Cheval de troie
ste50
Messages postés
53
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
hier mon antivirus avira a détecté un cheval de troie. Ce matin j'ai fait une analyse avec Malwarebytes, voici le rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3857
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/03/2010 14:15:38
mbam-log-2010-03-12 (14-15-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 277425
Temps écoulé: 6 hour(s), 4 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\u94.exe (HackTool.Proxy) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Stéphane DADET\Menu Démarrer\Programmes\Démarrage\winesm32.exe (Trojan.Downloader) -> No action taken.
puis, j'ai lancé Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:47, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus\Stéphane DADET.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S30.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
hier mon antivirus avira a détecté un cheval de troie. Ce matin j'ai fait une analyse avec Malwarebytes, voici le rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3857
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/03/2010 14:15:38
mbam-log-2010-03-12 (14-15-33).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 277425
Temps écoulé: 6 hour(s), 4 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\u94.exe (HackTool.Proxy) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Stéphane DADET\Menu Démarrer\Programmes\Démarrage\winesm32.exe (Trojan.Downloader) -> No action taken.
puis, j'ai lancé Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:47, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus\Stéphane DADET.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S30.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
A voir également:
- Cheval de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Jeux de petit chevaux gratuit à télécharger - Télécharger - Jeux vidéo
- Qu'est ce que le cheval au poker - Forum Virus
- Skyrim retrouver son cheval - Forum Jeux PC
24 réponses
Bonjour,
les rapports sont les suivants:
Fichier 39dbe9f800b093ccd623011a1f5d5d00687cf28d.dll reçu le 2009.11.23 17:03:39 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -
Information additionnelle
File size: 120320 bytes
MD5 : 9317c8cc4c61de0df17fbcd323abc9f7
SHA1 : dba4ef611cd1cd088c0c79735511c0d0dfac7cae
SHA256: a134f6c7c407924dd8ca73dfd47f1869b439d06a0026dd615e4a7621855e89e4
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xCA50<br> timedatestamp.....: 0x3498B138 (Thu Dec 18 06:14:32 1997)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 6 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x135F0 0x13600 6.67 8df741497184f344311ca52ee69935a8<br>.rdata 0x15000 0x1795 0x1800 5.42 11499b50611f677367197611788187da<br>.data 0x17000 0x7378 0x4400 2.51 5912d885080ad81252fd0953fcf62a7d<br>.idata 0x1F000 0xF30 0x1000 5.27 f8797a81fafbe3e2186537eb36824587<br>.rsrc 0x20000 0x13B0 0x1400 4.37 cbbbb71358630e4a014a165543583dd4<br>.reloc 0x22000 0x1AC2 0x1C00 5.09 573b450f82b23521c47865c0331b1f64<br> <br> ( 7 imports )<br> <br>> advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegEnumKeyExA<br>> comctl32.dll: InitCommonControlsEx<br>> gdi32.dll: SetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SaveDC, CloseMetaFile, DeleteMetaFile, CreateMetaFileA, DeleteDC, RestoreDC, CreateRectRgnIndirect, SetMapMode, LPtoDP, GetDeviceCaps, CreateDCA<br>> kernel32.dll: GetModuleHandleA, GetModuleFileNameA, GetCurrentThreadId, GetCurrentProcess, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, GlobalUnlock, CloseHandle, LoadLibraryExA, FindResourceA, LoadResource, GetLastError, SizeofResource, FreeLibrary, lstrcpyA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, lstrcatA, CreateFileA, DisableThreadLibraryCalls, GlobalLock, GlobalAlloc, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynA, lstrlenA, FreeEnvironmentStringsW, GetLocaleInfoW, GetLocaleInfoA, SetEndOfFile, LoadLibraryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetFilePointer, lstrcmpiA, FlushFileBuffers, SetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, HeapReAlloc, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, TerminateProcess, WriteFile, ReadFile, GetProcAddress, VirtualAlloc, VirtualFree, HeapCreate, ExitProcess, GetVersion, GetCommandLineA, HeapFree, HeapAlloc<br>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, OleLoadFromStream, WriteClassStm, OleSaveToStream, ProgIDFromCLSID, OleRegGetUserType, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetMiscStatus, CreateDataAdviseHolder<br>> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> user32.dll: DispatchMessageA, SetWindowPos, SetWindowRgn, PtInRect, UnionRect, CreateWindowExA, CallWindowProcA, DefWindowProcA, LoadStringA, CharNextA, OffsetRect, EqualRect, LoadCursorA, wsprintfA, GetClassInfoExA, RegisterClassExA, GetWindowRect, SetWindowLongA, SendMessageA, TranslateMessage, PeekMessageA, SetFocus, GetParent, ShowWindow, DestroyWindow, IsWindow, GetClientRect, EndPaint, IntersectRect, InvalidateRect, BeginPaint, ReleaseDC, GetDC<br> <br> ( 1 exports )<br> <br>> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification<br>DirectShow filter (37.8%)<br>Win32 Executable MS Visual C++ 4.x (25.2%)<br>Windows OCX File (23.1%)<br>Win32 Executable MS Visual C++ (generic) (7.0%)<br>Windows Screen Saver (2.4%)
ssdeep: 3072:jkOSBm8k/VoxzY2fLqt/tty7Wg4ixk4LSxz0ogRs:hS0p+Epyqg4iqNxz0
PEiD : -
RDS : NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -
Information additionnelle
File size: 120320 bytes
MD5 : 9317c8cc4c61de0df17fbcd323abc9f7
SHA1 : dba4ef611cd1cd088c0c79735511c0d0dfac7cae
SHA256: a134f6c7c407924dd8ca73dfd47f1869b439d06a0026dd615e4a7621855e89e4
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xCA50<br> timedatestamp.....: 0x3498B138 (Thu Dec 18 06:14:32 1997)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 6 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x135F0 0x13600 6.67 8df741497184f344311ca52ee69935a8<br>.rdata 0x15000 0x1795 0x1800 5.42 11499b50611f677367197611788187da<br>.data 0x17000 0x7378 0x4400 2.51 5912d885080ad81252fd0953fcf62a7d<br>.idata 0x1F000 0xF30 0x1000 5.27 f8797a81fafbe3e2186537eb36824587<br>.rsrc 0x20000 0x13B0 0x1400 4.37 cbbbb71358630e4a014a165543583dd4<br>.reloc 0x22000 0x1AC2 0x1C00 5.09 573b450f82b23521c47865c0331b1f64<br> <br> ( 7 imports )<br> <br>> advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegEnumKeyExA<br>> comctl32.dll: InitCommonControlsEx<br>> gdi32.dll: SetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SaveDC, CloseMetaFile, DeleteMetaFile, CreateMetaFileA, DeleteDC, RestoreDC, CreateRectRgnIndirect, SetMapMode, LPtoDP, GetDeviceCaps, CreateDCA<br>> kernel32.dll: GetModuleHandleA, GetModuleFileNameA, GetCurrentThreadId, GetCurrentProcess, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, GlobalUnlock, CloseHandle, LoadLibraryExA, FindResourceA, LoadResource, GetLastError, SizeofResource, FreeLibrary, lstrcpyA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, lstrcatA, CreateFileA, DisableThreadLibraryCalls, GlobalLock, GlobalAlloc, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynA, lstrlenA, FreeEnvironmentStringsW, GetLocaleInfoW, GetLocaleInfoA, SetEndOfFile, LoadLibraryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetFilePointer, lstrcmpiA, FlushFileBuffers, SetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, HeapReAlloc, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, TerminateProcess, WriteFile, ReadFile, GetProcAddress, VirtualAlloc, VirtualFree, HeapCreate, ExitProcess, GetVersion, GetCommandLineA, HeapFree, HeapAlloc<br>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, OleLoadFromStream, WriteClassStm, OleSaveToStream, ProgIDFromCLSID, OleRegGetUserType, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetMiscStatus, CreateDataAdviseHolder<br>> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> user32.dll: DispatchMessageA, SetWindowPos, SetWindowRgn, PtInRect, UnionRect, CreateWindowExA, CallWindowProcA, DefWindowProcA, LoadStringA, CharNextA, OffsetRect, EqualRect, LoadCursorA, wsprintfA, GetClassInfoExA, RegisterClassExA, GetWindowRect, SetWindowLongA, SendMessageA, TranslateMessage, PeekMessageA, SetFocus, GetParent, ShowWindow, DestroyWindow, IsWindow, GetClientRect, EndPaint, IntersectRect, InvalidateRect, BeginPaint, ReleaseDC, GetDC<br> <br> ( 1 exports )<br> <br>> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification<br>DirectShow filter (37.8%)<br>Win32 Executable MS Visual C++ 4.x (25.2%)<br>Windows OCX File (23.1%)<br>Win32 Executable MS Visual C++ (generic) (7.0%)<br>Windows Screen Saver (2.4%)
ssdeep: 3072:jkOSBm8k/VoxzY2fLqt/tty7Wg4ixk4LSxz0ogRs:hS0p+Epyqg4iqNxz0
PEiD : -
RDS : NSRL Reference Data Set<br>-
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation deleted successfully.
Starting removal of ActiveX control {3A226D85-574D-4272-B73C-DBCAECF709B3}
C:\WINDOWS\Downloaded Program Files\TNSClickrb.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Starting removal of ActiveX control {4C39376E-FA9D-4349-BACC-D305C1750EF3}
C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Starting removal of ActiveX control fdjeux
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\fdjeux\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\fdjeux\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\fdjeux\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BD1DCDD deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
========== FILES ==========
C:\d4e0460ee35ae7d69a73604cc9\i386 folder moved successfully.
C:\d4e0460ee35ae7d69a73604cc9\amd64 folder moved successfully.
C:\d4e0460ee35ae7d69a73604cc9 folder moved successfully.
C:\Documents and Settings\Stéphane DADET\idx1.dat moved successfully.
C:\WINDOWS\~tmp.INI moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 510 bytes
->Temporary Internet Files folder emptied: 71045 bytes
User: All Users
User: Camille DADET
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Propriétaire
User: Stéphane DADET
->Temp folder emptied: 32309818 bytes
->Temporary Internet Files folder emptied: 70103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51359729 bytes
->Flash cache emptied: 3814 bytes
User: StÚphane DADET
User: Séverine DADET
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 927207 bytes
->FireFox cache emptied: 23482501 bytes
->Flash cache emptied: 405 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 103,00 mb
OTL by OldTimer - Version 3.1.37.2 log created on 03182010_070216
Files\Folders moved on Reboot...
C:\Documents and Settings\Stéphane DADET\Local Settings\Temp\~DF5910.tmp moved successfully.
Registry entries deleted on Reboot...
les rapports sont les suivants:
Fichier 39dbe9f800b093ccd623011a1f5d5d00687cf28d.dll reçu le 2009.11.23 17:03:39 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -
Information additionnelle
File size: 120320 bytes
MD5 : 9317c8cc4c61de0df17fbcd323abc9f7
SHA1 : dba4ef611cd1cd088c0c79735511c0d0dfac7cae
SHA256: a134f6c7c407924dd8ca73dfd47f1869b439d06a0026dd615e4a7621855e89e4
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xCA50<br> timedatestamp.....: 0x3498B138 (Thu Dec 18 06:14:32 1997)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 6 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x135F0 0x13600 6.67 8df741497184f344311ca52ee69935a8<br>.rdata 0x15000 0x1795 0x1800 5.42 11499b50611f677367197611788187da<br>.data 0x17000 0x7378 0x4400 2.51 5912d885080ad81252fd0953fcf62a7d<br>.idata 0x1F000 0xF30 0x1000 5.27 f8797a81fafbe3e2186537eb36824587<br>.rsrc 0x20000 0x13B0 0x1400 4.37 cbbbb71358630e4a014a165543583dd4<br>.reloc 0x22000 0x1AC2 0x1C00 5.09 573b450f82b23521c47865c0331b1f64<br> <br> ( 7 imports )<br> <br>> advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegEnumKeyExA<br>> comctl32.dll: InitCommonControlsEx<br>> gdi32.dll: SetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SaveDC, CloseMetaFile, DeleteMetaFile, CreateMetaFileA, DeleteDC, RestoreDC, CreateRectRgnIndirect, SetMapMode, LPtoDP, GetDeviceCaps, CreateDCA<br>> kernel32.dll: GetModuleHandleA, GetModuleFileNameA, GetCurrentThreadId, GetCurrentProcess, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, GlobalUnlock, CloseHandle, LoadLibraryExA, FindResourceA, LoadResource, GetLastError, SizeofResource, FreeLibrary, lstrcpyA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, lstrcatA, CreateFileA, DisableThreadLibraryCalls, GlobalLock, GlobalAlloc, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynA, lstrlenA, FreeEnvironmentStringsW, GetLocaleInfoW, GetLocaleInfoA, SetEndOfFile, LoadLibraryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetFilePointer, lstrcmpiA, FlushFileBuffers, SetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, HeapReAlloc, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, TerminateProcess, WriteFile, ReadFile, GetProcAddress, VirtualAlloc, VirtualFree, HeapCreate, ExitProcess, GetVersion, GetCommandLineA, HeapFree, HeapAlloc<br>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, OleLoadFromStream, WriteClassStm, OleSaveToStream, ProgIDFromCLSID, OleRegGetUserType, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetMiscStatus, CreateDataAdviseHolder<br>> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> user32.dll: DispatchMessageA, SetWindowPos, SetWindowRgn, PtInRect, UnionRect, CreateWindowExA, CallWindowProcA, DefWindowProcA, LoadStringA, CharNextA, OffsetRect, EqualRect, LoadCursorA, wsprintfA, GetClassInfoExA, RegisterClassExA, GetWindowRect, SetWindowLongA, SendMessageA, TranslateMessage, PeekMessageA, SetFocus, GetParent, ShowWindow, DestroyWindow, IsWindow, GetClientRect, EndPaint, IntersectRect, InvalidateRect, BeginPaint, ReleaseDC, GetDC<br> <br> ( 1 exports )<br> <br>> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification<br>DirectShow filter (37.8%)<br>Win32 Executable MS Visual C++ 4.x (25.2%)<br>Windows OCX File (23.1%)<br>Win32 Executable MS Visual C++ (generic) (7.0%)<br>Windows Screen Saver (2.4%)
ssdeep: 3072:jkOSBm8k/VoxzY2fLqt/tty7Wg4ixk4LSxz0ogRs:hS0p+Epyqg4iqNxz0
PEiD : -
RDS : NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -
Information additionnelle
File size: 120320 bytes
MD5 : 9317c8cc4c61de0df17fbcd323abc9f7
SHA1 : dba4ef611cd1cd088c0c79735511c0d0dfac7cae
SHA256: a134f6c7c407924dd8ca73dfd47f1869b439d06a0026dd615e4a7621855e89e4
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xCA50<br> timedatestamp.....: 0x3498B138 (Thu Dec 18 06:14:32 1997)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 6 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x135F0 0x13600 6.67 8df741497184f344311ca52ee69935a8<br>.rdata 0x15000 0x1795 0x1800 5.42 11499b50611f677367197611788187da<br>.data 0x17000 0x7378 0x4400 2.51 5912d885080ad81252fd0953fcf62a7d<br>.idata 0x1F000 0xF30 0x1000 5.27 f8797a81fafbe3e2186537eb36824587<br>.rsrc 0x20000 0x13B0 0x1400 4.37 cbbbb71358630e4a014a165543583dd4<br>.reloc 0x22000 0x1AC2 0x1C00 5.09 573b450f82b23521c47865c0331b1f64<br> <br> ( 7 imports )<br> <br>> advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegEnumKeyExA<br>> comctl32.dll: InitCommonControlsEx<br>> gdi32.dll: SetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SaveDC, CloseMetaFile, DeleteMetaFile, CreateMetaFileA, DeleteDC, RestoreDC, CreateRectRgnIndirect, SetMapMode, LPtoDP, GetDeviceCaps, CreateDCA<br>> kernel32.dll: GetModuleHandleA, GetModuleFileNameA, GetCurrentThreadId, GetCurrentProcess, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, GlobalUnlock, CloseHandle, LoadLibraryExA, FindResourceA, LoadResource, GetLastError, SizeofResource, FreeLibrary, lstrcpyA, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, lstrcatA, CreateFileA, DisableThreadLibraryCalls, GlobalLock, GlobalAlloc, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynA, lstrlenA, FreeEnvironmentStringsW, GetLocaleInfoW, GetLocaleInfoA, SetEndOfFile, LoadLibraryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetFilePointer, lstrcmpiA, FlushFileBuffers, SetStdHandle, GetEnvironmentStringsW, GetEnvironmentStrings, HeapReAlloc, FreeEnvironmentStringsA, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, TerminateProcess, WriteFile, ReadFile, GetProcAddress, VirtualAlloc, VirtualFree, HeapCreate, ExitProcess, GetVersion, GetCommandLineA, HeapFree, HeapAlloc<br>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, OleLoadFromStream, WriteClassStm, OleSaveToStream, ProgIDFromCLSID, OleRegGetUserType, CreateOleAdviseHolder, OleRegEnumVerbs, OleRegGetMiscStatus, CreateDataAdviseHolder<br>> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> user32.dll: DispatchMessageA, SetWindowPos, SetWindowRgn, PtInRect, UnionRect, CreateWindowExA, CallWindowProcA, DefWindowProcA, LoadStringA, CharNextA, OffsetRect, EqualRect, LoadCursorA, wsprintfA, GetClassInfoExA, RegisterClassExA, GetWindowRect, SetWindowLongA, SendMessageA, TranslateMessage, PeekMessageA, SetFocus, GetParent, ShowWindow, DestroyWindow, IsWindow, GetClientRect, EndPaint, IntersectRect, InvalidateRect, BeginPaint, ReleaseDC, GetDC<br> <br> ( 1 exports )<br> <br>> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification<br>DirectShow filter (37.8%)<br>Win32 Executable MS Visual C++ 4.x (25.2%)<br>Windows OCX File (23.1%)<br>Win32 Executable MS Visual C++ (generic) (7.0%)<br>Windows Screen Saver (2.4%)
ssdeep: 3072:jkOSBm8k/VoxzY2fLqt/tty7Wg4ixk4LSxz0ogRs:hS0p+Epyqg4iqNxz0
PEiD : -
RDS : NSRL Reference Data Set<br>-
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation deleted successfully.
Starting removal of ActiveX control {3A226D85-574D-4272-B73C-DBCAECF709B3}
C:\WINDOWS\Downloaded Program Files\TNSClickrb.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A226D85-574D-4272-B73C-DBCAECF709B3}\ not found.
Starting removal of ActiveX control {4C39376E-FA9D-4349-BACC-D305C1750EF3}
C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C39376E-FA9D-4349-BACC-D305C1750EF3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Starting removal of ActiveX control fdjeux
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\fdjeux\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\fdjeux\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\fdjeux\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BD1DCDD deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
========== FILES ==========
C:\d4e0460ee35ae7d69a73604cc9\i386 folder moved successfully.
C:\d4e0460ee35ae7d69a73604cc9\amd64 folder moved successfully.
C:\d4e0460ee35ae7d69a73604cc9 folder moved successfully.
C:\Documents and Settings\Stéphane DADET\idx1.dat moved successfully.
C:\WINDOWS\~tmp.INI moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 510 bytes
->Temporary Internet Files folder emptied: 71045 bytes
User: All Users
User: Camille DADET
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Propriétaire
User: Stéphane DADET
->Temp folder emptied: 32309818 bytes
->Temporary Internet Files folder emptied: 70103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51359729 bytes
->Flash cache emptied: 3814 bytes
User: StÚphane DADET
User: Séverine DADET
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 927207 bytes
->FireFox cache emptied: 23482501 bytes
->Flash cache emptied: 405 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 103,00 mb
OTL by OldTimer - Version 3.1.37.2 log created on 03182010_070216
Files\Folders moved on Reboot...
C:\Documents and Settings\Stéphane DADET\Local Settings\Temp\~DF5910.tmp moved successfully.
Registry entries deleted on Reboot...
bonsoir,
voici le rapport malwarebytes:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3879
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/03/2010 16:42:50
mbam-log-2010-03-18 (16-42-44).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 258338
Temps écoulé: 1 hour(s), 28 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\veqswi.sys.vir (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0001281.sys (Rootkit.Agent) -> No action taken.
voici le rapport malwarebytes:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3879
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/03/2010 16:42:50
mbam-log-2010-03-18 (16-42-44).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 258338
Temps écoulé: 1 hour(s), 28 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\veqswi.sys.vir (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0001281.sys (Rootkit.Agent) -> No action taken.
