Supprimer Winifighter

Résolu
Underdead Messages postés 27 Statut Membre -  
 Utilisateur anonyme -
Bonjour à tous,

Depuis hier soir j'ai un problème avec ce spyware qui s'est installé sur mon pc.. J'ai lu plusieurs forums de discussions à ce sujet mais je n'ai pas tout saisi..

Je suis sous windows XP.

Pouvez vous m'aider / m'expliquer comment supprimer ce winifigther ?

Merci beaucoup.
Underdead.
A voir également:

57 réponses

Précédent
Réponse 21 / 57
Utilisateur anonyme
 
Bonjour , merci chimay

bah...quand ils verront leur pc planté a cause de multi utilisation d'outils....ben ils seront contents :)
0
underdead
 
Oui je suis désolé pour cela, je n'étais pas sûr d'avoir une réponse sur chaque forum alors j'ai créé plusieurs topics .. à l'avenir je ne le referrai pas.

ComboFix 09-08-03.04 - Underdead 04/08/2009 2:05.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.682 [GMT 2:00]
Running from: c:\documents and settings\Underdead\Bureau\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1002zvirus7f95.exe
c:\windows\10056not9azv5rus1c6.cpl
c:\windows\1037szamb5te89.cpl
c:\windows\10415not-a-vi59s276z.bin
c:\windows\1109zs5am9ot97.ocx
c:\windows\112f9tealz559.cpl
c:\windows\1152hack9ool2d5z.bin
c:\windows\11c2z5ar9e234.cpl
c:\windows\1260downloaderz8859.exe
c:\windows\12999tr5j4z3.cpl
c:\windows\13045zorm2d9.ocx
c:\windows\133805ro9z53.exe
c:\windows\1349spam5zt129.bin
c:\windows\13695wo5mza.cpl
c:\windows\13z58spamb5t289.bin
c:\windows\14193trojz95.bin
c:\windows\14252tz9j551.ocx
c:\windows\1439ztroj5f6.bin
c:\windows\14927zo5-a-virusa4.ocx
c:\windows\14975not5a-virus7z0.ocx
c:\windows\149dt5rzat25253.dll
c:\windows\15098zirus5b9.exe
c:\windows\15307t9ojzb1.exe
c:\windows\1545ztroj955.ocx
c:\windows\156145o9mzf3.exe
c:\windows\15758not-9-virus2b5z.ocx
c:\windows\15979zpy59c5.cpl
c:\windows\15cespa59e2922z.cpl
c:\windows\15z4worm49.exe
c:\windows\15z74ha5ktoole9.bin
c:\windows\164929azkto5l362.bin
c:\windows\1691vi54z9.cpl
c:\windows\169zba5kdoor2923.ocx
c:\windows\170945pambot7z7.exe
c:\windows\17391zot-5-virus62a.cpl
c:\windows\174ct9reat5z47.cpl
c:\windows\178475zckto9l555.exe
c:\windows\179fzownloade59907.bin
c:\windows\182z85acktool4ed9.bin
c:\windows\18429spam9ot5z55.exe
c:\windows\1875thie92z59.exe
c:\windows\187z6sp9mbo536a.ocx
c:\windows\18d59parsz2995.bin
c:\windows\18e9spz9are590.dll
c:\windows\19015spy599z.ocx
c:\windows\19016wormz259.exe
c:\windows\19261notza-vi5us260.dll
c:\windows\19355z9y5f5.exe
c:\windows\19550virusz95.bin
c:\windows\19553not9a-virus2z5.bin
c:\windows\19587zacktoo53f.cpl
c:\windows\19azv5r529.cpl
c:\windows\19z16hacktool956.bin
c:\windows\19z975irus5a3.dll
c:\windows\1a21a9dwarz5611.ocx
c:\windows\1bf4spazse7059.ocx
c:\windows\1c1z9ddware125.bin
c:\windows\1c25thief907z.exe
c:\windows\1da4s9zrse5449.dll
c:\windows\1z715worm28e9.ocx
c:\windows\1ze5sparse2997.cpl
c:\windows\20150w9zm1b4.dll
c:\windows\202205orm9bfz.exe
c:\windows\205095pazbot7c.ocx
c:\windows\20951not-5-vi9uz6f8.bin
c:\windows\20czspy5a9e857.exe
c:\windows\21512sp5zbot395.ocx
c:\windows\21791wozm1385.dll
c:\windows\21930wozm5a59.ocx
c:\windows\219555roj94z.bin
c:\windows\229055rzj594.dll
c:\windows\23066zr5j259.ocx
c:\windows\23259troj1z9.exe
c:\windows\23z94tr592cb.bin
c:\windows\24315viz9s7c5.exe
c:\windows\24596s5ambo93z.bin
c:\windows\2459dowzloa9er259.bin
c:\windows\247tzr9at5629.dll
c:\windows\24957no5-a-zirus592.ocx
c:\windows\24977virus42z5.dll
c:\windows\24f5spyw9re12z4.cpl
c:\windows\25193not5a-virzs3d0.exe
c:\windows\2520459rzs7db.dll
c:\windows\25625w95z751.exe
c:\windows\25736w59z3d9.cpl
c:\windows\258z595y50d.ocx
c:\windows\25941s9zmbot60c.dll
c:\windows\26054not-a-5zrus98a.dll
c:\windows\27069spambot7z59.bin
c:\windows\27891trzj955.ocx
c:\windows\278vi9us59fz.exe
c:\windows\27z87w9rm5d.cpl
c:\windows\28077not-azvi9u55e4.cpl
c:\windows\2858zs9a5botef.exe
c:\windows\28605hackto9lz40.cpl
c:\windows\28962wozm515.exe
c:\windows\2909ztroj55d.exe
c:\windows\29171h9ckzoo5178.cpl
c:\windows\292s5ywaze2551.ocx
c:\windows\29404t95z6ec.ocx
c:\windows\29437s5ambotz09.cpl
c:\windows\2945zparse1654.dll
c:\windows\29498viruz35b9.ocx
c:\windows\29509tr5z234.bin
c:\windows\29578trzj625.ocx
c:\windows\295backdoorz657.cpl
c:\windows\2990zw5rm975.ocx
c:\windows\2996a5dwarz71.ocx
c:\windows\29a9zpy5are15859.dll
c:\windows\2a21back9ooz1850.ocx
c:\windows\2c7fstea92z50.ocx
c:\windows\2d16spywa9e153z.ocx
c:\windows\2e10stea539z.dll
c:\windows\2e26ba5kdooz941.dll
c:\windows\2z03hack9o5l68.cpl
c:\windows\2z345ro97e3.dll
c:\windows\2z345s9ambot558.bin
c:\windows\2z4athi9f715.cpl
c:\windows\2z575no5-a9virus790.ocx
c:\windows\2z5f5ir6519.bin
c:\windows\2z865t5oj7d59.exe
c:\windows\2z952hackt9ol625.dll
c:\windows\30ecback9ozr2595.bin
c:\windows\31015woz931b.exe
c:\windows\31329zo9m658.cpl
c:\windows\31504vizus910.ocx
c:\windows\31519spy5dz.ocx
c:\windows\31643t5oj3z9.bin
c:\windows\31999spy1dz5.cpl
c:\windows\323269ot-a-viru558z.exe
c:\windows\32629w9z5111.cpl
c:\windows\327zs9eal2095.dll
c:\windows\3332bac9door2965z.bin
c:\windows\34555hreat22689z.ocx
c:\windows\349bspzwar5645.exe
c:\windows\351009py7z2.bin
c:\windows\352z9worm944.exe
c:\windows\355zspyware3098.dll
c:\windows\35c1s9zrse949.exe
c:\windows\3731za5kd9or1318.ocx
c:\windows\3931v5rz95.dll
c:\windows\39369zy157.exe
c:\windows\3955spy6z5.cpl
c:\windows\3984sp573z.dll
c:\windows\39d2addw5rz665.exe
c:\windows\3a5thze9t5460.ocx
c:\windows\3c7d5ir499z.ocx
c:\windows\3cc9spyware520z.bin
c:\windows\3d3ead5warez79.dll
c:\windows\3e29thi5f10z8.dll
c:\windows\3e5ath5eat971z5.dll
c:\windows\3e5czi91619.exe
c:\windows\3ea3ste9lz005.cpl
c:\windows\3ez25ir10319.dll
c:\windows\3f98spa59z574.exe
c:\windows\3z249tea5938.bin
c:\windows\3z59pars51476.exe
c:\windows\3z63worm95f5.bin
c:\windows\3z775ir1092.bin
c:\windows\3z8829o5-a-virus525.dll
c:\windows\3z909hack9oo5282.exe
c:\windows\3z953virus5c5.bin
c:\windows\3zfa59arse3169.bin
c:\windows\404zbac9door5447.ocx
c:\windows\41z25iru92e8.exe
c:\windows\423w5zm49c.bin
c:\windows\4365thz9at25889.cpl
c:\windows\4707thi9f534z.cpl
c:\windows\47z99irusb5.ocx
c:\windows\4923tzief2525.bin
c:\windows\49285pzrse2076.exe
c:\windows\4989szy7c59.cpl
c:\windows\4a6fthreatz9245.dll
c:\windows\4a87sparze94355.ocx
c:\windows\4c5ca9dware9z7.exe
c:\windows\4zb5t9ief2923.bin
c:\windows\5029vir150z.dll
c:\windows\50312not-a-vizus29d9.bin
c:\windows\Installer\1ca9c02.msi
c:\windows\Installer\692781.msi
c:\windows\Installer\861830.msp
c:\windows\system32\Data
c:\windows\system32\Data\install.ico
c:\windows\system32\drivers\gxvxcljmiuhalsxddebtymdvdojdxmetxkmfo.sys
c:\windows\system32\drivers\gxvxcmltakbqxwnkvrtjxbqhtyputoirqpdlk.sys
c:\windows\system32\drivers\gxvxcmrdktuiqnvteoodmvmpfakltouybwwqb.sys
c:\windows\system32\drivers\gxvxcnkvvcvvkjbenpxeslkfuoyvxfubqaoyk.sys
c:\windows\system32\drivers\gxvxcpxducqeqqhewxlypibmivxtufxjertta.sys
c:\windows\system32\drivers\gxvxcvbrnoewlxjkvpapulqjbompfubqakbwy.sys
c:\windows\system32\drivers\gxvxcvnxtlonmnboctairdaektfordjsoyddc.sys
c:\windows\system32\drivers\gxvxcyijnopexwpmufbjvjlhbotkiusxvkbgk.sys
c:\windows\system32\drivers\gxvxcyllrgmowehxrevxjcbnmpxuspuyrfrrn.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcgxyqxovdnosswrrvamxflayvielwgptb.dll
c:\windows\system32\kr_done1
c:\windows\system32\qgcrr8j0ecej.exe
c:\windows\system32\sgcvr8j0ecej.dll

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\beep.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-12-26 17:26 . 2009-12-26 17:26 3723 ----a-w- c:\windows\system32\19124notza-virus5a5.exe
2009-12-26 15:35 . 2009-12-26 15:35 9617 ----a-w- c:\windows\system32\55z1hacktoo938c.bin
2009-12-25 19:28 . 2009-12-25 19:28 11475 ----a-w- c:\windows\system32\505evi91190z.exe
2009-12-24 02:54 . 2009-12-24 02:54 3143 ----a-w- c:\windows\system32\z133w59m42f.exe
2009-12-19 00:16 . 2009-12-19 00:16 3541 ----a-w- c:\windows\system32\5ad5bac9dzor1029.bin
2009-12-12 14:59 . 2009-12-12 14:59 7529 ----a-w- c:\windows\5z134spamb9t2c7.dll
2009-12-09 21:55 . 2009-12-09 21:55 2799 ----a-w- c:\windows\system32\496159rm7z.exe
2009-12-06 10:57 . 2009-12-06 10:57 15930 ----a-w- c:\windows\7653down5oader9355z.exe
2009-12-06 04:51 . 2009-12-06 04:51 9672 ----a-w- c:\windows\system32\5530wozm649.exe
2009-12-05 06:11 . 2009-12-05 06:11 8090 ----a-w- c:\windows\system32\5zbavir1329.exe
2009-12-04 12:38 . 2009-12-04 12:38 4945 ----a-w- c:\windows\system32\699zt5ief12309.bin
2009-12-01 09:27 . 2009-12-01 09:27 13739 ----a-w- c:\windows\5889not-a-viruz86.dll
2009-11-28 12:12 . 2009-11-28 12:12 3406 ----a-w- c:\windows\system32\32711s5ambot496z.dll
2009-11-27 16:12 . 2009-11-27 16:12 14209 ----a-w- c:\windows\6903vir15z7.dll
2009-11-23 08:59 . 2009-11-23 08:59 2887 ----a-w- c:\windows\system32\94acdownloa5erz14.exe
2009-11-22 01:07 . 2009-11-22 01:07 12589 ----a-w- c:\windows\9475pa9bot32z.bin
2009-11-19 00:36 . 2009-11-19 00:36 12883 ----a-w- c:\windows\system32\49659hief5668z.dll
2009-11-10 01:39 . 2009-11-10 01:39 2962 ----a-w- c:\windows\549d5zdwar9250.exe
2009-11-09 17:28 . 2009-11-09 17:28 7397 ----a-w- c:\windows\system32\148z6not-9-virus1195.bin
2009-11-06 09:03 . 2009-11-06 09:03 18376 ----a-w- c:\windows\system32\3a5dth59atz4494.dll
2009-11-04 17:08 . 2009-11-04 17:08 11023 ----a-w- c:\windows\system32\78659parsz146.exe
2009-10-23 08:50 . 2009-10-23 08:50 15781 ----a-w- c:\windows\system32\5bafspa5se2z98.dll
2009-10-21 02:10 . 2009-10-21 02:10 11568 ----a-w- c:\windows\system32\4095not-a-vz5us4ce.exe
2009-10-20 11:42 . 2009-10-20 11:42 18380 ----a-w- c:\windows\system32\9fabv5z1281.bin
2009-10-17 20:12 . 2009-10-17 20:12 5423 ----a-w- c:\windows\system32\496faddw5rez198.dll
2009-10-15 22:16 . 2009-10-15 22:16 3074 ----a-w- c:\windows\system32\231245py599z.bin
2009-10-11 10:06 . 2009-10-11 10:06 9202 ----a-w- c:\windows\7f8f9ir5z30.bin
2009-10-10 10:42 . 2009-10-10 10:42 11621 ----a-w- c:\windows\z9516sp9772.dll
2009-10-09 14:25 . 2009-10-09 14:25 9499 ----a-w- c:\windows\system32\19565vizus495.dll
2009-10-09 05:03 . 2009-10-09 05:03 13192 ----a-w- c:\windows\system32\913thzeat4615.exe
2009-10-07 18:04 . 2009-10-07 18:04 8649 ----a-w- c:\windows\9zvir5959.dll
2009-10-05 10:24 . 2009-10-05 10:24 18222 ----a-w- c:\windows\507fzpywa9e1864.bin
2009-10-01 09:17 . 2009-10-01 09:17 4512 ----a-w- c:\windows\system32\zdd1ba5kd9or3107.dll
2009-09-24 17:46 . 2009-09-24 17:46 15222 ----a-w- c:\windows\system32\1z80worm1695.dll
2009-09-22 06:20 . 2009-09-22 06:20 15439 ----a-w- c:\windows\system32\1d52downlzade92259.dll
2009-09-12 12:42 . 2009-09-12 12:42 2733 ----a-w- c:\windows\system32\25044not-a-v9rzs70f.dll
2009-09-10 01:11 . 2009-09-10 01:11 10759 ----a-w- c:\windows\system32\4f5zvir9937.dll
2009-09-04 03:18 . 2009-09-04 03:18 17406 ----a-w- c:\windows\9088thief305z.dll
2009-09-03 19:03 . 2009-09-03 19:03 7492 ----a-w- c:\windows\system32\72845ddz9re1949.exe
2009-08-27 23:28 . 2009-08-27 23:28 14956 ----a-w- c:\windows\system32\31f95hiefz455.exe
2009-08-25 15:25 . 2009-08-25 15:25 3205 ----a-w- c:\windows\system32\35809worm50z.exe
2009-08-25 14:04 . 2009-08-25 14:04 12683 ----a-w- c:\windows\system32\66afzparse9105.exe
2009-08-24 10:14 . 2009-08-24 10:14 10701 ----a-w- c:\windows\system32\5009downzoader15559.exe
2009-08-23 02:40 . 2009-08-23 02:40 13268 ----a-w- c:\windows\9119hazkto5le5.bin
2009-08-22 08:32 . 2009-08-22 08:32 4608 ----a-w- c:\windows\system32\319bthiez25079.exe
2009-08-18 06:24 . 2009-08-18 06:24 16511 ----a-w- c:\windows\78cat9re5tz2106.exe
2009-08-17 22:59 . 2009-08-17 22:59 5801 ----a-w- c:\windows\z09espars52584.dll
2009-08-17 11:10 . 2009-08-17 11:10 4331 ----a-w- c:\windows\8154wo5mz589.bin
2009-08-12 16:57 . 2009-08-12 16:57 7322 ----a-w- c:\windows\5914zackdoo5722.dll
2009-08-09 16:58 . 2009-08-09 16:58 2969 ----a-w- c:\windows\638vi95470z.exe
2009-08-03 21:57 . 2009-08-03 22:37 -------- d-----w- C:\UsbFix
2009-08-03 21:06 . 2009-08-03 21:32 -------- d-----w- C:\WORT
2009-08-03 11:25 . 2009-08-03 12:01 -------- d-----w- c:\program files\VS Revo Group
2009-08-03 06:17 . 2009-08-03 06:17 12637 ----a-w- c:\windows\system32\26265p92dz.dll
2009-08-03 00:05 . 2009-08-03 18:01 -------- d-----w- c:\program files\trend micro
2009-08-03 00:05 . 2009-08-03 00:06 -------- d-----w- C:\rsit
2009-08-02 18:08 . 2009-08-02 18:08 -------- d-----w- c:\program files\INFORAD_DRIVERS
2009-08-02 18:08 . 2004-12-20 19:56 134144 ----a-w- c:\windows\system32\ifdreset.exe
2009-08-02 18:08 . 2009-08-02 19:50 -------- d-----w- c:\program files\INFORAD
2009-08-02 18:08 . 2004-06-28 13:08 42752 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-07-27 20:56 . 2009-07-27 20:56 11418 ----a-w- c:\windows\805z9eal15295.exe
2009-07-27 10:15 . 2009-07-27 10:15 7681 ----a-w- c:\windows\system32\2571spars93z5.dll
2009-07-25 10:58 . 2009-07-25 10:58 17585 ----a-w- c:\windows\system32\6ez2t5ief3091.dll
2009-07-24 22:30 . 2009-07-24 22:30 17623 ----a-w- c:\windows\system32\5zfda9dware3156.exe
2009-07-21 17:03 . 2009-07-21 17:03 10729 ----a-w- c:\windows\system32\z555troj5249.dll
2009-07-19 07:06 . 2009-07-19 07:06 3416 ----a-w- c:\windows\system32\9977sp555z.bin
2009-07-18 03:07 . 2009-07-18 03:07 8118 ----a-w- c:\windows\65cdthief17z59.bin
2009-07-14 05:07 . 2009-07-14 05:07 12255 ----a-w- c:\windows\9773h5zktool6f9.dll
2009-07-13 11:49 . 2009-07-13 11:49 12970 ----a-w- c:\windows\5554szyware9025.dll
2009-07-13 03:51 . 2009-07-13 03:51 6945 ----a-w- c:\windows\system32\31952not-a-5iruz4579.dll
2009-07-09 20:19 . 2009-07-09 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-07-08 17:03 . 2009-07-08 17:03 5042 ----a-w- c:\windows\system32\51729irz10.exe
2009-07-07 22:51 . 2009-07-07 22:50 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-07 20:48 . 2009-07-07 20:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-07 15:37 . 2009-07-07 15:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-07 15:37 . 2009-08-03 17:44 -------- d-----w- c:\documents and settings\Underdead\Application Data\skypePM
2009-07-07 15:33 . 2009-08-03 21:57 -------- d-----w- c:\documents and settings\Underdead\Application Data\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----r- c:\program files\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-06 21:49 . 2009-07-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-05 22:24 . 2009-07-05 22:24 6222 ----a-w- c:\windows\system32\z0106hacktool5f09.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 22:38 . 2004-08-05 12:00 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 22:38 . 2004-08-05 12:00 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-07 22:52 . 2007-10-20 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 22:51 . 2009-05-14 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-06 21:48 . 2009-05-29 18:23 -------- d-----w- c:\documents and settings\Underdead\Application Data\CyberLink
2009-07-04 17:42 . 2009-07-04 17:42 8264 ----a-w- c:\windows\system32\29956spy42z5.dll
2009-07-03 09:43 . 2007-10-30 08:12 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-02 14:37 . 2009-07-02 14:33 -------- d-----w- c:\program files\CyberLink
2009-06-28 15:06 . 2009-06-28 15:06 14238 ----a-w- c:\windows\system32\28105zi9us50.exe
2009-06-28 14:39 . 2009-06-28 14:39 2657 ----a-w- c:\windows\system32\49835roj7zf.bin
2009-06-24 18:10 . 2008-09-17 19:33 -------- d-----w- c:\documents and settings\Underdead\Application Data\uTorrent
2009-06-20 10:51 . 2009-06-20 10:51 18099 ----a-w- c:\windows\system32\5z65addware31429.bin
2009-06-16 07:04 . 2009-06-16 07:04 10174 ----a-w- c:\windows\system32\9595zpy6aa.dll
2009-06-16 01:27 . 2009-06-16 01:27 15923 ----a-w- c:\windows\5697bac9dozr2509.dll
2009-06-14 03:51 . 2009-06-14 03:51 6693 ----a-w- c:\windows\system32\23995hacktoolz9c.bin
2009-06-12 05:30 . 2009-06-12 05:30 10125 ----a-w- c:\windows\system32\95c5vzr1501.dll
2009-06-05 18:23 . 2008-03-01 22:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-05 18:20 . 2009-05-14 18:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-06-05 18:20 . 2007-10-20 21:13 -------- d-----w- c:\program files\eMule
2009-06-04 14:23 . 2009-06-04 14:23 14959 ----a-w- c:\windows\system32\59e8zi52952.dll
2009-05-28 09:37 . 2009-05-28 09:37 16452 ----a-w- c:\windows\518ab9ckdozr2256.dll
2009-05-28 03:37 . 2009-05-28 03:37 14353 ----a-w- c:\windows\system32\30589zpy35d9.exe
2009-05-25 16:32 . 2009-05-25 16:32 3875 ----a-w- c:\windows\92dstezl9572.exe
2009-05-24 22:10 . 2009-05-24 22:10 3240 ----a-w- c:\windows\7b32szywa592088.bin
2009-05-24 12:37 . 2009-05-24 12:37 2873 ----a-w- c:\windows\system32\5159zir1045.exe
2009-05-23 12:51 . 2009-05-23 12:51 6521 ----a-w- c:\windows\92ab5iz1455.dll
2009-05-22 17:20 . 2007-10-20 14:52 81168 ----a-w- c:\documents and settings\Sylvie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 15:57 . 2009-05-19 15:57 9364 ----a-w- c:\windows\5b90s9arse3150z.exe
2009-05-19 11:05 . 2009-05-19 11:05 6368 ----a-w- c:\windows\system32\728bd9wnloadez26605.bin
2009-05-16 21:54 . 2009-05-16 21:54 10700 ----a-w- c:\windows\system32\3363do9n5oader19z7.dll
2009-05-16 20:43 . 2009-05-16 20:43 9468 ----a-w- c:\windows\bd4ste5z1923.bin
2009-05-16 15:36 . 2008-01-09 17:50 81168 ----a-w- c:\documents and settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 02:48 . 2009-05-16 02:48 2668 ----a-w- c:\windows\system32\9z532hacktool577.dll
2009-05-14 23:29 . 2009-05-14 23:29 9861 ----a-w- c:\windows\system32\7206thz9at15091.exe
2009-05-14 19:13 . 2008-07-04 09:31 81168 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-14 17:39 . 2009-05-14 17:39 12547 ----a-w- c:\windows\system32\9122not-z-vi59s471.exe
2009-05-13 04:00 . 2009-05-13 04:00 15179 ----a-w- c:\windows\system32\29696spamb5t62z.dll
2009-05-13 01:55 . 2009-05-13 01:55 2728 ----a-w- c:\windows\system32\4794do5nl9zder2898.dll
2009-05-11 11:15 . 2009-05-11 11:15 11472 ----a-w- c:\windows\9d6szywa952535.bin
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 12:30 . 2004-07-16 12:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2009-07-31 07:25 . 2008-08-27 18:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-29 949376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Underdead^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Underdead\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29/10/2007 19:44 15424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 nenum13E;nenum13E;\??\c:\docume~1\UNDERD~1\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\UNDERD~1\LOCALS~1\Temp\nenum13E.sys [?]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [06/07/2008 22:41 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [06/07/2008 22:41 37440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Underdead\Application Data\Mozilla\Firefox\Profiles\0e61utd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 02:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,f1,17,90,c8,92,a5,49,04,3d,55,2f,7b,81,9f,c4,82,d6,3f,db,5e,
ec,42,10,a2,f0,e1,c9,d3,24,f9,de,f4,0c,97,49,23,71,5e,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82eb7d08-e2a5-49ef-af46-c6b2554b31e9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3572)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\TRENDnet\TEW-424UB\SiSWLSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-08-04 2:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 00:35

Pre-Run: 50 623 332 352 octets libres
Post-Run: 51 017 080 832 octets libres

483 --- E O F --- 2009-08-03 22:54
0
Réponse 22 / 57
Utilisateur anonyme
 

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\windows\system32\19124notza-virus5a5.exe
c:\windows\system32\55z1hacktoo938c.bin
c:\windows\system32\505evi91190z.exe
c:\windows\system32\z133w59m42f.exe
c:\windows\system32\5ad5bac9dzor1029.bin
c:\windows\5z134spamb9t2c7.dll
c:\windows\system32\496159rm7z.exe
c:\windows\7653down5oader9355z.exe
c:\windows\system32\5530wozm649.exe
c:\windows\system32\5zbavir1329.exe
c:\windows\system32\699zt5ief12309.bin
c:\windows\5889not-a-viruz86.dll
c:\windows\system32\32711s5ambot496z.dll
c:\windows\6903vir15z7.dll
c:\windows\system32\94acdownloa5erz14.exe
c:\windows\9475pa9bot32z.bin
c:\windows\system32\49659hief5668z.dll
c:\windows\549d5zdwar9250.exe
c:\windows\system32\148z6not-9-virus1195.bin
c:\windows\system32\3a5dth59atz4494.dll
c:\windows\system32\78659parsz146.exe
c:\windows\system32\5bafspa5se2z98.dll
c:\windows\system32\4095not-a-vz5us4ce.exe
c:\windows\system32\9fabv5z1281.bin
c:\windows\system32\496faddw5rez198.dll
c:\windows\system32\231245py599z.bin
c:\windows\7f8f9ir5z30.bin
c:\windows\z9516sp9772.dll
c:\windows\system32\19565vizus495.dll
c:\windows\system32\913thzeat4615.exe
c:\windows\9zvir5959.dll
c:\windows\507fzpywa9e1864.bin
c:\windows\system32\zdd1ba5kd9or3107.dll
c:\windows\system32\1z80worm1695.dll
c:\windows\system32\1d52downlzade92259.dll
c:\windows\system32\25044not-a-v9rzs70f.dll
c:\windows\system32\4f5zvir9937.dll
c:\windows\9088thief305z.dll
c:\windows\system32\72845ddz9re1949.exe
c:\windows\system32\31f95hiefz455.exe
c:\windows\system32\35809worm50z.exe
c:\windows\system32\66afzparse9105.exe
c:\windows\system32\5009downzoader15559.exe
c:\windows\9119hazkto5le5.bin
c:\windows\system32\319bthiez25079.exe
c:\windows\78cat9re5tz2106.exe
c:\windows\z09espars52584.dll
c:\windows\8154wo5mz589.bin
c:\windows\5914zackdoo5722.dll
c:\windows\638vi95470z.exe
c:\windows\system32\26265p92dz.dll
c:\windows\805z9eal15295.exe
c:\windows\system32\2571spars93z5.dll
c:\windows\system32\6ez2t5ief3091.dll
c:\windows\system32\5zfda9dware3156.exe
c:\windows\system32\z555troj5249.dll
c:\windows\system32\9977sp555z.bin
c:\windows\65cdthief17z59.bin
c:\windows\9773h5zktool6f9.dll
c:\windows\5554szyware9025.dll
c:\windows\system32\31952not-a-5iruz4579.dll
c:\windows\system32\51729irz10.exe
c:\windows\system32\z0106hacktool5f09.dll
c:\windows\system32\29956spy42z5.dll
c:\windows\system32\28105zi9us50.exe
c:\windows\system32\49835roj7zf.bin
c:\windows\system32\5z65addware31429.bin
c:\windows\system32\9595zpy6aa.dll
c:\windows\5697bac9dozr2509.dll
c:\windows\system32\23995hacktoolz9c.bin
c:\windows\system32\95c5vzr1501.dll
c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\windows\system32\59e8zi52952.dll
c:\windows\518ab9ckdozr2256.dll
c:\windows\system32\30589zpy35d9.exe
c:\windows\92dstezl9572.exe
c:\windows\7b32szywa592088.bin
c:\windows\system32\5159zir1045.exe
c:\windows\92ab5iz1455.dll
c:\windows\5b90s9arse3150z.exe
c:\windows\system32\728bd9wnloadez26605.bin
c:\windows\system32\3363do9n5oader19z7.dll
c:\windows\bd4ste5z1923.bin
c:\windows\system32\9z532hacktool577.dll
c:\windows\system32\7206thz9at15091.exe
c:\windows\system32\9122not-z-vi59s471.exe
c:\windows\system32\29696spamb5t62z.dll
c:\windows\system32\4794do5nl9zder2898.dll
c:\windows\9d6szywa952535.bin

Folder::
C:\rsit
C:\UsbFix
C:\WORT

Driver::
nenum13E
PsSdk31
PsSdkLBF
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 23 / 57
underdead
 
ComboFix 09-08-03.04 - Underdead 04/08/2009 21:41.2.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.568 [GMT 2:00]
Running from: c:\documents and settings\Underdead\Bureau\Greg.exe.exe
Command switches used :: c:\documents and settings\Underdead\Bureau\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe"
"c:\windows\507fzpywa9e1864.bin"
"c:\windows\518ab9ckdozr2256.dll"
"c:\windows\549d5zdwar9250.exe"
"c:\windows\5554szyware9025.dll"
"c:\windows\5697bac9dozr2509.dll"
"c:\windows\5889not-a-viruz86.dll"
"c:\windows\5914zackdoo5722.dll"
"c:\windows\5b90s9arse3150z.exe"
"c:\windows\5z134spamb9t2c7.dll"
"c:\windows\638vi95470z.exe"
"c:\windows\65cdthief17z59.bin"
"c:\windows\6903vir15z7.dll"
"c:\windows\7653down5oader9355z.exe"
"c:\windows\78cat9re5tz2106.exe"
"c:\windows\7b32szywa592088.bin"
"c:\windows\7f8f9ir5z30.bin"
"c:\windows\805z9eal15295.exe"
"c:\windows\8154wo5mz589.bin"
"c:\windows\9088thief305z.dll"
"c:\windows\9119hazkto5le5.bin"
"c:\windows\92ab5iz1455.dll"
"c:\windows\92dstezl9572.exe"
"c:\windows\9475pa9bot32z.bin"
"c:\windows\9773h5zktool6f9.dll"
"c:\windows\9d6szywa952535.bin"
"c:\windows\9zvir5959.dll"
"c:\windows\bd4ste5z1923.bin"
"c:\windows\system32\148z6not-9-virus1195.bin"
"c:\windows\system32\19124notza-virus5a5.exe"
"c:\windows\system32\19565vizus495.dll"
"c:\windows\system32\1d52downlzade92259.dll"
"c:\windows\system32\1z80worm1695.dll"
"c:\windows\system32\231245py599z.bin"
"c:\windows\system32\23995hacktoolz9c.bin"
"c:\windows\system32\25044not-a-v9rzs70f.dll"
"c:\windows\system32\2571spars93z5.dll"
"c:\windows\system32\26265p92dz.dll"
"c:\windows\system32\28105zi9us50.exe"
"c:\windows\system32\29696spamb5t62z.dll"
"c:\windows\system32\29956spy42z5.dll"
"c:\windows\system32\30589zpy35d9.exe"
"c:\windows\system32\31952not-a-5iruz4579.dll"
"c:\windows\system32\319bthiez25079.exe"
"c:\windows\system32\31f95hiefz455.exe"
"c:\windows\system32\32711s5ambot496z.dll"
"c:\windows\system32\3363do9n5oader19z7.dll"
"c:\windows\system32\35809worm50z.exe"
"c:\windows\system32\3a5dth59atz4494.dll"
"c:\windows\system32\4095not-a-vz5us4ce.exe"
"c:\windows\system32\4794do5nl9zder2898.dll"
"c:\windows\system32\496159rm7z.exe"
"c:\windows\system32\49659hief5668z.dll"
"c:\windows\system32\496faddw5rez198.dll"
"c:\windows\system32\49835roj7zf.bin"
"c:\windows\system32\4f5zvir9937.dll"
"c:\windows\system32\5009downzoader15559.exe"
"c:\windows\system32\505evi91190z.exe"
"c:\windows\system32\5159zir1045.exe"
"c:\windows\system32\51729irz10.exe"
"c:\windows\system32\5530wozm649.exe"
"c:\windows\system32\55z1hacktoo938c.bin"
"c:\windows\system32\59e8zi52952.dll"
"c:\windows\system32\5ad5bac9dzor1029.bin"
"c:\windows\system32\5bafspa5se2z98.dll"
"c:\windows\system32\5z65addware31429.bin"
"c:\windows\system32\5zbavir1329.exe"
"c:\windows\system32\5zfda9dware3156.exe"
"c:\windows\system32\66afzparse9105.exe"
"c:\windows\system32\699zt5ief12309.bin"
"c:\windows\system32\6ez2t5ief3091.dll"
"c:\windows\system32\7206thz9at15091.exe"
"c:\windows\system32\72845ddz9re1949.exe"
"c:\windows\system32\728bd9wnloadez26605.bin"
"c:\windows\system32\78659parsz146.exe"
"c:\windows\system32\9122not-z-vi59s471.exe"
"c:\windows\system32\913thzeat4615.exe"
"c:\windows\system32\94acdownloa5erz14.exe"
"c:\windows\system32\9595zpy6aa.dll"
"c:\windows\system32\95c5vzr1501.dll"
"c:\windows\system32\9977sp555z.bin"
"c:\windows\system32\9fabv5z1281.bin"
"c:\windows\system32\9z532hacktool577.dll"
"c:\windows\system32\z0106hacktool5f09.dll"
"c:\windows\system32\z133w59m42f.exe"
"c:\windows\system32\z555troj5249.dll"
"c:\windows\system32\zdd1ba5kd9or3107.dll"
"c:\windows\z09espars52584.dll"
"c:\windows\z9516sp9772.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
C:\UsbFix
c:\usbfix\Fich\Files.cmd
c:\usbfix\Fich\K_Proc
c:\usbfix\Fich\K_Root.cmd
c:\usbfix\Fich\Recycle
c:\usbfix\Fich\Usb
c:\usbfix\Fich\Usb2
c:\usbfix\Reg\Clsid
c:\usbfix\Reg\Hkcu_Po
c:\usbfix\Reg\Hkcu_Run
c:\usbfix\Reg\Hklm_Ifeo
c:\usbfix\Reg\Hklm_Logon
c:\usbfix\Reg\Hklm_Po
c:\usbfix\Reg\Hklm_Run
c:\usbfix\Reg\Hklm_Serv
c:\usbfix\Reg\Hku_Def
c:\usbfix\Reg\Rkt
c:\usbfix\Reg\ShellExecuteHooks
c:\usbfix\Reg\SP2.reg
c:\usbfix\Reg\SP3.reg
c:\usbfix\Reg\Startup
c:\usbfix\Reg\Uac.reg
c:\usbfix\Reg\UsbFix.reg
c:\usbfix\Reg\UsbReg.vbs
c:\usbfix\Reg\Vista.reg
c:\usbfix\Tools\EchoX.exe
c:\usbfix\Tools\fsum.exe
c:\usbfix\Tools\Kill.exe
c:\usbfix\Tools\Kill_P.exe
c:\usbfix\Tools\Langue.cmd
c:\usbfix\Tools\sed.exe
c:\usbfix\Tools\setpath.exe
c:\usbfix\Tools\Setup.ico
c:\usbfix\Tools\swreg.exe
c:\usbfix\Tools\UsbFix.ico
c:\usbfix\Tools\UsbFix.vbs
c:\usbfix\Uninstal.exe
c:\usbfix\UsbFix.cmd
c:\windows\5055spyware930z.bin
c:\windows\507fzpywa9e1864.bin
c:\windows\5091zhacktoold9.ocx
c:\windows\50c9szarse2509.cpl
c:\windows\50f95ownloadez700.dll
c:\windows\5135hackto9lz9e.cpl
c:\windows\5157spa9bzt21b.cpl
c:\windows\518ab9ckdozr2256.dll
c:\windows\51z08spambot394.ocx
c:\windows\51zc9i5565.dll
c:\windows\5274szy599.bin
c:\windows\52f8ste9lz0625.bin
c:\windows\533sp9warz457.ocx
c:\windows\535cs9yware2z41.bin
c:\windows\542ds5ezl1419.dll
c:\windows\549d5zdwar9250.exe
c:\windows\54ab5z93272.exe
c:\windows\54z19orm395.exe
c:\windows\5554szyware9025.dll
c:\windows\5555st9zl2682.dll
c:\windows\55689tro941z.ocx
c:\windows\55907troj49z.ocx
c:\windows\5599thr9zt6299.exe
c:\windows\55dfthr9at20z96.exe
c:\windows\5665t9reat269z0.cpl
c:\windows\567fdoznl9ader2162.cpl
c:\windows\5697bac9dozr2509.dll
c:\windows\56cesz5ware1596.dll
c:\windows\573eaddwz9e2205.ocx
c:\windows\578zsparse39405.cpl
c:\windows\5885thzeat95357.ocx
c:\windows\5889not-a-viruz86.dll
c:\windows\58a4spywar53959z.cpl
c:\windows\5909viruz55e.ocx
c:\windows\59145izus3ac.exe
c:\windows\5914zackdoo5722.dll
c:\windows\5942szywar52564.ocx
c:\windows\5952v9z15505.cpl
c:\windows\5958hac5toz9c8.ocx
c:\windows\5959spzrse2.bin
c:\windows\597bzckd5or393.dll
c:\windows\598czac9doo53259.bin
c:\windows\598stzal15179.ocx
c:\windows\5adbthie9z231.bin
c:\windows\5b2fbz5kdoor9396.exe
c:\windows\5b70zp9ware506.cpl
c:\windows\5b90s9arse3150z.exe
c:\windows\5cc3addw9re11z1.ocx
c:\windows\5cz4steal2391.exe
c:\windows\5dcet9izf2205.cpl
c:\windows\5e2zt9reat6255.bin
c:\windows\5e99thre9z31585.ocx
c:\windows\5fc5thzef249.cpl
c:\windows\5z05tr5j395.exe
c:\windows\5z134spamb9t2c7.dll
c:\windows\5z4th59at3593.exe
c:\windows\5z51thief1958.bin
c:\windows\5z627spambot4259.bin
c:\windows\5z71sp9mb5t747.exe
c:\windows\5z72threat8294.ocx
c:\windows\5zast9al2641.cpl
c:\windows\6153add9arez433.bin
c:\windows\6193z5ief1898.ocx
c:\windows\62fdownl9a5er27z1.exe
c:\windows\638vi95470z.exe
c:\windows\6576t9ief2z6.ocx
c:\windows\65c5backdoor29z.exe
c:\windows\65cdthief17z59.bin
c:\windows\65z8spy139.dll
c:\windows\666aaddware9z5.ocx
c:\windows\6792down59zder1004.exe
c:\windows\6903vir15z7.dll
c:\windows\69cathzef2589.bin
c:\windows\6a67b5ckdozr798.dll
c:\windows\6a90thizf26905.bin
c:\windows\6aa6spazs91562.exe
c:\windows\6b169hrz5t26473.ocx
c:\windows\6bcdtzi9f2255.ocx
c:\windows\6e3b5own9oader1157z.dll
c:\windows\6fe0addwarz5977.cpl
c:\windows\6z4t9ief335.cpl
c:\windows\7105spy591z.exe
c:\windows\7153s5ywzre9521.cpl
c:\windows\72a9bazkdoor9335.ocx
c:\windows\72cbdzwnlo9d5r1379.cpl
c:\windows\7315spywaze925.cpl
c:\windows\735e95z905.ocx
c:\windows\7425thz9f2252.ocx
c:\windows\7439hack5z9l4a5.dll
c:\windows\75z4ste5l4869.dll
c:\windows\75z8spa9bot3ab.bin
c:\windows\7639do9nlz5der469.ocx
c:\windows\7653down5oader9355z.exe
c:\windows\76zes5yware21819.dll
c:\windows\77z5sp9572.cpl
c:\windows\78cat9re5tz2106.exe
c:\windows\7922adzware8675.bin
c:\windows\793es59rsz37.ocx
c:\windows\7945not-a-virus32z.cpl
c:\windows\797z9ddwar51652.ocx
c:\windows\7b32szywa592088.bin
c:\windows\7b55threat2335z9.dll
c:\windows\7b9zdownlo9der5812.ocx
c:\windows\7c19backdozr1254.dll
c:\windows\7e04zddwar53995.ocx
c:\windows\7ezsparse15549.ocx
c:\windows\7f7b9a5zdoor3273.exe
c:\windows\7f8f9ir5z30.bin
c:\windows\7z8ca9d5are3066.exe
c:\windows\80365otza-9irus710.bin
c:\windows\805z9eal15295.exe
c:\windows\81225ot-9-virus310z.exe
c:\windows\8154wo5mz589.bin
c:\windows\82za9d5are610.bin
c:\windows\8445vzrus599.exe
c:\windows\8464not-a-vir5s94z.ocx
c:\windows\8578hacztoo986.exe
c:\windows\8938v5rus1d2z.ocx
c:\windows\904z7not-a-vi5usf9.exe
c:\windows\9088thief305z.dll
c:\windows\9099downloade566z.exe
c:\windows\9119hazkto5le5.bin
c:\windows\91377wzrm775.exe
c:\windows\91zdspywar51991.exe
c:\windows\92ab5iz1455.dll
c:\windows\92dstezl9572.exe
c:\windows\9350bazkdoor850.exe
c:\windows\93z89py95.bin
c:\windows\9475pa9bot32z.bin
c:\windows\9515zspy4c1.bin
c:\windows\9529z5r2410.exe
c:\windows\954cszyware2306.dll
c:\windows\956downloaderz5949.cpl
c:\windows\95c5teal208z.ocx
c:\windows\9675zorm3c69.exe
c:\windows\9721sp5mbot9daz.cpl
c:\windows\9773h5zktool6f9.dll
c:\windows\97837hackzo5l23f.cpl
c:\windows\99075tzoj285.exe
c:\windows\9927za5ktool325.exe
c:\windows\99295spy68z5.bin
c:\windows\996bac5zoor2912.exe
c:\windows\9bz3ba5kdoor245.cpl
c:\windows\9c5b5ddwaze836.ocx
c:\windows\9d44szeal1495.ocx
c:\windows\9d6szywa952535.bin
c:\windows\9ezbackdoor5458.cpl
c:\windows\9z14th5eat10736.ocx
c:\windows\9zvir5959.dll
c:\windows\b705a9kdzor2834.cpl
c:\windows\bd4ste5z1923.bin
c:\windows\c69zpa9se305.cpl
c:\windows\e2vi9135z.exe
c:\windows\edft5zeat205129.ocx
c:\windows\ee4thie5z049.ocx
c:\windows\fd8s9zal65.exe
c:\windows\system32\148z6not-9-virus1195.bin
c:\windows\system32\19124notza-virus5a5.exe
c:\windows\system32\19565vizus495.dll
c:\windows\system32\1d52downlzade92259.dll
c:\windows\system32\1z80worm1695.dll
c:\windows\system32\231245py599z.bin
c:\windows\system32\23995hacktoolz9c.bin
c:\windows\system32\25044not-a-v9rzs70f.dll
c:\windows\system32\2571spars93z5.dll
c:\windows\system32\26265p92dz.dll
c:\windows\system32\28105zi9us50.exe
c:\windows\system32\29696spamb5t62z.dll
c:\windows\system32\29956spy42z5.dll
c:\windows\system32\30589zpy35d9.exe
c:\windows\system32\31952not-a-5iruz4579.dll
c:\windows\system32\319bthiez25079.exe
c:\windows\system32\31f95hiefz455.exe
c:\windows\system32\32711s5ambot496z.dll
c:\windows\system32\3363do9n5oader19z7.dll
c:\windows\system32\35809worm50z.exe
c:\windows\system32\3a5dth59atz4494.dll
c:\windows\system32\4095not-a-vz5us4ce.exe
c:\windows\system32\4794do5nl9zder2898.dll
c:\windows\system32\496159rm7z.exe
c:\windows\system32\49659hief5668z.dll
c:\windows\system32\496faddw5rez198.dll
c:\windows\system32\49835roj7zf.bin
c:\windows\system32\4f5zvir9937.dll
c:\windows\system32\5009downzoader15559.exe
c:\windows\system32\505evi91190z.exe
c:\windows\system32\5159zir1045.exe
c:\windows\system32\51729irz10.exe
c:\windows\system32\5530wozm649.exe
c:\windows\system32\55z1hacktoo938c.bin
c:\windows\system32\59e8zi52952.dll
c:\windows\system32\5ad5bac9dzor1029.bin
c:\windows\system32\5bafspa5se2z98.dll
c:\windows\system32\5z65addware31429.bin
c:\windows\system32\5zbavir1329.exe
c:\windows\system32\5zfda9dware3156.exe
c:\windows\system32\66afzparse9105.exe
c:\windows\system32\699zt5ief12309.bin
c:\windows\system32\6ez2t5ief3091.dll
c:\windows\system32\7206thz9at15091.exe
c:\windows\system32\72845ddz9re1949.exe
c:\windows\system32\728bd9wnloadez26605.bin
c:\windows\system32\78659parsz146.exe
c:\windows\system32\9122not-z-vi59s471.exe
c:\windows\system32\913thzeat4615.exe
c:\windows\system32\94acdownloa5erz14.exe
c:\windows\system32\9595zpy6aa.dll
c:\windows\system32\95c5vzr1501.dll
c:\windows\system32\9977sp555z.bin
c:\windows\system32\9fabv5z1281.bin
c:\windows\system32\9z532hacktool577.dll
c:\windows\system32\z0106hacktool5f09.dll
c:\windows\system32\z133w59m42f.exe
c:\windows\system32\z555troj5249.dll
c:\windows\system32\zdd1ba5kd9or3107.dll
c:\windows\z09espars52584.dll
c:\windows\z100vir5927d.dll
c:\windows\z2despywa9e25825.exe
c:\windows\z9516sp9772.dll
C:\WORT
c:\wort\backupWORT.reg
c:\wort\WORT_report.txt
c:\wort\WORTregfix.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NENUM13E
-------\Legacy_PSSDK31
-------\Legacy_PSSDKLBF
-------\Service_nenum13E
-------\Service_PsSdk31
-------\Service_PsSdkLBF


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 11:25 . 2009-08-03 12:01 -------- d-----w- c:\program files\VS Revo Group
2009-08-03 00:05 . 2009-08-03 18:01 -------- d-----w- c:\program files\trend micro
2009-08-02 18:08 . 2009-08-02 18:08 -------- d-----w- c:\program files\INFORAD_DRIVERS
2009-08-02 18:08 . 2004-12-20 19:56 134144 ----a-w- c:\windows\system32\ifdreset.exe
2009-08-02 18:08 . 2009-08-02 19:50 -------- d-----w- c:\program files\INFORAD
2009-08-02 18:08 . 2004-06-28 13:08 42752 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-07-09 20:19 . 2009-07-09 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-07-07 22:51 . 2009-07-07 22:50 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-07 20:48 . 2009-07-07 20:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-07 15:37 . 2009-07-07 15:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-07 15:37 . 2009-08-04 18:12 -------- d-----w- c:\documents and settings\Underdead\Application Data\skypePM
2009-07-07 15:33 . 2009-08-04 19:31 -------- d-----w- c:\documents and settings\Underdead\Application Data\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----r- c:\program files\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-06 21:49 . 2009-07-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 19:31 . 2008-09-17 19:33 -------- d-----w- c:\documents and settings\Underdead\Application Data\uTorrent
2009-08-04 11:27 . 2007-10-20 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-03 22:38 . 2004-08-05 12:00 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 22:38 . 2004-08-05 12:00 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-07 22:52 . 2007-10-20 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 22:51 . 2009-05-14 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-06 21:48 . 2009-05-29 18:23 -------- d-----w- c:\documents and settings\Underdead\Application Data\CyberLink
2009-07-03 09:43 . 2007-10-30 08:12 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-02 14:37 . 2009-07-02 14:33 -------- d-----w- c:\program files\CyberLink
2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 17:20 . 2007-10-20 14:52 81168 ----a-w- c:\documents and settings\Sylvie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:36 . 2008-01-09 17:50 81168 ----a-w- c:\documents and settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 19:13 . 2008-07-04 09:31 81168 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 12:30 . 2004-07-16 12:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2009-07-31 07:25 . 2008-08-27 18:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_00.21.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 19:54 . 2009-08-04 19:54 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2008-09-26 23:03 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2008-09-26 23:03 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
- 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
- 2007-10-20 21:50 . 2009-05-13 11:50 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 19:13 . 2006-10-26 19:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-26 18:09 . 2006-10-26 18:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2004-08-05 12:00 . 2009-06-26 16:50 621056 c:\windows\system32\urlmon.dll
+ 2004-08-05 12:00 . 2009-04-15 14:53 585216 c:\windows\system32\rpcrt4.dll
- 2007-10-20 01:22 . 2009-05-14 18:22 302032 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-20 01:22 . 2009-08-04 15:59 302032 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-21 06:43 . 2009-06-26 16:50 670720 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:13 . 2009-06-26 16:50 621056 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-04-15 14:53 . 2009-04-15 14:53 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 348672 c:\windows\system32\dllcache\localspl.dll
+ 2009-05-26 16:53 . 2009-05-26 16:53 579072 c:\windows\Installer\1ddad0.msp
- 2007-10-20 21:50 . 2009-05-13 11:50 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2004-08-05 12:00 . 2009-04-19 19:50 1847296 c:\windows\system32\win32k.sys
+ 2004-08-05 12:00 . 2009-07-18 16:03 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-05 12:00 . 2009-07-18 16:03 3090432 c:\windows\system32\mshtml.dll
+ 2008-10-15 07:02 . 2009-04-19 19:50 1847296 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:13 . 2009-07-18 16:03 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:11 . 2009-06-03 19:10 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2008-04-21 06:43 . 2009-07-18 16:03 3090432 c:\windows\system32\dllcache\mshtml.dll
+ 2009-05-04 05:46 . 2009-05-04 05:46 8299008 c:\windows\Installer\1ddb29.msp
+ 2009-05-26 16:54 . 2009-05-26 16:54 4192768 c:\windows\Installer\1ddb14.msp
+ 2009-05-04 05:47 . 2009-05-04 05:47 9124864 c:\windows\Installer\1ddafb.msp
+ 2009-04-24 10:30 . 2009-04-24 10:30 2583552 c:\windows\Installer\1ddae6.msp
+ 2009-07-02 14:23 . 2009-07-02 14:23 5027328 c:\windows\Installer\1ddabc.msp
+ 2009-04-24 10:29 . 2009-04-24 10:29 9013760 c:\windows\Installer\1ddaa8.msp
+ 2007-10-20 21:50 . 2009-08-04 11:27 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-20 21:50 . 2009-08-04 11:27 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-20 21:50 . 2009-05-13 11:50 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-10-22 10:33 . 2009-07-07 06:10 24539592 c:\windows\system32\MRT.exe
+ 2009-05-04 05:49 . 2009-05-04 05:49 10955776 c:\windows\Installer\251edf.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-29 949376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Underdead^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Underdead\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29/10/2007 19:44 15424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Underdead\Application Data\Mozilla\Firefox\Profiles\0e61utd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,f1,17,90,c8,92,a5,49,04,3d,55,2f,7b,81,9f,c4,82,d6,3f,db,5e,
ec,42,10,a2,f0,e1,c9,d3,24,f9,de,f4,0c,97,49,23,71,5e,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82eb7d08-e2a5-49ef-af46-c6b2554b31e9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(1088)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\TRENDnet\TEW-424UB\SiSWLSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-08-04 22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 20:20
ComboFix2.txt 2009-08-04 00:35

Pre-Run: 51 841 007 616 octets libres
Post-Run: 51 624 747 008 octets libres

612 --- E O F --- 2009-08-04 11:27
0
Réponse 24 / 57
Utilisateur anonyme
 
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

c:\windows\system32\ifdreset.exe
c:\windows\Installer\1ddb29.msp
c:\windows\Installer\251edf.msp
.

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 57
underdead
 
Fichier ifdreset.exe reçu le 2009.08.04 21:15:44 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -
Information additionnelle
File size: 134144 bytes
MD5...: 5b216db7cf5c3cdf1769c31ae26a10c3
SHA1..: dabfbf21d593662c7a5ce0fe6c0d27aff820296c
SHA256: 5bedf257fdf2410b36339be5ba8bdd87d0e7f7ccb0743bff9d27b2dc0ef569c7
ssdeep: 3072:Ql80zS2xs+1DNFWIlHrD1N3uXHyRQAPxUW0L7BDdNJkXL2lQII9:YlfJMiR<br>QAPxUWm7pdNJkbs<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Borland Delphi 7 (70.1%)<br>Win32 Executable Borland Delphi 6 (27.5%)<br>Win32 Executable Generic (0.8%)<br>Win32 Dynamic Link Library (generic) (0.7%)<br>Win16/32 Executable Delphi generic (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c408<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x1b43c 0x1b600 6.50 1b0ae5548e12895b556f51e4d22954fb<br>DATA 0x1d000 0x808 0xa00 3.92 ced02703e88efc7124119087c1dbfcea<br>BSS 0x1e000 0x8c1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x1f000 0xd7e 0xe00 4.79 d16f2d702d6959f89a1a80d58c9f8296<br>.tls 0x20000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x21000 0x18 0x200 0.17 e7abd6a66ea6bb8607d344b6b3362e7b<br>.reloc 0x22000 0x20d8 0x2200 6.61 7ba571c11db36a59e20f5440db398c5d<br>.rsrc 0x25000 0x1600 0x1600 3.54 92fe8876898690b83b7752b057bc6093<br><br>( 10 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> advapi32.dll: SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, SetKernelObjectSecurity, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupAccountSidA, LookupAccountNameA, IsValidSid, IsValidAcl, InitializeSecurityDescriptor, GetUserNameA, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, GetSidIdentifierAuthority, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetLengthSid, GetKernelObjectSecurity, EqualSid<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFree, LocalAlloc, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GetVersionExW, GetVersionExA, GetVersion, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcess, GetCPInfo, GetACP, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -

Information additionnelle
File size: 134144 bytes
MD5...: 5b216db7cf5c3cdf1769c31ae26a10c3
SHA1..: dabfbf21d593662c7a5ce0fe6c0d27aff820296c
SHA256: 5bedf257fdf2410b36339be5ba8bdd87d0e7f7ccb0743bff9d27b2dc0ef569c7
ssdeep: 3072:Ql80zS2xs+1DNFWIlHrD1N3uXHyRQAPxUW0L7BDdNJkXL2lQII9:YlfJMiR<br>QAPxUWm7pdNJkbs<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Borland Delphi 7 (70.1%)<br>Win32 Executable Borland Delphi 6 (27.5%)<br>Win32 Executable Generic (0.8%)<br>Win32 Dynamic Link Library (generic) (0.7%)<br>Win16/32 Executable Delphi generic (0.2%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c408<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x1b43c 0x1b600 6.50 1b0ae5548e12895b556f51e4d22954fb<br>DATA 0x1d000 0x808 0xa00 3.92 ced02703e88efc7124119087c1dbfcea<br>BSS 0x1e000 0x8c1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x1f000 0xd7e 0xe00 4.79 d16f2d702d6959f89a1a80d58c9f8296<br>.tls 0x20000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x21000 0x18 0x200 0.17 e7abd6a66ea6bb8607d344b6b3362e7b<br>.reloc 0x22000 0x20d8 0x2200 6.61 7ba571c11db36a59e20f5440db398c5d<br>.rsrc 0x25000 0x1600 0x1600 3.54 92fe8876898690b83b7752b057bc6093<br><br>( 10 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> advapi32.dll: SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, SetKernelObjectSecurity, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupAccountSidA, LookupAccountNameA, IsValidSid, IsValidAcl, InitializeSecurityDescriptor, GetUserNameA, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, GetSidIdentifierAuthority, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetLengthSid, GetKernelObjectSecurity, EqualSid<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFree, LocalAlloc, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GetVersionExW, GetVersionExA, GetVersion, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcess, GetCPInfo, GetACP, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-





Fichier 1ddb29.msp reçu le 2009.08.04 21:31:01 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 -
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -
Information additionnelle
File size: 8299008 bytes
MD5...: b81e044569f33f41c65ad9ac9d052787
SHA1..: 5515760cf44ad32e2551e86eafe3241c3f63934d
SHA256: ca058b67d560760491c7c537cb67f326a8501558029abee1f62b7ff95b8f0673
ssdeep: 196608:FHZgVx/q5OObMgwjCZU6utfqkpRsd9/5sGKFXfzJcVz:FaIOT+q6+fnpR<br>W5+GKFXfzJe<br>
PEiD..: -
TrID..: File type identification<br>Microsoft PowerPoint document (79.7%)<br>Generic OLE2 / Multistream Compound File (20.2%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 -
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -

Information additionnelle
File size: 8299008 bytes
MD5...: b81e044569f33f41c65ad9ac9d052787
SHA1..: 5515760cf44ad32e2551e86eafe3241c3f63934d
SHA256: ca058b67d560760491c7c537cb67f326a8501558029abee1f62b7ff95b8f0673
ssdeep: 196608:FHZgVx/q5OObMgwjCZU6utfqkpRsd9/5sGKFXfzJcVz:FaIOT+q6+fnpR<br>W5+GKFXfzJe<br>
PEiD..: -
TrID..: File type identification<br>Microsoft PowerPoint document (79.7%)<br>Generic OLE2 / Multistream Compound File (20.2%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-






Fichier 251edf.msp reçu le 2009.08.04 21:33:41 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 -
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -
Information additionnelle
File size: 10955776 bytes
MD5...: 0d200bba0fb35c949f0dedb68299ad11
SHA1..: aada1ea1554c181bc20de50a865cf97ab0fd5d8a
SHA256: e0dfcdf3febb05c8b9791ef7240447afb0ffafe407c9e2a5dc33f9a96c554dbd
ssdeep: 196608:Wzm964bJZb/EkrRVLW02NTFiqcwInWpMNbBL0plZ8SynuHQj6rxo9Hr5t<br>av:WZ0Xb/EkrRxWpTFAPnWpKL0DZ8SdwQxZ<br>
PEiD..: -
TrID..: File type identification<br>Generic OLE2 / Multistream Compound File (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.04 -
AntiVir 7.9.0.240 2009.08.04 -
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.04 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1866 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.04 -
eTrust-Vet 31.6.6657 2009.08.04 -
F-Prot 4.4.4.56 2009.08.04 -
Fortinet 3.120.0.0 2009.08.04 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.04 -
K7AntiVirus 7.10.810 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5698 2009.08.04 -
McAfee+Artemis 5698 2009.08.04 -
McAfee-GW-Edition 6.8.5 2009.08.04 -
Microsoft 1.4903 2009.08.04 -
NOD32 4306 2009.08.04 -
Norman 6.01.09 2009.08.04 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.04 -
PCTools 4.4.2.0 2009.08.04 -
Prevx 3.0 2009.08.04 -
Rising 21.41.14.00 2009.08.04 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.04 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1867 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.04 -

Information additionnelle
File size: 10955776 bytes
MD5...: 0d200bba0fb35c949f0dedb68299ad11
SHA1..: aada1ea1554c181bc20de50a865cf97ab0fd5d8a
SHA256: e0dfcdf3febb05c8b9791ef7240447afb0ffafe407c9e2a5dc33f9a96c554dbd
ssdeep: 196608:Wzm964bJZb/EkrRVLW02NTFiqcwInWpMNbBL0plZ8SynuHQj6rxo9Hr5t<br>av:WZ0Xb/EkrRxWpTFAPnWpKL0DZ8SdwQxZ<br>
PEiD..: -
TrID..: File type identification<br>Generic OLE2 / Multistream Compound File (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
0
Réponse 26 / 57
Utilisateur anonyme
 
bien la suite :)
0
Réponse 27 / 57
underdead
 
Ensuite ? :)
0
Réponse 28 / 57
Utilisateur anonyme
 
oups desolé c'est resté dans la souris ^^

refais OTL stp
0
Réponse 29 / 57
underdead
 
http://www.cijoint.fr/cjlink.php?file=cj200908/cijMphETq8.txt
0
Réponse 30 / 57
Utilisateur anonyme
 
▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe

:services
catchme

:OTL
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O33 - MountPoints2\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\Shell - "" = Autorun
O33 - MountPoints2\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\Shell\Open\command - "" = RECYCLER\S-8-3-97-100002385-100007907-100020932-3398.com h:\
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"avast!"=-
"nwiz"=-

:files
C:\WINDOWS\System32\24898spazbo57b1.ocx
C:\WINDOWS\System32\a05th5eat29z96.ocx
C:\WINDOWS\System32\bf9viz825.ocx
C:\WINDOWS\System32\289zsteal29505.cpl
C:\WINDOWS\System32\7859threat2353z9.ocx
C:\WINDOWS\System32\zc595dware67.ocx
C:\WINDOWS\System32\7d45virz984.ocx
C:\WINDOWS\System32\3zf1thief9541.cpl
C:\WINDOWS\System32\49acthreaz18815.cpl
C:\WINDOWS\System32\4ea59hizf1904.cpl
C:\WINDOWS\System32\25858s5ambot6ez9.cpl
C:\WINDOWS\System32\9506wozm69.ocx
C:\WINDOWS\System32\2z9athie52863.cpl
C:\WINDOWS\System32\273dspywaze55719.cpl
C:\WINDOWS\System32\6973zpyware3295.cpl
C:\WINDOWS\System32\1a11ste9l2z75.ocx
C:\WINDOWS\System32\5e77ste9lz944.ocx
C:\WINDOWS\System32\95552worz316.ocx
C:\WINDOWS\System32\13754hackzo9l506.cpl
C:\WINDOWS\System32\5czaa5dware6979.cpl
C:\WINDOWS\System32\f5fszarse991.ocx
C:\WINDOWS\System32\3509adzware20125.cpl
C:\WINDOWS\System32\53211zorm5b9.ocx
C:\WINDOWS\System32\537279iruz64c.cpl
C:\WINDOWS\System32\5f51thrza911517.cpl
C:\WINDOWS\System32\3b57threaz3299.ocx
C:\WINDOWS\System32\2z249hack5ool9b.ocx
C:\WINDOWS\System32\8541ha5ztool59f.cpl
C:\WINDOWS\System32\3a05downlozde92525.dll
C:\WINDOWS\System32\4f179ir53z.dll
C:\WINDOWS\System32\9z59spy541.cpl
C:\WINDOWS\System32\10546worz4159.exe
C:\WINDOWS\System32\5583sparse96z7.bin
C:\WINDOWS\System32\aa9backdozr28095.bin
C:\WINDOWS\System32\7b9cad5w9re28z0.bin
C:\WINDOWS\System32\6979worz15a.exe
C:\WINDOWS\System32\17992spy74z5.dll
C:\WINDOWS\System32\52091troj2zc9.cpl
C:\WINDOWS\System32\10369not-azvi9us53f.bin
C:\WINDOWS\System32\1z2365orm795.exe
C:\WINDOWS\z892s9y515.bin
C:\WINDOWS\System32\16715n5t9a-virusz9c.cpl
C:\WINDOWS\zdb1vir14059.bin
C:\WINDOWS\System32\552csparse19z4.bin
C:\WINDOWS\System32\1053s9arse32z05.ocx
C:\WINDOWS\System32\5zebsparse9555.ocx
C:\WINDOWS\z993s9ars52211.dll
C:\WINDOWS\System32\55f95za9se947.exe
C:\WINDOWS\System32\61f5spzw9re566.dll
C:\WINDOWS\System32\50551hack9zol132.ocx
C:\WINDOWS\System32\z0571troj7a9.exe
C:\WINDOWS\System32\5925worz5589.dll
C:\WINDOWS\System32\378fdownloadz59415.dll
C:\WINDOWS\System32\9ze0sp5ware1716.bin
C:\WINDOWS\System32\5986vzr1972.ocx
C:\WINDOWS\System32\6934ziru595b.bin
C:\WINDOWS\System32\10119pambotz56.exe
C:\WINDOWS\System32\3676s9ywar51z07.dll
C:\WINDOWS\System32\18206zir5s954.ocx
C:\WINDOWS\System32\30595spy6zd.cpl
C:\WINDOWS\System32\25faaddwzr91122.dll
C:\WINDOWS\System32\6z9caddware5918.cpl
C:\WINDOWS\System32\1295ha9ktool6z7.exe
C:\WINDOWS\System32\7405dzwnlo9der282.dll
C:\WINDOWS\System32\499zspyware579.dll
C:\WINDOWS\System32\5103b9ckzoor5938.ocx
C:\WINDOWS\System32\16866spamboz395.exe
C:\WINDOWS\System32\7z50sparse2592.bin
C:\WINDOWS\System32\6433nzt-a5virus799.dll
C:\WINDOWS\System32\2a9estzal1053.cpl
C:\WINDOWS\System32\5952t9rez528990.dll
C:\WINDOWS\System32\1z930hackto9525c.cpl
C:\WINDOWS\System32\1z979tr5j715.bin
C:\WINDOWS\System32\75509hief2593z.cpl
C:\WINDOWS\System32\zc355ddwa9e261.ocx
C:\WINDOWS\System32\1a37szars97185.exe
C:\WINDOWS\System32\29465wor56z1.dll
:C:\WINDOWS\z79295rm6ec.cpl
C:\WINDOWS\System32\zf27v5r23599.exe
C:\WINDOWS\System32\31742tro56zf9.bin
C:\WINDOWS\System32\180z0spa5bo9691.cpl
C:\WINDOWS\System32\15edthief94z.bin
C:\WINDOWS\System32\58best5al265z9.cpl
C:\WINDOWS\System32\3c5aspzrs91422.exe
C:\WINDOWS\System32\5592spamzo9629.ocx
C:\WINDOWS\System32\5b85s5yzare499.ocx
C:\WINDOWS\System32\25500viru95ez5.ocx
C:\WINDOWS\System32\10959wo5m6ze.dll
C:\WINDOWS\System32\955z7spyf0.bin
C:\WINDOWS\System32\z514tr9j2fc.ocx
C:\WINDOWS\System32\792dspazse6875.exe
C:\WINDOWS\System32\39ezstea5782.bin
C:\WINDOWS\System32\1zf8s9yware22595.exe
C:\WINDOWS\System32\267149irus5z.ocx
C:\WINDOWS\System32\3544zworm1e9.ocx
C:\WINDOWS\System32\17408tr9535z.exe
C:\WINDOWS\System32\378bthiez92445.cpl
C:\WINDOWS\System32\35ceaddwarez6989.ocx
C:\WINDOWS\System32\7790s9ealz9225.cpl
C:\WINDOWS\z6195spy.cpl
C:\WINDOWS\System32\737hack9z5l318.ocx
C:\WINDOWS\System32\969z1spy735.ocx
C:\WINDOWS\System32\15569py43ez.cpl
C:\WINDOWS\System32\27586trojzad9.cpl
C:\WINDOWS\System32\3177trzj5939.dll
C:\WINDOWS\System32\2c2espa9sez355.dll
C:\WINDOWS\System32\1z953tr9j560.dll
C:\WINDOWS\System32\pythoncom25.dll
C:\WINDOWS\System32\pywintypes25.dll
C:\WINDOWS\System32\725fst9al52z.dll
C:\WINDOWS\System32\5daz5hie91654.dll
C:\WINDOWS\System32\1951tzreat30879.dll
C:\WINDOWS\System32\13051t9oj75z.dll
C:\WINDOWS\System32\4099add5aze14.dll
C:\WINDOWS\System32\15151zroj9ab.dll
C:\WINDOWS\System32\z94fspyware2559.dll
C:\WINDOWS\System32\29156hacktzol6bc5.dll
C:\WINDOWS\System32\7359spazbot527.dll
C:\WINDOWS\z959steal2253.dll
C:\WINDOWS\System32\25215pamzot239.dll
C:\WINDOWS\System32\2915zspy25.dll
C:\WINDOWS\System32\z6391troj6a95.dll
C:\WINDOWS\z73955pambot5829.dll
C:\WINDOWS\System32\1z429spy560.dll
C:\WINDOWS\System32\1e94dowzl5ader501.dll
[C:\WINDOWS\System32\17004hzcktool2559.dll
C:\WINDOWS\System32\439not-a-zir5s12e.dll
C:\WINDOWS\System32\5629trz9597.dll
C:\WINDOWS\System32\4231hac5tool3z9.dll
C:\WINDOWS\System32\789cv5z3009.dll
C:\WINDOWS\System32\504fztea52595.dll
C:\WINDOWS\System32\6897not9a-virzs157.dll
C:\WINDOWS\System32\2zb6spywar95451.dll
C:\WINDOWS\System32\1711tzre9t52007.dll
C:\WINDOWS\System32\27d5downlz9de52018.dll
C:\WINDOWS\System32\5f2vi9z182.dll
C:\WINDOWS\System32\33z9spam5ot19c.dll
C:\WINDOWS\System32\30557vir9s664z.dll
C:\WINDOWS\System32\7d10zir599.dll
C:\WINDOWS\System32\41f7tz9e5812.dll
C:\WINDOWS\System32\7266hackzoo5987.dll
C:\WINDOWS\System32\19994spz573.dll
C:\WINDOWS\System32\5zd9parse935.dll
C:\WINDOWS\System32\24898spazbo57b1.ocx
C:\WINDOWS\System32\a05th5eat29z96.ocx
C:\WINDOWS\System32\bf9viz825.ocx
C:\WINDOWS\System32\289zsteal29505.cpl
C:\WINDOWS\System32\7859threat2353z9.ocx
C:\WINDOWS\System32\zc595dware67.ocx
C:\WINDOWS\System32\7d45virz984.ocx
C:\WINDOWS\System32\3zf1thief9541.cpl
C:\WINDOWS\System32\49acthreaz18815.cpl
C:\WINDOWS\System32\4ea59hizf1904.cpl
C:\WINDOWS\System32\25858s5ambot6ez9.cpl
C:\WINDOWS\System32\9506wozm69.ocx
C:\WINDOWS\System32\2z9athie52863.cpl
C:\WINDOWS\System32\273dspywaze55719.cpl
C:\WINDOWS\System32\6973zpyware3295.cpl
C:\WINDOWS\System32\1a11ste9l2z75.ocx
C:\WINDOWS\System32\5e77ste9lz944.ocx
C:\WINDOWS\System32\95552worz316.ocx
C:\WINDOWS\System32\13754hackzo9l506.cpl
C:\WINDOWS\System32\5czaa5dware6979.cpl
C:\WINDOWS\System32\f5fszarse991.ocx
C:\WINDOWS\System32\3509adzware20125.cpl
C:\WINDOWS\System32\53211zorm5b9.ocx
C:\WINDOWS\System32\537279iruz64c.cpl
C:\WINDOWS\System32\5f51thrza911517.cpl
C:\WINDOWS\System32\3b57threaz3299.ocx
C:\WINDOWS\System32\2z249hack5ool9b.ocx
C:\WINDOWS\System32\8541ha5ztool59f.cpl
C:\WINDOWS\System32\3a05downlozde92525.dll
C:\WINDOWS\System32\4f179ir53z.dll
C:\WINDOWS\System32\9z59spy541.cpl
C:\WINDOWS\System32\10546worz4159.exe
C:\WINDOWS\System32\5583sparse96z7.bin
C:\WINDOWS\System32\aa9backdozr28095.bin
C:\WINDOWS\System32\7b9cad5w9re28z0.bin
C:\WINDOWS\System32\6979worz15a.exe
C:\WINDOWS\System32\17992spy74z5.dll
C:\WINDOWS\System32\52091troj2zc9.cpl
C:\WINDOWS\System32\10369not-azvi9us53f.bin
C:\WINDOWS\System32\1z2365orm795.exe
C:\WINDOWS\z892s9y515.bin
C:\WINDOWS\System32\16715n5t9a-virusz9c.cpl
C:\WINDOWS\zdb1vir14059.bin
C:\WINDOWS\System32\552csparse19z4.bin
C:\WINDOWS\System32\1053s9arse32z05.ocx
C:\WINDOWS\System32\5zebsparse9555.ocx
C:\WINDOWS\z993s9ars52211.dll
C:\WINDOWS\System32\55f95za9se947.exe
C:\WINDOWS\System32\61f5spzw9re566.dll
C:\WINDOWS\System32\50551hack9zol132.ocx
C:\WINDOWS\System32\z0571troj7a9.exe
C:\WINDOWS\System32\5925worz5589.dll
C:\WINDOWS\System32\378fdownloadz59415.dll
C:\WINDOWS\System32\9ze0sp5ware1716.bin
C:\WINDOWS\System32\5986vzr1972.ocx
C:\WINDOWS\System32\6934ziru595b.bin
C:\WINDOWS\System32\10119pambotz56.exe
C:\WINDOWS\System32\3676s9ywar51z07.dll
C:\WINDOWS\System32\18206zir5s954.ocx
C:\WINDOWS\System32\30595spy6zd.cpl
C:\WINDOWS\System32\25faaddwzr91122.dll
C:\WINDOWS\System32\6z9caddware5918.cpl
C:\WINDOWS\System32\1295ha9ktool6z7.exe
C:\WINDOWS\System32\7405dzwnlo9der282.dll
C:\WINDOWS\System32\499zspyware579.dll
C:\WINDOWS\System32\5103b9ckzoor5938.ocx
C:\WINDOWS\System32\16866spamboz395.exe
C:\WINDOWS\System32\7z50sparse2592.bin
C:\WINDOWS\System32\6433nzt-a5virus799.dll
C:\WINDOWS\System32\2a9estzal1053.cpl
C:\WINDOWS\System32\5952t9rez528990.dll
C:\WINDOWS\System32\1z930hackto9525c.cpl
C:\WINDOWS\System32\1z979tr5j715.bin
C:\WINDOWS\System32\75509hief2593z.cpl
C:\WINDOWS\System32\zc355ddwa9e261.ocx
C:\WINDOWS\System32\1a37szars97185.exe
C:\WINDOWS\System32\29465wor56z1.dll
C:\WINDOWS\z79295rm6ec.cpl
C:\WINDOWS\System32\zf27v5r23599.exe
C:\WINDOWS\System32\31742tro56zf9.bin
C:\WINDOWS\System32\180z0spa5bo9691.cpl
C:\WINDOWS\System32\15edthief94z.bin
C:\WINDOWS\System32\58best5al265z9.cpl
C:\WINDOWS\System32\3c5aspzrs91422.exe
C:\WINDOWS\System32\5592spamzo9629.ocx
C:\WINDOWS\System32\5b85s5yzare499.ocx
C:\WINDOWS\System32\25500viru95ez5.ocx
C:\WINDOWS\System32\10959wo5m6ze.dll
C:\WINDOWS\System32\955z7spyf0.bin
C:\WINDOWS\System32\z514tr9j2fc.ocx
C:\WINDOWS\System32\792dspazse6875.exe
C:\WINDOWS\System32\39ezstea5782.bin
C:\WINDOWS\System32\1zf8s9yware22595.exe
C:\WINDOWS\System32\267149irus5z.ocx
C:\WINDOWS\System32\3544zworm1e9.ocx
C:\WINDOWS\System32\17408tr9535z.exe
C:\WINDOWS\System32\378bthiez92445.cpl
C:\*.sqm
C:\WINDOWS\System32\35ceaddwarez6989.ocx
C:\WINDOWS\System32\7790s9ealz9225.cpl
C:\WINDOWS\z6195spy.cpl
C:\WINDOWS\System32\737hack9z5l318.ocx
C:\WINDOWS\System32\ezsidmv.dat
C:\WINDOWS\System32\969z1spy735.ocx
C:\WINDOWS\System32\15569py43ez.cpl
C:\WINDOWS\System32\27586trojzad9.cpl
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\Philippe\Application Data\EoRezo
C:\Documents and Settings\Sylvie\Application Data\EoRezo
C:\Documents and Settings\Underdead\Application Data\EoRezo
C:\Documents and Settings\William\Application Data\EoRezo

:commands
[emptytemp]
[reboot]

▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 31 / 57
underdead
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver catchme stopped successfully.
Service\Driver catchme deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{908c0d8c-7f43-11dc-98c0-001bfcb90560}\ not found.
File C:\RECYCLER\S-8-3-97-100002385-100007907-100020932-3398.com h:\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:* deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast! not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\System32\24898spazbo57b1.ocx
C:\WINDOWS\System32\24898spazbo57b1.ocx NOT unregistered.
C:\WINDOWS\System32\24898spazbo57b1.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\a05th5eat29z96.ocx
C:\WINDOWS\System32\a05th5eat29z96.ocx NOT unregistered.
C:\WINDOWS\System32\a05th5eat29z96.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\bf9viz825.ocx
C:\WINDOWS\System32\bf9viz825.ocx NOT unregistered.
C:\WINDOWS\System32\bf9viz825.ocx moved successfully.
C:\WINDOWS\System32\289zsteal29505.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\7859threat2353z9.ocx
C:\WINDOWS\System32\7859threat2353z9.ocx NOT unregistered.
C:\WINDOWS\System32\7859threat2353z9.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\zc595dware67.ocx
C:\WINDOWS\System32\zc595dware67.ocx NOT unregistered.
C:\WINDOWS\System32\zc595dware67.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\7d45virz984.ocx
C:\WINDOWS\System32\7d45virz984.ocx NOT unregistered.
C:\WINDOWS\System32\7d45virz984.ocx moved successfully.
C:\WINDOWS\System32\3zf1thief9541.cpl moved successfully.
C:\WINDOWS\System32\49acthreaz18815.cpl moved successfully.
C:\WINDOWS\System32\4ea59hizf1904.cpl moved successfully.
C:\WINDOWS\System32\25858s5ambot6ez9.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\9506wozm69.ocx
C:\WINDOWS\System32\9506wozm69.ocx NOT unregistered.
C:\WINDOWS\System32\9506wozm69.ocx moved successfully.
C:\WINDOWS\System32\2z9athie52863.cpl moved successfully.
C:\WINDOWS\System32\273dspywaze55719.cpl moved successfully.
C:\WINDOWS\System32\6973zpyware3295.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\1a11ste9l2z75.ocx
C:\WINDOWS\System32\1a11ste9l2z75.ocx NOT unregistered.
C:\WINDOWS\System32\1a11ste9l2z75.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5e77ste9lz944.ocx
C:\WINDOWS\System32\5e77ste9lz944.ocx NOT unregistered.
C:\WINDOWS\System32\5e77ste9lz944.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\95552worz316.ocx
C:\WINDOWS\System32\95552worz316.ocx NOT unregistered.
C:\WINDOWS\System32\95552worz316.ocx moved successfully.
C:\WINDOWS\System32\13754hackzo9l506.cpl moved successfully.
C:\WINDOWS\System32\5czaa5dware6979.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\f5fszarse991.ocx
C:\WINDOWS\System32\f5fszarse991.ocx NOT unregistered.
C:\WINDOWS\System32\f5fszarse991.ocx moved successfully.
C:\WINDOWS\System32\3509adzware20125.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\53211zorm5b9.ocx
C:\WINDOWS\System32\53211zorm5b9.ocx NOT unregistered.
C:\WINDOWS\System32\53211zorm5b9.ocx moved successfully.
C:\WINDOWS\System32\537279iruz64c.cpl moved successfully.
C:\WINDOWS\System32\5f51thrza911517.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\3b57threaz3299.ocx
C:\WINDOWS\System32\3b57threaz3299.ocx NOT unregistered.
C:\WINDOWS\System32\3b57threaz3299.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\2z249hack5ool9b.ocx
C:\WINDOWS\System32\2z249hack5ool9b.ocx NOT unregistered.
C:\WINDOWS\System32\2z249hack5ool9b.ocx moved successfully.
C:\WINDOWS\System32\8541ha5ztool59f.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\3a05downlozde92525.dll
C:\WINDOWS\System32\3a05downlozde92525.dll NOT unregistered.
C:\WINDOWS\System32\3a05downlozde92525.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\4f179ir53z.dll
C:\WINDOWS\System32\4f179ir53z.dll NOT unregistered.
C:\WINDOWS\System32\4f179ir53z.dll moved successfully.
C:\WINDOWS\System32\9z59spy541.cpl moved successfully.
C:\WINDOWS\System32\10546worz4159.exe moved successfully.
C:\WINDOWS\System32\5583sparse96z7.bin moved successfully.
C:\WINDOWS\System32\aa9backdozr28095.bin moved successfully.
C:\WINDOWS\System32\7b9cad5w9re28z0.bin moved successfully.
C:\WINDOWS\System32\6979worz15a.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\17992spy74z5.dll
C:\WINDOWS\System32\17992spy74z5.dll NOT unregistered.
C:\WINDOWS\System32\17992spy74z5.dll moved successfully.
C:\WINDOWS\System32\52091troj2zc9.cpl moved successfully.
C:\WINDOWS\System32\10369not-azvi9us53f.bin moved successfully.
C:\WINDOWS\System32\1z2365orm795.exe moved successfully.
C:\WINDOWS\z892s9y515.bin moved successfully.
C:\WINDOWS\System32\16715n5t9a-virusz9c.cpl moved successfully.
C:\WINDOWS\zdb1vir14059.bin moved successfully.
C:\WINDOWS\System32\552csparse19z4.bin moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\1053s9arse32z05.ocx
C:\WINDOWS\System32\1053s9arse32z05.ocx NOT unregistered.
C:\WINDOWS\System32\1053s9arse32z05.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5zebsparse9555.ocx
C:\WINDOWS\System32\5zebsparse9555.ocx NOT unregistered.
C:\WINDOWS\System32\5zebsparse9555.ocx moved successfully.
LoadLibrary failed for C:\WINDOWS\z993s9ars52211.dll
C:\WINDOWS\z993s9ars52211.dll NOT unregistered.
C:\WINDOWS\z993s9ars52211.dll moved successfully.
C:\WINDOWS\System32\55f95za9se947.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\61f5spzw9re566.dll
C:\WINDOWS\System32\61f5spzw9re566.dll NOT unregistered.
C:\WINDOWS\System32\61f5spzw9re566.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\50551hack9zol132.ocx
C:\WINDOWS\System32\50551hack9zol132.ocx NOT unregistered.
C:\WINDOWS\System32\50551hack9zol132.ocx moved successfully.
C:\WINDOWS\System32\z0571troj7a9.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5925worz5589.dll
C:\WINDOWS\System32\5925worz5589.dll NOT unregistered.
C:\WINDOWS\System32\5925worz5589.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\378fdownloadz59415.dll
C:\WINDOWS\System32\378fdownloadz59415.dll NOT unregistered.
C:\WINDOWS\System32\378fdownloadz59415.dll moved successfully.
C:\WINDOWS\System32\9ze0sp5ware1716.bin moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5986vzr1972.ocx
C:\WINDOWS\System32\5986vzr1972.ocx NOT unregistered.
C:\WINDOWS\System32\5986vzr1972.ocx moved successfully.
C:\WINDOWS\System32\6934ziru595b.bin moved successfully.
C:\WINDOWS\System32\10119pambotz56.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\3676s9ywar51z07.dll
C:\WINDOWS\System32\3676s9ywar51z07.dll NOT unregistered.
C:\WINDOWS\System32\3676s9ywar51z07.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\18206zir5s954.ocx
C:\WINDOWS\System32\18206zir5s954.ocx NOT unregistered.
C:\WINDOWS\System32\18206zir5s954.ocx moved successfully.
C:\WINDOWS\System32\30595spy6zd.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\25faaddwzr91122.dll
C:\WINDOWS\System32\25faaddwzr91122.dll NOT unregistered.
C:\WINDOWS\System32\25faaddwzr91122.dll moved successfully.
C:\WINDOWS\System32\6z9caddware5918.cpl moved successfully.
C:\WINDOWS\System32\1295ha9ktool6z7.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\7405dzwnlo9der282.dll
C:\WINDOWS\System32\7405dzwnlo9der282.dll NOT unregistered.
C:\WINDOWS\System32\7405dzwnlo9der282.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\499zspyware579.dll
C:\WINDOWS\System32\499zspyware579.dll NOT unregistered.
C:\WINDOWS\System32\499zspyware579.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5103b9ckzoor5938.ocx
C:\WINDOWS\System32\5103b9ckzoor5938.ocx NOT unregistered.
C:\WINDOWS\System32\5103b9ckzoor5938.ocx moved successfully.
C:\WINDOWS\System32\16866spamboz395.exe moved successfully.
C:\WINDOWS\System32\7z50sparse2592.bin moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\6433nzt-a5virus799.dll
C:\WINDOWS\System32\6433nzt-a5virus799.dll NOT unregistered.
C:\WINDOWS\System32\6433nzt-a5virus799.dll moved successfully.
C:\WINDOWS\System32\2a9estzal1053.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\5952t9rez528990.dll
C:\WINDOWS\System32\5952t9rez528990.dll NOT unregistered.
C:\WINDOWS\System32\5952t9rez528990.dll moved successfully.
C:\WINDOWS\System32\1z930hackto9525c.cpl moved successfully.
C:\WINDOWS\System32\1z979tr5j715.bin moved successfully.
C:\WINDOWS\System32\75509hief2593z.cpl moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\zc355ddwa9e261.ocx
C:\WINDOWS\System32\zc355ddwa9e261.ocx NOT unregistered.
C:\WINDOWS\System32\zc355ddwa9e261.ocx moved successfully.
C:\WINDOWS\System32\1a37szars97185.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\29465wor56z1.dll
C:\WINDOWS\System32\29465wor56z1.dll NOT unregistered.
C:\WINDOWS\System32\29465wor56z1.dll moved successfully.
Error: Unable to interpret <:C:\WINDOWS\z79295rm6ec.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\zf27v5r23599.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\31742tro56zf9.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\180z0spa5bo9691.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\15edthief94z.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\58best5al265z9.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3c5aspzrs91422.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5592spamzo9629.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5b85s5yzare499.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\25500viru95ez5.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\10959wo5m6ze.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\955z7spyf0.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\z514tr9j2fc.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\792dspazse6875.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\39ezstea5782.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1zf8s9yware22595.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\267149irus5z.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3544zworm1e9.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\17408tr9535z.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\378bthiez92445.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\35ceaddwarez6989.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7790s9ealz9225.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\z6195spy.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\737hack9z5l318.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\969z1spy735.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\15569py43ez.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\27586trojzad9.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3177trzj5939.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2c2espa9sez355.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1z953tr9j560.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\pythoncom25.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\pywintypes25.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\725fst9al52z.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5daz5hie91654.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1951tzreat30879.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\13051t9oj75z.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\4099add5aze14.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\15151zroj9ab.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\z94fspyware2559.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\29156hacktzol6bc5.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7359spazbot527.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\z959steal2253.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\25215pamzot239.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2915zspy25.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\z6391troj6a95.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\z73955pambot5829.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1z429spy560.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1e94dowzl5ader501.dll> in the current context!
Error: Unable to interpret <[C:\WINDOWS\System32\17004hzcktool2559.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\439not-a-zir5s12e.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5629trz9597.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\4231hac5tool3z9.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\789cv5z3009.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\504fztea52595.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6897not9a-virzs157.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2zb6spywar95451.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1711tzre9t52007.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\27d5downlz9de52018.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5f2vi9z182.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\33z9spam5ot19c.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\30557vir9s664z.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7d10zir599.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\41f7tz9e5812.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7266hackzoo5987.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\19994spz573.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5zd9parse935.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\24898spazbo57b1.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\a05th5eat29z96.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\bf9viz825.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\289zsteal29505.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7859threat2353z9.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\zc595dware67.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7d45virz984.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3zf1thief9541.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\49acthreaz18815.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\4ea59hizf1904.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\25858s5ambot6ez9.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\9506wozm69.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2z9athie52863.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\273dspywaze55719.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6973zpyware3295.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1a11ste9l2z75.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5e77ste9lz944.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\95552worz316.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\13754hackzo9l506.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5czaa5dware6979.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\f5fszarse991.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3509adzware20125.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\53211zorm5b9.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\537279iruz64c.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5f51thrza911517.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3b57threaz3299.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2z249hack5ool9b.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\8541ha5ztool59f.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3a05downlozde92525.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\4f179ir53z.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\9z59spy541.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\10546worz4159.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5583sparse96z7.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\aa9backdozr28095.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7b9cad5w9re28z0.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6979worz15a.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\17992spy74z5.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\52091troj2zc9.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\10369not-azvi9us53f.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1z2365orm795.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\z892s9y515.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\16715n5t9a-virusz9c.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\zdb1vir14059.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\552csparse19z4.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1053s9arse32z05.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5zebsparse9555.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\z993s9ars52211.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\55f95za9se947.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\61f5spzw9re566.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\50551hack9zol132.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\z0571troj7a9.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5925worz5589.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\378fdownloadz59415.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\9ze0sp5ware1716.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5986vzr1972.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6934ziru595b.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\10119pambotz56.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3676s9ywar51z07.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\18206zir5s954.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\30595spy6zd.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\25faaddwzr91122.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6z9caddware5918.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1295ha9ktool6z7.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7405dzwnlo9der282.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\499zspyware579.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5103b9ckzoor5938.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\16866spamboz395.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7z50sparse2592.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\6433nzt-a5virus799.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\2a9estzal1053.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5952t9rez528990.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1z930hackto9525c.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1z979tr5j715.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\75509hief2593z.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\zc355ddwa9e261.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1a37szars97185.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\29465wor56z1.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\z79295rm6ec.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\zf27v5r23599.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\31742tro56zf9.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\180z0spa5bo9691.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\15edthief94z.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\58best5al265z9.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3c5aspzrs91422.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5592spamzo9629.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\5b85s5yzare499.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\25500viru95ez5.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\10959wo5m6ze.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\955z7spyf0.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\z514tr9j2fc.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\792dspazse6875.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\39ezstea5782.bin> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\1zf8s9yware22595.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\267149irus5z.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\3544zworm1e9.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\17408tr9535z.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\378bthiez92445.cpl> in the current context!
Error: Unable to interpret <C:\*.sqm> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\35ceaddwarez6989.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\7790s9ealz9225.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\z6195spy.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\737hack9z5l318.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\ezsidmv.dat> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\969z1spy735.ocx> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\15569py43ez.cpl> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\27586trojzad9.cpl> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Philippe\Application Data\EoRezo> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Sylvie\Application Data\EoRezo> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Underdead\Application Data\EoRezo> in the current context!
Error: Unable to interpret <C:\Documents and Settings\William\Application Data\EoRezo> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 622 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Philippe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11967 bytes
->Java cache emptied: 1493218 bytes
->FireFox cache emptied: 110553458 bytes

User: Sylvie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 868254 bytes
->FireFox cache emptied: 63730125 bytes

User: Underdead
->Temp folder emptied: 278757 bytes
->Temporary Internet Files folder emptied: 826234 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105533235 bytes
->Apple Safari cache emptied: 371544 bytes

User: William
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96930834 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\NV38163820.TMP folder deleted successfully.
%systemroot% .tmp files removed: 2245098 bytes
%systemroot%\System32 .tmp files removed: 3790336 bytes
Windows Temp folder emptied: 5514 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 368,79 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08052009_020856

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.
0
Réponse 32 / 57
Utilisateur anonyme
 
refais combofix stp
0
Réponse 33 / 57
underdead
 
ComboFix 09-08-03.04 - Underdead 05/08/2009 9:20.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.550 [GMT 2:00]
Running from: c:\documents and settings\Underdead\Bureau\Greg.exe.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\10710w9zm605.ocx
c:\windows\system32\10959wo5m6ze.dll
c:\windows\system32\119bspyw5rez61.cpl
c:\windows\system32\120979zck5ool647.cpl
c:\windows\system32\1277ztr9j151.ocx
c:\windows\system32\1291s9azbo516f.exe
c:\windows\system32\13051t9oj75z.dll
c:\windows\system32\13959zr2528.cpl
c:\windows\system32\142z8worm759.bin
c:\windows\system32\149185orm31z.cpl
c:\windows\system32\1495ba9kdozr5529.exe
c:\windows\system32\14z95acktool742.ocx
c:\windows\system32\15000hack9ool5b8z.ocx
c:\windows\system32\150dspars5198z.ocx
c:\windows\system32\15151zroj9ab.dll
c:\windows\system32\15569py43ez.cpl
c:\windows\system32\155769pa5botz6f.bin
c:\windows\system32\158659otza-virus2dc.ocx
c:\windows\system32\15903nzt-a-9irus50f.bin
c:\windows\system32\15edthief94z.bin
c:\windows\system32\1615azdware19399.exe
c:\windows\system32\16499wozm5059.bin
c:\windows\system32\17004hzcktool2559.dll
c:\windows\system32\1711tzre9t52007.dll
c:\windows\system32\17408tr9535z.exe
c:\windows\system32\17699spamzot5a0.exe
c:\windows\system32\180z0spa5bo9691.cpl
c:\windows\system32\183175pzmbot190.cpl
c:\windows\system32\18990virz52.bin
c:\windows\system32\19135spy35fz.bin
c:\windows\system32\191v9ruz5a55.cpl
c:\windows\system32\19342wor52cz.cpl
c:\windows\system32\1950threat15z14.cpl
c:\windows\system32\1951tzreat30879.dll
c:\windows\system32\1959vzr159.ocx
c:\windows\system32\19655spyz729.exe
c:\windows\system32\19994spz573.dll
c:\windows\system32\19adth5eat2163z.ocx
c:\windows\system32\1e94dowzl5ader501.dll
c:\windows\system32\1z429spy560.dll
c:\windows\system32\1z7995irus3a5.bin
c:\windows\system32\1z9525roje4.cpl
c:\windows\system32\1z953tr9j560.dll
c:\windows\system32\1z959virusab.bin
c:\windows\system32\1z999wo954c.exe
c:\windows\system32\1zf8s9yware22595.exe
c:\windows\system32\20091sp56z1.ocx
c:\windows\system32\203139zrus75.bin
c:\windows\system32\20639tea5z446.ocx
c:\windows\system32\20z5spambot9bb.bin
c:\windows\system32\219cdownloa5er89z.ocx
c:\windows\system32\2257s9ambot5cz.ocx
c:\windows\system32\23533spam5ot39z.ocx
c:\windows\system32\23c7steal95z25.cpl
c:\windows\system32\24059zorm9b1.cpl
c:\windows\system32\24582sza9bot53d.ocx
c:\windows\system32\25215pamzot239.dll
c:\windows\system32\2549virusz29.bin
c:\windows\system32\25500viru95ez5.ocx
c:\windows\system32\25750hacztool299.exe
c:\windows\system32\25919worm435z.bin
c:\windows\system32\261859z542.ocx
c:\windows\system32\26423sp5mbot39z.ocx
c:\windows\system32\2649viz505.exe
c:\windows\system32\267149irus5z.ocx
c:\windows\system32\26765not-a-vz9us475.bin
c:\windows\system32\26942tzo56a6.cpl
c:\windows\system32\27586trojzad9.cpl
c:\windows\system32\27d5downlz9de52018.dll
c:\windows\system32\28025zpy529.cpl
c:\windows\system32\28565spazbot19.ocx
c:\windows\system32\2895zn9t-a-virusdc.cpl
c:\windows\system32\28z56hacktool69c.ocx
c:\windows\system32\29156hacktzol6bc5.dll
c:\windows\system32\2915zspy25.dll
c:\windows\system32\295z9spamb5t5a8.exe
c:\windows\system32\29659spy189z.exe
c:\windows\system32\29869not-a-viruz25c.cpl
c:\windows\system32\29958zpy5c5.cpl
c:\windows\system32\29a0zo5nloader267.bin
c:\windows\system32\2a545zrea93811.bin
c:\windows\system32\2c2espa9sez355.dll
c:\windows\system32\2f9zvir625.exe
c:\windows\system32\2z929spy526.ocx
c:\windows\system32\2zb6spywar95451.dll
c:\windows\system32\30557vir9s664z.dll
c:\windows\system32\311695pzmbot7b7.cpl
c:\windows\system32\31255viz5s249.cpl
c:\windows\system32\31256n5tza-9irus2ea.exe
c:\windows\system32\31542hackzoo519f.cpl
c:\windows\system32\31742tro56zf9.bin
c:\windows\system32\3177trzj5939.dll
c:\windows\system32\33a0spzrse56729.exe
c:\windows\system32\33z9spam5ot19c.dll
c:\windows\system32\34f55z9al905.bin
c:\windows\system32\3544zworm1e9.ocx
c:\windows\system32\356czi9701.cpl
c:\windows\system32\3581hacztool559.bin
c:\windows\system32\3593b5ckdzor972.cpl
c:\windows\system32\35ceaddwarez6989.ocx
c:\windows\system32\35z7down5oade9423.ocx
c:\windows\system32\378bthiez92445.cpl
c:\windows\system32\37z8addwa5e2916.cpl
c:\windows\system32\3929bac5doorz632.ocx
c:\windows\system32\39ezstea5782.bin
c:\windows\system32\3a9ethizf31275.exe
c:\windows\system32\3c5aspzrs91422.exe
c:\windows\system32\4099add5aze14.dll
c:\windows\system32\41f7tz9e5812.dll
c:\windows\system32\4231hac5tool3z9.dll
c:\windows\system32\42d4s9eaz5646.exe
c:\windows\system32\439e9a5kzoor1705.bin
c:\windows\system32\439not-a-zir5s12e.dll
c:\windows\system32\44f45ack9zor2506.bin
c:\windows\system32\4554z9r1928.bin
c:\windows\system32\49695ot-z-virus504.ocx
c:\windows\system32\4a50t5ief962z.cpl
c:\windows\system32\4d49do9nzoader5699.cpl
c:\windows\system32\4e39add9aze9225.cpl
c:\windows\system32\5035not-a-vi9u5za5.exe
c:\windows\system32\504fztea52595.dll
c:\windows\system32\5087thr9atz2740.cpl
c:\windows\system32\5254vir7z59.bin
c:\windows\system32\53489ackdooz2187.bin
c:\windows\system32\535fback9ooz1254.bin
c:\windows\system32\5391zo5m79b.cpl
c:\windows\system32\5400addw5r9z239.exe
c:\windows\system32\54929pzware1363.cpl
c:\windows\system32\550ds5arse282z9.ocx
c:\windows\system32\5531zpambot594.exe
c:\windows\system32\5566ha9ktzol399.ocx
c:\windows\system32\5587sp9ware193z.cpl
c:\windows\system32\5592spamzo9629.ocx
c:\windows\system32\55bcspyzare25499.ocx
c:\windows\system32\5629trz9597.dll
c:\windows\system32\5685threat66z59.cpl
c:\windows\system32\5743sparse192z.cpl
c:\windows\system32\57z27tro96f4.bin
c:\windows\system32\58best5al265z9.cpl
c:\windows\system32\594dthiefz4095.cpl
c:\windows\system32\5952vir1z82.bin
c:\windows\system32\5977ste9514z9.cpl
c:\windows\system32\5b85s5yzare499.ocx
c:\windows\system32\5bb6doz5l9ader2471.exe
c:\windows\system32\5ca1st9al6z9.bin
c:\windows\system32\5d1thizf95585.bin
c:\windows\system32\5daz5hie91654.dll
c:\windows\system32\5f2vi9z182.dll
c:\windows\system32\5ff9szeal29595.exe
c:\windows\system32\5z1cvir9049.exe
c:\windows\system32\5z2not-a-viru9754.ocx
c:\windows\system32\5z549spambot5a3.bin
c:\windows\system32\5z63tr9j471.ocx
c:\windows\system32\5zb95ddwa9e2934.bin
c:\windows\system32\5zd5sp9rse1586.exe
c:\windows\system32\5zd9parse935.dll
c:\windows\system32\5zf9vi51855.ocx
c:\windows\system32\6409zackdoor65.bin
c:\windows\system32\64b3spars5288z9.ocx
c:\windows\system32\655ethi593133z.ocx
c:\windows\system32\65eas9zal564.cpl
c:\windows\system32\6602b5ckd9oz614.cpl
c:\windows\system32\669btz95f977.cpl
c:\windows\system32\669c5ze9l2422.ocx
c:\windows\system32\66b0spa5sez6449.cpl
c:\windows\system32\6846bac5d9or23z7.ocx
c:\windows\system32\6897not9a-virzs157.dll
c:\windows\system32\698cv5r13z.bin
c:\windows\system32\69c4st5al5z.exe
c:\windows\z34t9rea518926.ocx
c:\windows\z4t5reat9724.ocx
c:\windows\z5adaddw59e304.cpl
c:\windows\z65ebackd9or947.bin
c:\windows\z73955pambot5829.dll
c:\windows\z746sp95da.cpl
c:\windows\z7499wo5m119.ocx
c:\windows\z79295rm6ec.cpl
c:\windows\z88aad5w9re2244.exe
c:\windows\z8e2s5ar9e3259.cpl
c:\windows\z959steal2253.dll
c:\windows\z960ste5l381.bin

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 00:08 . 2009-08-05 00:08 -------- d-----w- C:\_OTL
2009-08-03 11:25 . 2009-08-03 12:01 -------- d-----w- c:\program files\VS Revo Group
2009-08-03 00:05 . 2009-08-03 18:01 -------- d-----w- c:\program files\trend micro
2009-08-02 23:38 . 2009-08-02 23:38 8286 ----a-w- c:\windows\system32\955z7spyf0.bin
2009-08-02 23:38 . 2009-08-02 23:38 6171 ----a-w- c:\windows\system32\792dspazse6875.exe
2009-08-02 23:38 . 2009-08-02 23:38 14216 ----a-w- c:\windows\system32\zf27v5r23599.exe
2009-08-02 18:08 . 2009-08-02 18:08 -------- d-----w- c:\program files\INFORAD_DRIVERS
2009-08-02 18:08 . 2004-12-20 19:56 134144 ----a-w- c:\windows\system32\ifdreset.exe
2009-08-02 18:08 . 2009-08-02 19:50 -------- d-----w- c:\program files\INFORAD
2009-08-02 18:08 . 2004-06-28 13:08 42752 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-07-09 20:19 . 2009-07-09 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-07-07 22:51 . 2009-07-07 22:50 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-07 20:48 . 2009-07-07 20:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-07 15:37 . 2009-07-07 15:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-07 15:37 . 2009-08-05 07:12 -------- d-----w- c:\documents and settings\Underdead\Application Data\skypePM
2009-07-07 15:33 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\Underdead\Application Data\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----r- c:\program files\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-06 21:49 . 2009-07-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 19:31 . 2008-09-17 19:33 -------- d-----w- c:\documents and settings\Underdead\Application Data\uTorrent
2009-08-04 11:27 . 2007-10-20 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-03 22:38 . 2004-08-05 12:00 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 22:38 . 2004-08-05 12:00 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-07 22:52 . 2007-10-20 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 22:51 . 2009-05-14 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-06 21:48 . 2009-05-29 18:23 -------- d-----w- c:\documents and settings\Underdead\Application Data\CyberLink
2009-07-03 09:43 . 2007-10-30 08:12 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-02 14:37 . 2009-07-02 14:33 -------- d-----w- c:\program files\CyberLink
2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 17:20 . 2007-10-20 14:52 81168 ----a-w- c:\documents and settings\Sylvie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:36 . 2008-01-09 17:50 81168 ----a-w- c:\documents and settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 19:13 . 2008-07-04 09:31 81168 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 12:30 . 2004-07-16 12:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2009-08-04 23:47 . 2008-08-27 18:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-04_20.12.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 07:09 . 2009-08-05 07:09 16384 c:\windows\Temp\Perflib_Perfdata_3c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-29 949376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Underdead^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Underdead\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29/10/2007 19:44 15424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Underdead\Application Data\Mozilla\Firefox\Profiles\0e61utd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 09:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,f1,17,90,c8,92,a5,49,04,3d,55,2f,7b,81,9f,c4,82,d6,3f,db,5e,
ec,42,10,a2,f0,e1,c9,d3,24,f9,de,f4,0c,97,49,23,71,5e,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82eb7d08-e2a5-49ef-af46-c6b2554b31e9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2009-08-05 9:32
ComboFix-quarantined-files.txt 2009-08-05 07:32
ComboFix2.txt 2009-08-04 20:20
ComboFix3.txt 2009-08-04 00:35

Pre-Run: 51 508 838 400 octets libres
Post-Run: 51 460 300 800 octets libres

353 --- E O F --- 2009-08-04 11:27
0
Réponse 34 / 57
Utilisateur anonyme
 
salut :

Allez hop ! on l'achève ce coup-ci :)


__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\windows\system32\955z7spyf0.bin
c:\windows\system32\792dspazse6875.exe
c:\windows\system32\zf27v5r23599.exe
c:\windows\system32\ifdreset.exe
c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.e­xe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Underdead^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"=-
"6112:TCP"=-
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 35 / 57
underdead
 
ComboFix 09-08-03.04 - Underdead 05/08/2009 12:34.4.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.485 [GMT 2:00]
Running from: c:\documents and settings\Underdead\Bureau\Greg.exe.exe
Command switches used :: c:\documents and settings\Underdead\Bureau\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.e­xe"
"c:\windows\system32\792dspazse6875.exe"
"c:\windows\system32\955z7spyf0.bin"
"c:\windows\system32\ifdreset.exe"
"c:\windows\system32\zf27v5r23599.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\69cbzh5ef3002.ocx
c:\windows\system32\6be9hrza532573.exe
c:\windows\system32\6e6zsp5r9e748.ocx
c:\windows\system32\6z66s5y4d59.exe
c:\windows\system32\6z79download5r706.cpl
c:\windows\system32\725fst9al52z.dll
c:\windows\system32\7266hackzoo5987.dll
c:\windows\system32\729z5teal3135.exe
c:\windows\system32\7308dow9z5ader2057.exe
c:\windows\system32\7359spazbot527.dll
c:\windows\system32\737hack9z5l318.ocx
c:\windows\system32\7790s9ealz9225.cpl
c:\windows\system32\7799hacktool54z.cpl
c:\windows\system32\77d9spz5se116.exe
c:\windows\system32\785zvir15379.bin
c:\windows\system32\789cv5z3009.dll
c:\windows\system32\78f0v9r283z5.ocx
c:\windows\system32\792dspazse6875.exe
c:\windows\system32\7994vir1z559.ocx
c:\windows\system32\7b29spywa9e210z5.cpl
c:\windows\system32\7d10zir599.dll
c:\windows\system32\7f99spzware582.bin
c:\windows\system32\7z97vir5s49e.cpl
c:\windows\system32\83z95acktool516.exe
c:\windows\system32\8551spy9ez.exe
c:\windows\system32\93584w5rz56e.bin
c:\windows\system32\935bthreat4z33.bin
c:\windows\system32\93a3s5arze1920.ocx
c:\windows\system32\95019troj4z1.exe
c:\windows\system32\955z7spyf0.bin
c:\windows\system32\95c1spzrse2560.cpl
c:\windows\system32\95z6spy276.exe
c:\windows\system32\969z1spy735.ocx
c:\windows\system32\97429ot-a-v5rusz0e.bin
c:\windows\system32\981825orm55z.ocx
c:\windows\system32\985zwor95f.bin
c:\windows\system32\f3steal957z.exe
c:\windows\system32\f57zownl9ader1696.exe
c:\windows\system32\f9aaddw5rz2884.ocx
c:\windows\system32\ifdreset.exe
c:\windows\system32\z00439orm65c.cpl
c:\windows\system32\z1047troj559.ocx
c:\windows\system32\z3205s9y159.cpl
c:\windows\system32\z35125or9b0.exe
c:\windows\system32\z514tr9j2fc.ocx
c:\windows\system32\z558troj1b9.exe
c:\windows\system32\z5757worm3d9.exe
c:\windows\system32\z6391troj6a95.dll
c:\windows\system32\z65125orm9ec.cpl
c:\windows\system32\z745sp9mbot47.ocx
c:\windows\system32\z8599spy476.cpl
c:\windows\system32\z929b9ckdoor6985.ocx
c:\windows\system32\z94fspyware2559.dll
c:\windows\system32\zef9thief8275.cpl
c:\windows\system32\zf27v5r23599.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 00:08 . 2009-08-05 00:08 -------- d-----w- C:\_OTL
2009-08-03 11:25 . 2009-08-03 12:01 -------- d-----w- c:\program files\VS Revo Group
2009-08-03 00:05 . 2009-08-03 18:01 -------- d-----w- c:\program files\trend micro
2009-08-02 18:08 . 2009-08-02 18:08 -------- d-----w- c:\program files\INFORAD_DRIVERS
2009-08-02 18:08 . 2009-08-02 19:50 -------- d-----w- c:\program files\INFORAD
2009-08-02 18:08 . 2004-06-28 13:08 42752 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-07-09 20:19 . 2009-07-09 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink
2009-07-07 22:51 . 2009-07-07 22:50 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-07 20:48 . 2009-07-07 20:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-07 15:37 . 2009-07-07 15:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-07 15:37 . 2009-08-05 07:12 -------- d-----w- c:\documents and settings\Underdead\Application Data\skypePM
2009-07-07 15:33 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\Underdead\Application Data\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----r- c:\program files\Skype
2009-07-07 15:32 . 2009-07-07 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-06 21:49 . 2009-07-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 19:31 . 2008-09-17 19:33 -------- d-----w- c:\documents and settings\Underdead\Application Data\uTorrent
2009-08-04 11:27 . 2007-10-20 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-03 22:38 . 2004-08-05 12:00 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-03 22:38 . 2004-08-05 12:00 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-07 22:52 . 2007-10-20 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 22:51 . 2009-05-14 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-06 21:48 . 2009-05-29 18:23 -------- d-----w- c:\documents and settings\Underdead\Application Data\CyberLink
2009-07-03 09:43 . 2007-10-30 08:12 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-02 14:37 . 2009-07-02 14:33 -------- d-----w- c:\program files\CyberLink
2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 17:20 . 2007-10-20 14:52 81168 ----a-w- c:\documents and settings\Sylvie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:36 . 2008-01-09 17:50 81168 ----a-w- c:\documents and settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 19:13 . 2008-07-04 09:31 81168 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-16 12:30 . 2004-07-16 12:30 3858 ----a-w- c:\program files\directx redist.txt
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2009-08-04 23:47 . 2008-08-27 18:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-04_20.12.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 07:09 . 2009-08-05 07:09 16384 c:\windows\Temp\Perflib_Perfdata_3c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-29 949376]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29/10/2007 19:44 15424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Underdead\Application Data\Mozilla\Firefox\Profiles\0e61utd3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,f1,17,90,c8,92,a5,49,04,3d,55,2f,7b,81,9f,c4,82,d6,3f,db,5e,
ec,42,10,a2,f0,e1,c9,d3,24,f9,de,f4,0c,97,49,23,71,5e,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82eb7d08-e2a5-49ef-af46-c6b2554b31e9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2009-08-05 12:46
ComboFix-quarantined-files.txt 2009-08-05 10:46
ComboFix2.txt 2009-08-05 07:32
ComboFix3.txt 2009-08-04 20:20
ComboFix4.txt 2009-08-04 00:35

Pre-Run: 51 429 187 584 octets libres
Post-Run: 51 414 720 512 octets libres

224 --- E O F --- 2009-08-04 11:27
0
Réponse 36 / 57
Utilisateur anonyme
 
bien redemarre ton ordi et refais un OTL tout neuf
0
Réponse 37 / 57
olivier35
 
télécharge Revo Ununstaller et positionne le curseur sur ton icone en bas à droite.click droit et désinstalle. moi ça à marché en 30 secondes !
0
Réponse 38 / 57
olivier35
 
je m'étonne de votre question...........ne vous 'noyer' pas dans votre technique.trop compliqué.........
0
Réponse 39 / 57
Utilisateur anonyme
 
keskiredilui ?
0
Réponse 40 / 57
Underdead Messages postés 27 Statut Membre 2
 
http://www.cijoint.fr/cjlink.php?file=cj200908/cijbdYw0xo.txt
0

Discussions similaires

Supprimer compte Tendermeets.com
anonyme -
anonyme -

1 réponse