 2010-02-18 21:53 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-23 19:50 . 2010-02-18 21:53 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-23 19:50 . 2010-02-18 21:53 735008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2010-02-23 19:50 . 2010-02-18 21:53 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-23 19:50 . 2010-02-18 21:53 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 09:08 . 2007-03-10 21:21 110592 ----a-w- c:\documents and settings\Marie-pierre\Application Data\U3\temp\cleanup.exe

2010-02-20 08:35 . 2008-10-01 18:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe

2010-02-20 08:35 . 2008-07-04 12:35 54632 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

2010-02-20 08:35 . 2007-05-17 17:31 21489968 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_web[1].exe

2010-02-20 08:35 . 2007-05-17 17:30 8704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

2010-02-20 08:35 . 2007-05-17 17:30 15872 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2010-02-20 08:35 . 2007-05-17 17:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

2010-02-18 21:53 . 2010-02-18 21:53 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-02-18 21:53 . 2010-02-18 21:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-02-18 21:53 . 2010-02-18 21:53 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-02-18 21:53 . 2010-02-18 21:53 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-18 21:53 . 2010-02-18 21:53 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-02-18 21:53 . 2010-02-18 21:53 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-10 108289]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2010-03-04 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

 

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-17 19:39

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(628)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2880)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\msiexec.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Heure de fin: 2010-03-17 19:57:06 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-17 18:56

ComboFix2.txt 2010-03-07 15:06

ComboFix3.txt 2010-03-07 00:25

ComboFix4.txt 2010-03-06 17:39

ComboFix5.txt 2010-03-17 18:21

 

Avant-CF: 26 457 145 344 octets libres

Après-CF: 26 420 969 472 octets libres

 

- - End Of File - - 1D809D3BA62C5495D06C8248D1357A6D

[Falkra]

Ca a bien bossé.

 

Rends toi sur ce lien : Virus Total

• Clique sur le bouton Parcourir...
  
• Copie colle ce chemin dans la boite de dialogue qui s'ouvre, ou parcours tes dossiers jusque à ce fichier, si tu le trouves :
  

• C:\windows\system32\dllcache\moviemk.exe
  

• Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  
• Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  
• Une nouvelle fenêtre de ton navigateur va apparaître
  
• Clique alors sur cette image :
  
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  
• Enfin colle le résultat dans ta prochaine réponse.
  NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
  

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

Tu peux avoir besoin d'afficher les fichiers cachés et masqués du système, temporairement.

[Massa]

voici le rapport Virus Total

 

 

Fichier moviemk.exe reçu le 2010.03.19 11:50:11 (UTC)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.03.19 -

AhnLab-V3 5.0.0.2 2010.03.19 -

AntiVir 8.2.1.194 2010.03.19 -

Antiy-AVL 2.0.3.7 2010.03.19 -

Authentium 5.2.0.5 2010.03.19 -

Avast 4.8.1351.0 2010.03.19 -

Avast5 5.0.332.0 2010.03.19 -

AVG 9.0.0.787 2010.03.18 -

BitDefender 7.2 2010.03.19 -

CAT-QuickHeal 10.00 2010.03.19 -

ClamAV 0.96.0.0-git 2010.03.19 -

Comodo 4316 2010.03.19 -

DrWeb 5.0.1.12222 2010.03.19 -

eSafe 7.0.17.0 2010.03.18 -

eTrust-Vet 35.2.7374 2010.03.19 -

F-Prot 4.5.1.85 2010.03.18 -

F-Secure 9.0.15370.0 2010.03.19 -

Fortinet 4.0.14.0 2010.03.19 -

GData 19 2010.03.19 -

Ikarus T3.1.1.80.0 2010.03.19 -

Jiangmin 13.0.900 2010.03.19 -

K7AntiVirus 7.10.1001 2010.03.18 -

Kaspersky 7.0.0.125 2010.03.19 -

McAfee 5924 2010.03.18 -

McAfee+Artemis 5924 2010.03.18 -

McAfee-GW-Edition 6.8.5 2010.03.19 -

Microsoft 1.5605 2010.03.19 -

NOD32 4957 2010.03.19 -

Norman 6.04.09 2010.03.19 -

nProtect 2009.1.8.0 2010.03.19 -

Panda 10.0.2.2 2010.03.18 -

PCTools 7.0.3.5 2010.03.19 -

Prevx 3.0 2010.03.19 -

Rising 22.39.04.04 2010.03.19 -

Sophos 4.51.0 2010.03.19 -

Sunbelt 5967 2010.03.19 -

Symantec 20091.2.0.41 2010.03.19 -

TheHacker 6.5.2.0.238 2010.03.19 -

TrendMicro 9.120.0.1004 2010.03.19 -

VBA32 3.12.12.2 2010.03.19 -

ViRobot 2010.3.19.2236 2010.03.19 -

VirusBuster 5.0.27.0 2010.03.18 -

Information additionnelle

File size: 3558912 bytes

MD5...: e002a7e05185bd7fc7646cd229311b22

SHA1..: 12ad930da43fb8f0e70719233ef7d8b9159407c8

SHA256: 3adade66abce7f85f9405afe9bc24df04915b749e455bf55e17aed6be91304e5

ssdeep: 49152:pKawgpy+qMBYVqILjO+QpKuyzYETj2CQWpVE8lwzImdB8x1yrZO:Eawgpy<br>SBYV/jOfpgzkCpVEyPGu1G<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x160272<br>timedatestamp.....: 0x4ae1cb82 (Fri Oct 23 15:28:02 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2cc2ee 0x2cc400 6.44 ee1a04bed51a99d816129f865947c2d7<br>.data 0x2ce000 0x73bc 0x4000 3.35 0bee4ec0767d4a83aa68fa1a1040b63e<br>MovieMak 0x2d6000 0x4 0x200 0.07 1d7d80e8b5ce8c86e7c833467964b6ae<br>.rsrc 0x2d7000 0x942c8 0x94400 6.53 2a1e5a1f361249b5c2fbb0e2e5236847<br><br>( 23 imports ) <br>> msvcrt.dll: __3@YAXPAX@Z, __2@YAPAXI@Z, _ftol, realloc, malloc, free, wcscmp, _purecall, memmove, wcsstr, _wcsicmp, _snwprintf, wcsrchr, _wfullpath, iswspace, _wtoi, ceil, wcscat, wcsncpy, _wfopen, fclose, fgetc, fread, ftell, fseek, isprint, strncpy, tolower, _vsnwprintf, iswctype, _wtol, isdigit, wcsncmp, _strnicmp, vswprintf, iswdigit, wcsncat, _wcsnicmp, swprintf, wcscpy, wcslen, _endthreadex, calloc, _beginthreadex, srand, time, qsort, wcschr, _wcsrev, sprintf, wcspbrk, rand, _stricmp, ctime, swscanf, _c_exit, _exit, __CxxFrameHandler, _XcptFilter, _cexit, exit, _controlfp, _onexit, __dllonexit, _terminate@@YAXXZ, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln<br>> ADVAPI32.dll: RegEnumValueW, RegOpenKeyExW, RegOpenKeyExA, RegQueryValueExA, RegQueryValueExW, RegSetValueExW, RegDeleteValueW, RegCreateKeyExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegCloseKey<br>> KERNEL32.dll: FindClose, GetFileAttributesW, SetErrorMode, GlobalUnlock, GlobalLock, GlobalAlloc, FindFirstFileW, DeleteFileW, CopyFileW, lstrcpynA, lstrcpynW, GetLastError, GetFullPathNameW, GetDiskFreeSpaceExW, GetLocaleInfoW, GetNumberFormatW, CompareStringW, lstrcmpiW, FreeResource, GlobalFree, GlobalHandle, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrcatW, GetModuleFileNameW, SetThreadPriority, FindNextFileW, GetProfileIntW, GetTempPathW, CloseHandle, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, WaitForSingleObject, GetLongPathNameW, lstrlenA, EnumResourceLanguagesW, GetTickCount, Sleep, CreateFileMappingA, CreateEventW, GetUserDefaultUILanguage, SetEvent, CreateDirectoryW, GetShortPathNameW, ReleaseMutex, CreateMutexW, GetCommandLineW, CreateFileW, MoveFileW, GetTempFileNameW, CompareFileTime, SleepEx, GetFileSize, GetDriveTypeW, WideCharToMultiByte, GetACP, SizeofResource, WriteFile, VirtualProtect, VirtualQuery, GetModuleHandleW, EnumUILanguagesW, LoadLibraryExW, ExpandEnvironmentStringsW, SetEnvironmentVariableW, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, FindResourceW, LoadResource, LockResource, GetVersionExW, LoadLibraryW, GetProcAddress, FreeLibrary, InterlockedIncrement, lstrcmpW, lstrcpyW, MulDiv, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, FlushInstructionCache, FormatMessageW, LocalFree, InterlockedDecrement, lstrlenW, SetFilePointer, DebugBreak, LocalAlloc, GetVolumeInformationW, MapViewOfFileEx, CreateFileMappingW, GetPrivateProfileIntW, GetPrivateProfileStringW, SetEndOfFile, OutputDebugStringW, GetExitCodeThread, ResetEvent, GetVolumeNameForVolumeMountPointW, DeviceIoControl, WaitForMultipleObjects, PostQueuedCompletionStatus, ReadDirectoryChangesW, GetOverlappedResult, GetQueuedCompletionStatus, CreateIoCompletionPort, GetDiskFreeSpaceW, GetFileSizeEx, SetFilePointerEx, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, GetVersion, HeapDestroy, IsBadWritePtr, WinExec, GetTimeFormatW, GetDateFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GlobalSize, GetFileAttributesExW, SetFileAttributesW, RemoveDirectoryW, ReadFile, SetThreadExecutionState, GetUserDefaultLCID, IsBadReadPtr, GetThreadLocale, CreateThread, GetSystemTimeAsFileTime<br>> GDI32.dll: ExcludeClipRect, GetDIBits, GetObjectA, TextOutW, Polygon, CombineRgn, SetRectRgn, CreateRectRgnIndirect, GetClipBox, DPtoLP, GetLayout, CreateRectRgn, StretchBlt, SelectClipRgn, ExtTextOutW, Rectangle, SetViewportOrgEx, SetROP2, GetNearestColor, CreatePen, CreateDCW, GetCurrentObject, RestoreDC, LineTo, LPtoDP, SetWindowOrgEx, SetMapMode, SaveDC, MoveToEx, GetTextMetricsW, GetTextExtentPoint32W, CreateSolidBrush, GetStockObject, GetDeviceCaps, CreateDIBSection, CreateCompatibleBitmap, SetBrushOrgEx, CreateFontIndirectW, SetBkMode, CreateCompatibleDC, BitBlt, CreateBitmap, CreatePatternBrush, SelectObject, PatBlt, DeleteDC, DeleteObject, GetObjectW, SetBkColor, SetTextColor<br>> USER32.dll: GetDesktopWindow, RedrawWindow, CreateAcceleratorTableW, PostQuitMessage, LoadStringA, GetDlgItemInt, LoadIconW, DrawIcon, SetDlgItemInt, GetCursorPos, GetDlgCtrlID, DrawFocusRect, DispatchMessageW, TranslateMessage, GetMessageW, CreateDialogIndirectParamW, GetMenu, SetMenu, BringWindowToTop, GetWindowPlacement, GetTopWindow, TranslateAcceleratorW, GetMenuStringW, AppendMenuW, FindWindowW, EnableMenuItem, InsertMenuW, DeleteMenu, EndMenu, AdjustWindowRectEx, TrackPopupMenu, SetRect, PostThreadMessageW, IsIconic, SetProcessDefaultLayout, ScrollWindowEx, SetScrollPos, GetScrollInfo, SetScrollInfo, IsRectEmpty, GetAsyncKeyState, GetIconInfo, SetClassLongW, DrawTextExW, UnionRect, IntersectRect, IsDlgButtonChecked, CheckDlgButton, GetProcessDefaultLayout, GetDoubleClickTime, InvalidateRgn, TrackMouseEvent, ClipCursor, UpdateLayeredWindow, DestroyCursor, NotifyWinEvent, DragDetect, GetClassLongW, LoadAcceleratorsW, GetDC, UnregisterClassW, DestroyIcon, DialogBoxParamW, GetWindowTextLengthW, GetWindowTextW, SetForegroundWindow, SetWindowPlacement, ClientToScreen, PeekMessageW, DrawFrameControl, InflateRect, OffsetRect, FrameRect, DrawTextW, GetKeyState, CharNextW, CharLowerW, WindowFromPoint, MessageBeep, GetActiveWindow, GetWindowThreadProcessId, IsMenu, SetWindowsHookExW, UnhookWindowsHookEx, GetClassNameW, CallNextHookEx, GetSubMenu, GetLastActivePopup, MessageBoxW, ModifyMenuW, TrackPopupMenuEx, LoadBitmapW, MoveWindow, CreatePopupMenu, FindWindowExW, LoadMenuW, PostMessageW, DrawEdge, SetCapture, GetCapture, SetCursor, ReleaseDC, GetWindowDC, EndPaint, BeginPaint, GetMessagePos, ScreenToClient, PtInRect, ReleaseCapture, GetAncestor, SetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoW, SetMenuItemInfoW, GetSystemMetrics, CallWindowProcW, DefWindowProcW, SetActiveWindow, IsWindowVisible, IsChild, GetClassInfoExW, LoadCursorW, wsprintfW, RegisterClassExW, InvalidateRect, RegisterWindowMessageW, CreateDialogParamW, CopyRect, IsWindowEnabled, GetFocus, SetFocus, EnableWindow, GetNextDlgTabItem, KillTimer, SetTimer, UpdateWindow, SetWindowTextW, CreateWindowExW, DestroyMenu, RemoveMenu, SendMessageW, DestroyWindow, EndDialog, LoadImageW, SetWindowLongW, IsWindow, IsDialogMessageW, GetDlgItem, ShowWindow, GetSystemMenu, GetSysColor, GetSysColorBrush, FillRect, LoadStringW, GetWindow, GetWindowRect, SystemParametersInfoW, MapWindowPoints, SetWindowPos, GetParent, SetDlgItemTextW, GetClientRect, GetWindowLongW, GetWindowLongA, GetClassNameA, SendMessageA, IsWindowUnicode, DrawTextA, MapDialogRect, CopyImage, RegisterClipboardFormatW, GetMonitorInfoW, MonitorFromWindow, CharUpperW, CopyIcon, GetForegroundWindow, EqualRect, MsgWaitForMultipleObjects, DestroyAcceleratorTable, SetWindowRgn, CharUpperBuffW, SetRectEmpty, GetMessageTime<br>> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, ChooseColorW<br>> SHELL32.dll: ShellAboutW, ShellExecuteW, ShellExecuteExW, SHGetDiskFreeSpaceExW, SHGetSettings, SHGetPathFromIDListW, SHGetFolderPathW, DragQueryFileW, SHAddToRecentDocs, SHGetMalloc, SHParseDisplayName, SHGetFileInfoW, SHBrowseForFolderW, SHPathPrepareForWriteW, SHGetSpecialFolderPathW, CommandLineToArgvW, SHFileOperationW, SHCreateQueryCancelAutoPlayMoniker, SHGetDesktopFolder, SHGetFolderLocation, -, SHGetFolderPathAndSubDirW<br>> ole32.dll: RegisterDragDrop, GetRunningObjectTable, CreateStreamOnHGlobal, OleUninitialize, CoTaskMemFree, StringFromCLSID, CoTaskMemAlloc, OleLockRunning, CLSIDFromProgID, CLSIDFromString, OleGetClipboard, ReleaseStgMedium, OleFlushClipboard, OleIsCurrentClipboard, CoUninitialize, CoInitialize, CoRevokeClassObject, CoRegisterClassObject, CoResumeClassObjects, StringFromGUID2, RevokeDragDrop, StgIsStorageFile, OleSaveToStream, WriteClassStm, OleLoadFromStream, CreateOleAdviseHolder, OleRegGetUserType, OleRegEnumVerbs, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, PropVariantClear, StgCreatePropStg, StgOpenPropStg, FreePropVariantArray, CoCreateGuid, StgOpenStorage, StgCreateDocfile, OleSetClipboard, CoCreateInstance, CoFreeUnusedLibraries, DoDragDrop, OleInitialize<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> COMCTL32.dll: -, ImageList_Destroy, ImageList_AddMasked, ImageList_Add, ImageList_Create, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageCount, ImageList_Draw, ImageList_DrawIndirect, DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, _TrackMouseEvent, ImageList_Remove, ImageList_GetIconSize, InitCommonControlsEx, ImageList_LoadImageW, CreateStatusWindowW<br>> SHLWAPI.dll: PathIsURLW, PathSkipRootW, PathCanonicalizeW, PathFindNextComponentW, UrlIsW, PathAddBackslashW, UrlGetPartW, PathIsRelativeW, PathRemoveFileSpecW, StrRetToStrW, PathCompactPathExW, StrCmpLogicalW, PathFindExtensionW, PathFindFileNameW, SHAutoComplete, PathStripToRootW<br>> WINMM.dll: mixerOpen, mixerClose, mixerGetLineControlsW, mixerSetControlDetails, mixerGetControlDetailsW, mixerGetDevCapsW, timeGetTime, waveOutGetNumDevs, mixerGetNumDevs, mixerGetID, waveOutClose, waveOutOpen, mixerGetLineInfoW<br>> RPCRT4.dll: UuidCreate, RpcStringFreeA, UuidToStringW, RpcStringFreeW, UuidFromStringW, UuidEqual, UuidToStringA<br>> WMVCore.DLL: WMCreateProfileManager, WMCreateEditor, WMCreateReader<br>> gdiplus.dll: GdipGetImageGraphicsContext, GdipDrawImagePointRectI, GdipCreatePen1, GdipCreateBitmapFromResource, GdipFree, GdipDrawRectangleI, GdipDrawImageRectRect, GdipSaveImageToStream, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipDeletePen, GdipSetPropertyItem, GdipCreateBitmapFromFile, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromScan0, GdipCreateBitmapFromGdiDib, GdipCreateHBITMAPFromBitmap, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipGetImageEncodersSize, GdipGetImageEncoders, GdipGraphicsClear, GdipGetImageThumbnail, GdipGetImageHorizontalResolution, GdipGetImageVerticalResolution, GdipGetPropertyItemSize, GdipGetPropertyItem, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipDrawImageRectRectI, GdipAlloc, GdipCloneImage, GdipGetFontCollectionFamilyCount, GdipNewInstalledFontCollection, GdipDeleteFontFamily, GdipDeleteFont, GdiplusShutdown, GdiplusStartup, GdipDeleteGraphics, GdipDisposeImage, GdipImageGetFrameCount, GdipCreateBitmapFromHBITMAP, GdipCloneFontFamily, GdipGetFontCollectionFamilyList, GdipGetFamilyName, GdipIsStyleAvailable, GdipCreateFontFromDC, GdipCreateFontFromLogfontA, GdipGetFamily, GdipSaveImageToFile, GdipSetSmoothingMode<br>> Secur32.dll: GetUserNameExW<br>> MSIMG32.dll: GradientFill, AlphaBlend<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> UxTheme.dll: GetThemeInt, DrawThemeBackground, OpenThemeData, CloseThemeData, IsAppThemed<br>> AVIFIL32.dll: AVIFileOpenW<br>> CRYPT32.dll: CryptProtectData, CryptUnprotectData<br>> WININET.dll: FtpSetCurrentDirectoryW, HttpSendRequestW, InternetConnectW, FtpCreateDirectoryW, InternetAutodial, InternetAttemptConnect, InternetGoOnlineW, InternetCheckConnectionW, InternetOpenW, InternetGetLastResponseInfoW, HttpOpenRequestW, HttpAddRequestHeadersW, HttpSendRequestExW, HttpEndRequestW, InternetOpenUrlW, InternetReadFile, InternetCloseHandle, InternetGetConnectedState, InternetWriteFile<br>> urlmon.dll: CoGetClassObjectFromURL, CreateFormatEnumerator, CreateAsyncBindCtx<br><br>( 43 exports ) <br>__0CtrlContainerFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVComp

ositeFrame@1@@Z, __0CtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFrame@1

@@Z, __0FrameEqualizer@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@@Z, __0GroupBoxFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0GroupBoxFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFra

me@1@@Z, __0HorizFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1@@

Z, __0IMsoAutoLayoutDialog@DlgAutoLayout@@IAE@XZ, __0ListEditFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0MsoWCtrlContainerFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@

@@Z, __0MsoWCtrlFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWFrameEqualizer@@QAE@AAVIMsoWAutoLayoutDialog@@@Z, __0MsoWGroupBoxFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWGroupBoxFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWHorizFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0MsoWListEditFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWNumInputFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWOverlapFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0MsoWTabCtrlFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWTableFrame@@QAE@AAVIMsoWAutoLayoutDialog@@HHPAVMsoWCompositeFrame@@@Z, __0MsoWVertFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0NumInputFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0NumInputFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFra

me@1@@Z, __0OverlapFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1

@@Z, __0TabCtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFra

me@1@@Z, __0TabCtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFram

e@1@@Z, __0TableFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@HHPAVCompositeFrame@1

@@Z, __0VertFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1@@Z

, __1IMsoAutoLayoutDialog@DlgAutoLayout@@MAE@XZ, _MsoDALCheckBoxBMHeight@0, _MsoDALCheckBoxBMWidth@0, _MsoDALCheckBoxBMWidthPlusMargin@4, _MsoDALDestructFrames@4, _MsoDALEditStrHeightPix@4, _MsoDALFDlgIsValid@4, _MsoDALGroupBoxNoLabelTopAdjustPix@4, _MsoDALMarkDlgInvalid@4, _MsoDALSuspendFrameDestruction@4, _MsoDUToPix@12, _MsoDestroyIMsoWAutoLayoutDialog@4, _MsoFCreateIMsoWAutoLayoutDialog@12, _MsoPixToDU@12, _MsoWIsAutoLayoutEnabled@8, _MsoWTabCtrlIndexToHwnd@8<br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: Copyright © Microsoft Corp, 2004<br>product......: Windows Movie Maker<br>description..: Windows Movie Maker<br>original name: MOVIEMK2.EXE<br>internal name: MOVIEMK2<br>file version.: 2, 1, 4027, 0<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.03.19 -

AhnLab-V3 5.0.0.2 2010.03.19 -

AntiVir 8.2.1.194 2010.03.19 -

Antiy-AVL 2.0.3.7 2010.03.19 -

Authentium 5.2.0.5 2010.03.19 -

Avast 4.8.1351.0 2010.03.19 -

Avast5 5.0.332.0 2010.03.19 -

AVG 9.0.0.787 2010.03.18 -

BitDefender 7.2 2010.03.19 -

CAT-QuickHeal 10.00 2010.03.19 -

ClamAV 0.96.0.0-git 2010.03.19 -

Comodo 4316 2010.03.19 -

DrWeb 5.0.1.12222 2010.03.19 -

eSafe 7.0.17.0 2010.03.18 -

eTrust-Vet 35.2.7374 2010.03.19 -

F-Prot 4.5.1.85 2010.03.18 -

F-Secure 9.0.15370.0 2010.03.19 -

Fortinet 4.0.14.0 2010.03.19 -

GData 19 2010.03.19 -

Ikarus T3.1.1.80.0 2010.03.19 -

Jiangmin 13.0.900 2010.03.19 -

K7AntiVirus 7.10.1001 2010.03.18 -

Kaspersky 7.0.0.125 2010.03.19 -

McAfee 5924 2010.03.18 -

McAfee+Artemis 5924 2010.03.18 -

McAfee-GW-Edition 6.8.5 2010.03.19 -

Microsoft 1.5605 2010.03.19 -

NOD32 4957 2010.03.19 -

Norman 6.04.09 2010.03.19 -

nProtect 2009.1.8.0 2010.03.19 -

Panda 10.0.2.2 2010.03.18 -

PCTools 7.0.3.5 2010.03.19 -

Prevx 3.0 2010.03.19 -

Rising 22.39.04.04 2010.03.19 -

Sophos 4.51.0 2010.03.19 -

Sunbelt 5967 2010.03.19 -

Symantec 20091.2.0.41 2010.03.19 -

TheHacker 6.5.2.0.238 2010.03.19 -

TrendMicro 9.120.0.1004 2010.03.19 -

VBA32 3.12.12.2 2010.03.19 -

ViRobot 2010.3.19.2236 2010.03.19 -

VirusBuster 5.0.27.0 2010.03.18 -

 

Information additionnelle

File size: 3558912 bytes

MD5...: e002a7e05185bd7fc7646cd229311b22

SHA1..: 12ad930da43fb8f0e70719233ef7d8b9159407c8

SHA256: 3adade66abce7f85f9405afe9bc24df04915b749e455bf55e17aed6be91304e5

ssdeep: 49152:pKawgpy+qMBYVqILjO+QpKuyzYETj2CQWpVE8lwzImdB8x1yrZO:Eawgpy<br>SBYV/jOfpgzkCpVEyPGu1G<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x160272<br>timedatestamp.....: 0x4ae1cb82 (Fri Oct 23 15:28:02 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2cc2ee 0x2cc400 6.44 ee1a04bed51a99d816129f865947c2d7<br>.data 0x2ce000 0x73bc 0x4000 3.35 0bee4ec0767d4a83aa68fa1a1040b63e<br>MovieMak 0x2d6000 0x4 0x200 0.07 1d7d80e8b5ce8c86e7c833467964b6ae<br>.rsrc 0x2d7000 0x942c8 0x94400 6.53 2a1e5a1f361249b5c2fbb0e2e5236847<br><br>( 23 imports ) <br>> msvcrt.dll: __3@YAXPAX@Z, __2@YAPAXI@Z, _ftol, realloc, malloc, free, wcscmp, _purecall, memmove, wcsstr, _wcsicmp, _snwprintf, wcsrchr, _wfullpath, iswspace, _wtoi, ceil, wcscat, wcsncpy, _wfopen, fclose, fgetc, fread, ftell, fseek, isprint, strncpy, tolower, _vsnwprintf, iswctype, _wtol, isdigit, wcsncmp, _strnicmp, vswprintf, iswdigit, wcsncat, _wcsnicmp, swprintf, wcscpy, wcslen, _endthreadex, calloc, _beginthreadex, srand, time, qsort, wcschr, _wcsrev, sprintf, wcspbrk, rand, _stricmp, ctime, swscanf, _c_exit, _exit, __CxxFrameHandler, _XcptFilter, _cexit, exit, _controlfp, _onexit, __dllonexit, _terminate@@YAXXZ, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln<br>> ADVAPI32.dll: RegEnumValueW, RegOpenKeyExW, RegOpenKeyExA, RegQueryValueExA, RegQueryValueExW, RegSetValueExW, RegDeleteValueW, RegCreateKeyExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegCloseKey<br>> KERNEL32.dll: FindClose, GetFileAttributesW, SetErrorMode, GlobalUnlock, GlobalLock, GlobalAlloc, FindFirstFileW, DeleteFileW, CopyFileW, lstrcpynA, lstrcpynW, GetLastError, GetFullPathNameW, GetDiskFreeSpaceExW, GetLocaleInfoW, GetNumberFormatW, CompareStringW, lstrcmpiW, FreeResource, GlobalFree, GlobalHandle, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrcatW, GetModuleFileNameW, SetThreadPriority, FindNextFileW, GetProfileIntW, GetTempPathW, CloseHandle, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, WaitForSingleObject, GetLongPathNameW, lstrlenA, EnumResourceLanguagesW, GetTickCount, Sleep, CreateFileMappingA, CreateEventW, GetUserDefaultUILanguage, SetEvent, CreateDirectoryW, GetShortPathNameW, ReleaseMutex, CreateMutexW, GetCommandLineW, CreateFileW, MoveFileW, GetTempFileNameW, CompareFileTime, SleepEx, GetFileSize, GetDriveTypeW, WideCharToMultiByte, GetACP, SizeofResource, WriteFile, VirtualProtect, VirtualQuery, GetModuleHandleW, EnumUILanguagesW, LoadLibraryExW, ExpandEnvironmentStringsW, SetEnvironmentVariableW, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, FindResourceW, LoadResource, LockResource, GetVersionExW, LoadLibraryW, GetProcAddress, FreeLibrary, InterlockedIncrement, lstrcmpW, lstrcpyW, MulDiv, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, FlushInstructionCache, FormatMessageW, LocalFree, InterlockedDecrement, lstrlenW, SetFilePointer, DebugBreak, LocalAlloc, GetVolumeInformationW, MapViewOfFileEx, CreateFileMappingW, GetPrivateProfileIntW, GetPrivateProfileStringW, SetEndOfFile, OutputDebugStringW, GetExitCodeThread, ResetEvent, GetVolumeNameForVolumeMountPointW, DeviceIoControl, WaitForMultipleObjects, PostQueuedCompletionStatus, ReadDirectoryChangesW, GetOverlappedResult, GetQueuedCompletionStatus, CreateIoCompletionPort, GetDiskFreeSpaceW, GetFileSizeEx, SetFilePointerEx, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, GetVersion, HeapDestroy, IsBadWritePtr, WinExec, GetTimeFormatW, GetDateFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GlobalSize, GetFileAttributesExW, SetFileAttributesW, RemoveDirectoryW, ReadFile, SetThreadExecutionState, GetUserDefaultLCID, IsBadReadPtr, GetThreadLocale, CreateThread, GetSystemTimeAsFileTime<br>> GDI32.dll: ExcludeClipRect, GetDIBits, GetObjectA, TextOutW, Polygon, CombineRgn, SetRectRgn, CreateRectRgnIndirect, GetClipBox, DPtoLP, GetLayout, CreateRectRgn, StretchBlt, SelectClipRgn, ExtTextOutW, Rectangle, SetViewportOrgEx, SetROP2, GetNearestColor, CreatePen, CreateDCW, GetCurrentObject, RestoreDC, LineTo, LPtoDP, SetWindowOrgEx, SetMapMode, SaveDC, MoveToEx, GetTextMetricsW, GetTextExtentPoint32W, CreateSolidBrush, GetStockObject, GetDeviceCaps, CreateDIBSection, CreateCompatibleBitmap, SetBrushOrgEx, CreateFontIndirectW, SetBkMode, CreateCompatibleDC, BitBlt, CreateBitmap, CreatePatternBrush, SelectObject, PatBlt, DeleteDC, DeleteObject, GetObjectW, SetBkColor, SetTextColor<br>> USER32.dll: GetDesktopWindow, RedrawWindow, CreateAcceleratorTableW, PostQuitMessage, LoadStringA, GetDlgItemInt, LoadIconW, DrawIcon, SetDlgItemInt, GetCursorPos, GetDlgCtrlID, DrawFocusRect, DispatchMessageW, TranslateMessage, GetMessageW, CreateDialogIndirectParamW, GetMenu, SetMenu, BringWindowToTop, GetWindowPlacement, GetTopWindow, TranslateAcceleratorW, GetMenuStringW, AppendMenuW, FindWindowW, EnableMenuItem, InsertMenuW, DeleteMenu, EndMenu, AdjustWindowRectEx, TrackPopupMenu, SetRect, PostThreadMessageW, IsIconic, SetProcessDefaultLayout, ScrollWindowEx, SetScrollPos, GetScrollInfo, SetScrollInfo, IsRectEmpty, GetAsyncKeyState, GetIconInfo, SetClassLongW, DrawTextExW, UnionRect, IntersectRect, IsDlgButtonChecked, CheckDlgButton, GetProcessDefaultLayout, GetDoubleClickTime, InvalidateRgn, TrackMouseEvent, ClipCursor, UpdateLayeredWindow, DestroyCursor, NotifyWinEvent, DragDetect, GetClassLongW, LoadAcceleratorsW, GetDC, UnregisterClassW, DestroyIcon, DialogBoxParamW, GetWindowTextLengthW, GetWindowTextW, SetForegroundWindow, SetWindowPlacement, ClientToScreen, PeekMessageW, DrawFrameControl, InflateRect, OffsetRect, FrameRect, DrawTextW, GetKeyState, CharNextW, CharLowerW, WindowFromPoint, MessageBeep, GetActiveWindow, GetWindowThreadProcessId, IsMenu, SetWindowsHookExW, UnhookWindowsHookEx, GetClassNameW, CallNextHookEx, GetSubMenu, GetLastActivePopup, MessageBoxW, ModifyMenuW, TrackPopupMenuEx, LoadBitmapW, MoveWindow, CreatePopupMenu, FindWindowExW, LoadMenuW, PostMessageW, DrawEdge, SetCapture, GetCapture, SetCursor, ReleaseDC, GetWindowDC, EndPaint, BeginPaint, GetMessagePos, ScreenToClient, PtInRect, ReleaseCapture, GetAncestor, SetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoW, SetMenuItemInfoW, GetSystemMetrics, CallWindowProcW, DefWindowProcW, SetActiveWindow, IsWindowVisible, IsChild, GetClassInfoExW, LoadCursorW, wsprintfW, RegisterClassExW, InvalidateRect, RegisterWindowMessageW, CreateDialogParamW, CopyRect, IsWindowEnabled, GetFocus, SetFocus, EnableWindow, GetNextDlgTabItem, KillTimer, SetTimer, UpdateWindow, SetWindowTextW, CreateWindowExW, DestroyMenu, RemoveMenu, SendMessageW, DestroyWindow, EndDialog, LoadImageW, SetWindowLongW, IsWindow, IsDialogMessageW, GetDlgItem, ShowWindow, GetSystemMenu, GetSysColor, GetSysColorBrush, FillRect, LoadStringW, GetWindow, GetWindowRect, SystemParametersInfoW, MapWindowPoints, SetWindowPos, GetParent, SetDlgItemTextW, GetClientRect, GetWindowLongW, GetWindowLongA, GetClassNameA, SendMessageA, IsWindowUnicode, DrawTextA, MapDialogRect, CopyImage, RegisterClipboardFormatW, GetMonitorInfoW, MonitorFromWindow, CharUpperW, CopyIcon, GetForegroundWindow, EqualRect, MsgWaitForMultipleObjects, DestroyAcceleratorTable, SetWindowRgn, CharUpperBuffW, SetRectEmpty, GetMessageTime<br>> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, ChooseColorW<br>> SHELL32.dll: ShellAboutW, ShellExecuteW, ShellExecuteExW, SHGetDiskFreeSpaceExW, SHGetSettings, SHGetPathFromIDListW, SHGetFolderPathW, DragQueryFileW, SHAddToRecentDocs, SHGetMalloc, SHParseDisplayName, SHGetFileInfoW, SHBrowseForFolderW, SHPathPrepareForWriteW, SHGetSpecialFolderPathW, CommandLineToArgvW, SHFileOperationW, SHCreateQueryCancelAutoPlayMoniker, SHGetDesktopFolder, SHGetFolderLocation, -, SHGetFolderPathAndSubDirW<br>> ole32.dll: RegisterDragDrop, GetRunningObjectTable, CreateStreamOnHGlobal, OleUninitialize, CoTaskMemFree, StringFromCLSID, CoTaskMemAlloc, OleLockRunning, CLSIDFromProgID, CLSIDFromString, OleGetClipboard, ReleaseStgMedium, OleFlushClipboard, OleIsCurrentClipboard, CoUninitialize, CoInitialize, CoRevokeClassObject, CoRegisterClassObject, CoResumeClassObjects, StringFromGUID2, RevokeDragDrop, StgIsStorageFile, OleSaveToStream, WriteClassStm, OleLoadFromStream, CreateOleAdviseHolder, OleRegGetUserType, OleRegEnumVerbs, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, PropVariantClear, StgCreatePropStg, StgOpenPropStg, FreePropVariantArray, CoCreateGuid, StgOpenStorage, StgCreateDocfile, OleSetClipboard, CoCreateInstance, CoFreeUnusedLibraries, DoDragDrop, OleInitialize<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> COMCTL32.dll: -, ImageList_Destroy, ImageList_AddMasked, ImageList_Add, ImageList_Create, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageCount, ImageList_Draw, ImageList_DrawIndirect, DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, _TrackMouseEvent, ImageList_Remove, ImageList_GetIconSize, InitCommonControlsEx, ImageList_LoadImageW, CreateStatusWindowW<br>> SHLWAPI.dll: PathIsURLW, PathSkipRootW, PathCanonicalizeW, PathFindNextComponentW, UrlIsW, PathAddBackslashW, UrlGetPartW, PathIsRelativeW, PathRemoveFileSpecW, StrRetToStrW, PathCompactPathExW, StrCmpLogicalW, PathFindExtensionW, PathFindFileNameW, SHAutoComplete, PathStripToRootW<br>> WINMM.dll: mixerOpen, mixerClose, mixerGetLineControlsW, mixerSetControlDetails, mixerGetControlDetailsW, mixerGetDevCapsW, timeGetTime, waveOutGetNumDevs, mixerGetNumDevs, mixerGetID, waveOutClose, waveOutOpen, mixerGetLineInfoW<br>> RPCRT4.dll: UuidCreate, RpcStringFreeA, UuidToStringW, RpcStringFreeW, UuidFromStringW, UuidEqual, UuidToStringA<br>> WMVCore.DLL: WMCreateProfileManager, WMCreateEditor, WMCreateReader<br>> gdiplus.dll: GdipGetImageGraphicsContext, GdipDrawImagePointRectI, GdipCreatePen1, GdipCreateBitmapFromResource, GdipFree, GdipDrawRectangleI, GdipDrawImageRectRect, GdipSaveImageToStream, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipDeletePen, GdipSetPropertyItem, GdipCreateBitmapFromFile, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromScan0, GdipCreateBitmapFromGdiDib, GdipCreateHBITMAPFromBitmap, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipGetImageEncodersSize, GdipGetImageEncoders, GdipGraphicsClear, GdipGetImageThumbnail, GdipGetImageHorizontalResolution, GdipGetImageVerticalResolution, GdipGetPropertyItemSize, GdipGetPropertyItem, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipDrawImageRectRectI, GdipAlloc, GdipCloneImage, GdipGetFontCollectionFamilyCount, GdipNewInstalledFontCollection, GdipDeleteFontFamily, GdipDeleteFont, GdiplusShutdown, GdiplusStartup, GdipDeleteGraphics, GdipDisposeImage, GdipImageGetFrameCount, GdipCreateBitmapFromHBITMAP, GdipCloneFontFamily, GdipGetFontCollectionFamilyList, GdipGetFamilyName, GdipIsStyleAvailable, GdipCreateFontFromDC, GdipCreateFontFromLogfontA, GdipGetFamily, GdipSaveImageToFile, GdipSetSmoothingMode<br>> Secur32.dll: GetUserNameExW<br>> MSIMG32.dll: GradientFill, AlphaBlend<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW<br>> UxTheme.dll: GetThemeInt, DrawThemeBackground, OpenThemeData, CloseThemeData, IsAppThemed<br>> AVIFIL32.dll: AVIFileOpenW<br>> CRYPT32.dll: CryptProtectData, CryptUnprotectData<br>> WININET.dll: FtpSetCurrentDirectoryW, HttpSendRequestW, InternetConnectW, FtpCreateDirectoryW, InternetAutodial, InternetAttemptConnect, InternetGoOnlineW, InternetCheckConnectionW, InternetOpenW, InternetGetLastResponseInfoW, HttpOpenRequestW, HttpAddRequestHeadersW, HttpSendRequestExW, HttpEndRequestW, InternetOpenUrlW, InternetReadFile, InternetCloseHandle, InternetGetConnectedState, InternetWriteFile<br>> urlmon.dll: CoGetClassObjectFromURL, CreateFormatEnumerator, CreateAsyncBindCtx<br><br>( 43 exports ) <br>__0CtrlContainerFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVComp

ositeFrame@1@@Z, __0CtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFrame@1

@@Z, __0FrameEqualizer@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@@Z, __0GroupBoxFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0GroupBoxFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFra

me@1@@Z, __0HorizFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1@@

Z, __0IMsoAutoLayoutDialog@DlgAutoLayout@@IAE@XZ, __0ListEditFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0MsoWCtrlContainerFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@

@@Z, __0MsoWCtrlFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWFrameEqualizer@@QAE@AAVIMsoWAutoLayoutDialog@@@Z, __0MsoWGroupBoxFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWGroupBoxFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWHorizFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0MsoWListEditFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWNumInputFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GGPAVMsoWCompositeFrame@@@Z, __0MsoWOverlapFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0MsoWTabCtrlFrame@@QAE@AAVIMsoWAutoLayoutDialog@@GPAVMsoWCompositeFrame@@@Z, __0MsoWTableFrame@@QAE@AAVIMsoWAutoLayoutDialog@@HHPAVMsoWCompositeFrame@@@Z, __0MsoWVertFrame@@QAE@AAVIMsoWAutoLayoutDialog@@PAVMsoWCompositeFrame@@@Z, __0NumInputFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFr

ame@1@@Z, __0NumInputFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFra

me@1@@Z, __0OverlapFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1

@@Z, __0TabCtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAX1PAVCompositeFra

me@1@@Z, __0TabCtrlFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAXPAVCompositeFram

e@1@@Z, __0TableFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@HHPAVCompositeFrame@1

@@Z, __0VertFrame@DlgAutoLayout@@QAE@AAVIMsoAutoLayoutDialog@1@PAVCompositeFrame@1@@Z

, __1IMsoAutoLayoutDialog@DlgAutoLayout@@MAE@XZ, _MsoDALCheckBoxBMHeight@0, _MsoDALCheckBoxBMWidth@0, _MsoDALCheckBoxBMWidthPlusMargin@4, _MsoDALDestructFrames@4, _MsoDALEditStrHeightPix@4, _MsoDALFDlgIsValid@4, _MsoDALGroupBoxNoLabelTopAdjustPix@4, _MsoDALMarkDlgInvalid@4, _MsoDALSuspendFrameDestruction@4, _MsoDUToPix@12, _MsoDestroyIMsoWAutoLayoutDialog@4, _MsoFCreateIMsoWAutoLayoutDialog@12, _MsoPixToDU@12, _MsoWIsAutoLayoutEnabled@8, _MsoWTabCtrlIndexToHwnd@8<br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: Copyright © Microsoft Corp, 2004<br>product......: Windows Movie Maker<br>description..: Windows Movie Maker<br>original name: MOVIEMK2.EXE<br>internal name: MOVIEMK2<br>file version.: 2, 1, 4027, 0<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

[Falkra]

Supprime à la main ce fichier :

c:\windows\system32\fjhdyfhsn.bat

 

Comment se comporte la machine ?

Ca devrait être mieux là, voire ok.