par letal » 20 Fév 2010 19:15
hello,
Désolé pour le retard, je ne pouvais pas m'en occuper avant!!!
Voilà le résultat du scan, visiblement c'est pas un virus (si j'ai bien compris)
Vous en pensez quoi?
Fichier rsaenh.dll.infected reçu le 2010.02.20 18:04:46 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.20 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.20 -
AVG 9.0.0.730 2010.02.20 -
BitDefender 7.2 2010.02.20 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.20 -
Comodo 4002 2010.02.20 -
DrWeb 5.0.1.12222 2010.02.20 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.19 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.20 -
Ikarus T3.1.1.80.0 2010.02.20 -
Jiangmin 13.0.900 2010.02.20 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5897 2010.02.19 -
McAfee+Artemis 5897 2010.02.19 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.20 -
NOD32 4882 2010.02.20 -
Norman 6.04.08 2010.02.20 -
nProtect 2009.1.8.0 2010.02.20 -
Panda 10.0.2.2 2010.02.20 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.20 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.20 -
Sunbelt 5689 2010.02.20 -
Symantec 20091.2.0.41 2010.02.20 -
TheHacker 6.5.1.5.202 2010.02.20 -
TrendMicro 9.120.0.1004 2010.02.20 -
VBA32 3.12.12.2 2010.02.19 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -
Information additionnelle
File size: 152576 bytes
MD5...: 26acbd865f8cff730f1791c4d0854352
SHA1..: 6793775b0c8fcceee9d6ceec09336571526a327f
SHA256: 66fa5845ed397538f92b30cb06202470071b6f45698647e1f86e784942f6c4c4
ssdeep: 3072:JMqqDLy/YRKig3A3V7ny/NL3ny07/OY9WUgm3RiYel:CqqDLuILg3UV8ly0<br>zOY9WK3RiY0<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x134e1<br>timedatestamp.....: 0x40eb5d28 (Wed Jul 07 02:17:12 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x20b3b 0x20c00 6.88 c8966e72fa03c4409bf5a7bfa6a569dc<br>.data 0x22000 0x2588 0x2400 3.79 c76955472af464b50f0ebdf17a0e07fa<br>.rsrc 0x25000 0xc50 0xe00 3.39 6dcad0dd3dd23a97cb6d205b3de7ff7a<br>.reloc 0x26000 0x1072 0x1200 6.10 6255703d8439791e565d0d2c64349ff8<br><br>( 5 imports ) <br>> msvcrt.dll: _strlwr, free, _initterm, malloc, _adjust_fdiv, _resetstkoflw, wcslen, wcscmp, wcscpy, wcscat, _except_handler3<br>> KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, DelayLoadFailureHook, RtlMoveMemory, LocalAlloc, CloseHandle, GetCurrentThread, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, Sleep, MultiByteToWideChar, GetVersionExA, GetSystemDirectoryW, CreateFileW, FindFirstFileExW, WriteFile, GetFileSize, DeleteFileW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WideCharToMultiByte, FindNextFileW, LoadLibraryExA, SizeofResource, LoadResource, FindResourceA, ReadFile, _lclose, SetFilePointer, OpenFile, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, lstrcpyW, DisableThreadLibraryCalls, GetModuleFileNameA, DeleteCriticalSection, IsBadWritePtr, lstrcmpiA, lstrcmpA, InitializeCriticalSection, LoadLibraryA, GetProcAddress, lstrcpyA, FreeLibrary, LocalFree, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, lstrlenA, FindClose, SetLastError, GetLastError<br>> ADVAPI32.dll: GetFileSecurityW, SetFileSecurityW, GetSecurityDescriptorControl, GetSecurityDescriptorLength, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeSelfRelativeSD, GetAclInformation, GetAce, InitializeAcl, AddAccessAllowedAce, FreeSid, SystemFunction041, SystemFunction040, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, EqualSid, SetThreadToken, RevertToSelf, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, PrivilegeCheck, LookupPrivilegeValueA, RegOpenKeyExW, RegDeleteKeyW, RegEnumKeyA, AdjustTokenPrivileges, ImpersonateSelf, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, MD5Final, MD5Update, MD5Init, A_SHAFinal, A_SHAUpdate, A_SHAInit, RegDeleteValueA, SystemFunction036, RegQueryValueExA, RegCloseKey, RegGetKeySecurity, GetLengthSid<br>> ntdll.dll: NtClose, RtlFreeHeap, NtCreateFile, RtlDosPathNameToNtPathName_U, RtlAllocateHeap, RtlImageNtHeader, RtlNtStatusToDosError<br>> USER32.dll: LoadStringW, wsprintfA, wsprintfW<br><br>( 27 exports ) <br>CPAcquireContext, CPCreateHash, CPDecrypt, CPDeriveKey, CPDestroyHash, CPDestroyKey, CPDuplicateHash, CPDuplicateKey, CPEncrypt, CPExportKey, CPGenKey, CPGenRandom, CPGetHashParam, CPGetKeyParam, CPGetProvParam, CPGetUserKey, CPHashData, CPHashSessionKey, CPImportKey, CPReleaseContext, CPSetHashParam, CPSetKeyParam, CPSetProvParam, CPSignHash, CPVerifySignature, DllRegisterServer, DllUnregisterServer<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Microsoft Enhanced Cryptographic Provider<br>original name: rsaenh.dll<br>internal name: rsaenh.dll<br>file version.: 5.1.2600.2161 (xpsp.040706-1629)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.20 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.20 -
AVG 9.0.0.730 2010.02.20 -
BitDefender 7.2 2010.02.20 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.20 -
Comodo 4002 2010.02.20 -
DrWeb 5.0.1.12222 2010.02.20 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.19 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.20 -
Ikarus T3.1.1.80.0 2010.02.20 -
Jiangmin 13.0.900 2010.02.20 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5897 2010.02.19 -
McAfee+Artemis 5897 2010.02.19 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.20 -
NOD32 4882 2010.02.20 -
Norman 6.04.08 2010.02.20 -
nProtect 2009.1.8.0 2010.02.20 -
Panda 10.0.2.2 2010.02.20 -
PCTools 7.0.3.5 2010.02.19 -
Prevx 3.0 2010.02.20 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.20 -
Sunbelt 5689 2010.02.20 -
Symantec 20091.2.0.41 2010.02.20 -
TheHacker 6.5.1.5.202 2010.02.20 -
TrendMicro 9.120.0.1004 2010.02.20 -
VBA32 3.12.12.2 2010.02.19 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -
Information additionnelle
File size: 152576 bytes
MD5...: 26acbd865f8cff730f1791c4d0854352
SHA1..: 6793775b0c8fcceee9d6ceec09336571526a327f
SHA256: 66fa5845ed397538f92b30cb06202470071b6f45698647e1f86e784942f6c4c4
ssdeep: 3072:JMqqDLy/YRKig3A3V7ny/NL3ny07/OY9WUgm3RiYel:CqqDLuILg3UV8ly0<br>zOY9WK3RiY0<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x134e1<br>timedatestamp.....: 0x40eb5d28 (Wed Jul 07 02:17:12 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x20b3b 0x20c00 6.88 c8966e72fa03c4409bf5a7bfa6a569dc<br>.data 0x22000 0x2588 0x2400 3.79 c76955472af464b50f0ebdf17a0e07fa<br>.rsrc 0x25000 0xc50 0xe00 3.39 6dcad0dd3dd23a97cb6d205b3de7ff7a<br>.reloc 0x26000 0x1072 0x1200 6.10 6255703d8439791e565d0d2c64349ff8<br><br>( 5 imports ) <br>> msvcrt.dll: _strlwr, free, _initterm, malloc, _adjust_fdiv, _resetstkoflw, wcslen, wcscmp, wcscpy, wcscat, _except_handler3<br>> KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, DelayLoadFailureHook, RtlMoveMemory, LocalAlloc, CloseHandle, GetCurrentThread, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, Sleep, MultiByteToWideChar, GetVersionExA, GetSystemDirectoryW, CreateFileW, FindFirstFileExW, WriteFile, GetFileSize, DeleteFileW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WideCharToMultiByte, FindNextFileW, LoadLibraryExA, SizeofResource, LoadResource, FindResourceA, ReadFile, _lclose, SetFilePointer, OpenFile, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, lstrcpyW, DisableThreadLibraryCalls, GetModuleFileNameA, DeleteCriticalSection, IsBadWritePtr, lstrcmpiA, lstrcmpA, InitializeCriticalSection, LoadLibraryA, GetProcAddress, lstrcpyA, FreeLibrary, LocalFree, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, lstrlenA, FindClose, SetLastError, GetLastError<br>> ADVAPI32.dll: GetFileSecurityW, SetFileSecurityW, GetSecurityDescriptorControl, GetSecurityDescriptorLength, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeSelfRelativeSD, GetAclInformation, GetAce, InitializeAcl, AddAccessAllowedAce, FreeSid, SystemFunction041, SystemFunction040, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, EqualSid, SetThreadToken, RevertToSelf, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, PrivilegeCheck, LookupPrivilegeValueA, RegOpenKeyExW, RegDeleteKeyW, RegEnumKeyA, AdjustTokenPrivileges, ImpersonateSelf, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, MD5Final, MD5Update, MD5Init, A_SHAFinal, A_SHAUpdate, A_SHAInit, RegDeleteValueA, SystemFunction036, RegQueryValueExA, RegCloseKey, RegGetKeySecurity, GetLengthSid<br>> ntdll.dll: NtClose, RtlFreeHeap, NtCreateFile, RtlDosPathNameToNtPathName_U, RtlAllocateHeap, RtlImageNtHeader, RtlNtStatusToDosError<br>> USER32.dll: LoadStringW, wsprintfA, wsprintfW<br><br>( 27 exports ) <br>CPAcquireContext, CPCreateHash, CPDecrypt, CPDeriveKey, CPDestroyHash, CPDestroyKey, CPDuplicateHash, CPDuplicateKey, CPEncrypt, CPExportKey, CPGenKey, CPGenRandom, CPGetHashParam, CPGetKeyParam, CPGetProvParam, CPGetUserKey, CPHashData, CPHashSessionKey, CPImportKey, CPReleaseContext, CPSetHashParam, CPSetKeyParam, CPSetProvParam, CPSignHash, CPVerifySignature, DllRegisterServer, DllUnregisterServer<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Microsoft Enhanced Cryptographic Provider<br>original name: rsaenh.dll<br>internal name: rsaenh.dll<br>file version.: 5.1.2600.2161 (xpsp.040706-1629)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)