Parffrap

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 3 mai 2008
Dernière visite
le 13 janvier 2009

Profile Information

Sexe
Male

Autres informations

Mes langues
Français

Parffrap's Achievements

Junior Member (3/12)

Réputation sur la communauté

Fichu Virus Packed Win32 Monder

Parffrap a répondu à un(e) sujet de Parffrap dans Analyses et éradication malwares

Bonjour à tous, Je suis de retour après ce bon laps de temps. En tout cas, je vous tire mon chapeau , le virus a été éradiqué il a fallu du temps à AntiVir mais le résultat est là, merci beaucoup à mes deux docteurs. Parffrap.
- le 7 mai 2008
- 3 réponses
Fichu Virus Packed Win32 Monder

Parffrap a posté un sujet dans Analyses et éradication malwares

Bonsoir à tous, J'ai parcouru ce site et je voudrai savoir si le script que j'ai fait est correct pour supprimer ce satané virus. --------------------------------------------------------------------------------------------------------------------------- Voici d'abord le rapport de HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:02:54, on 24/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\hjt\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...NPHxkupjUS0Iw== R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe" O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe" O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [j3271633] rundll32 C:\WINDOWS\system32\j3271633.dll sook O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [fcc238f0] rundll32.exe "C:\WINDOWS\system32\lpfarivr.dll",b O4 - HKLM\..\Run: [bMfff10b6c] Rundll32.exe "C:\WINDOWS\system32\vglemxby.dll",s O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10121 bytes --------------------------------------------------------------------------------------------------------------------------- Le rapport de ComboFix : ComboFix 08-04-16.5 - Eric 2008-04-24 22:52:19.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1411 [GMT 2:00] Endroit: D:\eric\virus\ComboFix.exe * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))))))) . 2008-04-24 22:14 . 2008-04-24 22:14 268 --ah----- C:\sqmdata00.sqm 2008-04-24 22:14 . 2008-04-24 22:14 244 --ah----- C:\sqmnoopt00.sqm 2008-04-24 22:00 . 2008-04-24 22:02 <REP> d-------- C:\hjt 2008-04-24 21:28 . 2008-04-24 21:28 <REP> d-------- C:\Program Files\MSXML 4.0 2008-04-10 18:31 . 2008-04-10 18:31 3,648 --a------ C:\WINDOWS\system32\fxxswjht.dll 2008-04-10 18:28 . 2008-04-10 18:28 88,128 --a------ C:\WINDOWS\system32\vglemxby.dll.bak 2008-04-09 16:55 . 2008-04-09 16:55 3,648 --a------ C:\WINDOWS\system32\xpthwyhv.dll 2008-04-08 22:27 . 2008-04-08 22:27 3,648 --a------ C:\WINDOWS\system32\tsnixobs.dll 2008-04-08 21:57 . 2008-04-08 21:57 3,648 --a------ C:\WINDOWS\system32\kbpmpogk.dll 2008-04-05 14:18 . 2008-04-05 14:18 <REP> d-------- C:\Documents and Settings\Eric\Application Data\Apple Computer 2008-04-05 14:13 . 2008-04-05 14:13 <REP> d-------- C:\Documents and Settings\Eric\Application Data\Leadertech 2008-04-05 13:56 . 2008-04-05 13:56 89,664 --a------ C:\WINDOWS\system32\mxdkrmvj.dll 2008-04-05 13:53 . 2008-04-05 13:53 87,104 --a------ C:\WINDOWS\system32\nvotidob.dll 2008-04-04 19:53 . 2008-04-05 13:51 1,396,866 ---hs---- C:\WINDOWS\system32\yjqtmepc.ini 2008-04-04 19:50 . 2008-04-04 19:50 90,176 --a------ C:\WINDOWS\system32\jxxalobn.dll 2008-04-04 19:47 . 2008-04-04 19:47 87,104 --a------ C:\WINDOWS\system32\wuxmveeb.dll 2008-04-03 18:42 . 2008-04-03 18:42 89,152 --a------ C:\WINDOWS\system32\ihglpcll.dll 2008-04-03 18:39 . 2008-04-04 19:47 1,607,675 ---hs---- C:\WINDOWS\system32\oswsmdsr.ini 2008-04-03 18:36 . 2008-04-03 18:36 88,640 --a------ C:\WINDOWS\system32\koppjgpc.dll 2008-04-02 20:55 . 2008-04-03 18:36 1,308,134 ---hs---- C:\WINDOWS\system32\okiicqse.ini 2008-04-02 20:52 . 2008-04-02 20:52 91,712 --a------ C:\WINDOWS\system32\cjpcxgxg.dll 2008-04-02 20:49 . 2008-04-02 20:49 88,128 --a------ C:\WINDOWS\system32\nbgpsatj.dll 2008-04-01 19:36 . 2008-04-02 20:50 1,342,578 ---hs---- C:\WINDOWS\system32\fgluxqbs.ini 2008-04-01 19:33 . 2008-04-01 19:33 90,688 --a------ C:\WINDOWS\system32\rflcxbkr.dll 2008-04-01 19:30 . 2008-04-01 19:30 88,128 --a------ C:\WINDOWS\system32\stxaarbp.dll 2008-03-31 18:01 . 2008-04-01 19:30 1,497,900 ---hs---- C:\WINDOWS\system32\rtcitovn.ini 2008-03-31 17:58 . 2008-03-31 17:58 90,688 --a------ C:\WINDOWS\system32\nrwcdjbr.dll 2008-03-30 20:34 . 2008-03-30 20:44 <REP> d-------- C:\Program Files\QuickTime 2008-03-30 20:34 . 2008-03-30 20:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-30 20:33 . 2008-04-05 14:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-30 20:33 . 2008-03-30 20:33 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-30 19:58 . 2008-03-30 19:58 90,176 --a------ C:\WINDOWS\system32\ueuousvo.dll 2008-03-30 19:55 . 2008-03-31 17:56 1,576,498 ---hs---- C:\WINDOWS\system32\okewvuvx.ini 2008-03-30 19:52 . 2008-03-30 19:52 88,128 --a------ C:\WINDOWS\system32\tilesuth.dll 2008-03-29 20:18 . 2008-03-29 20:18 90,176 --a------ C:\WINDOWS\system32\jvbhrqtr.dll 2008-03-29 20:15 . 2008-03-30 19:51 1,587,721 ---hs---- C:\WINDOWS\system32\jwxwfjmx.ini 2008-03-29 20:12 . 2006-09-05 21:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys 2008-03-29 20:12 . 2006-09-05 21:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys 2008-03-29 20:12 . 2008-03-29 20:12 86,592 --a------ C:\WINDOWS\system32\aajiwhhe.dll 2008-03-29 20:12 . 2006-09-05 21:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys 2008-03-29 20:12 . 2006-09-05 21:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys 2008-03-29 19:56 . 2006-09-05 21:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys 2008-03-29 19:55 . 2006-09-05 21:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys 2008-03-29 19:55 . 2006-09-05 21:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys 2008-03-29 19:55 . 2006-09-05 21:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys 2008-03-29 19:55 . 2006-09-05 21:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys 2008-03-29 19:55 . 2006-09-05 21:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys 2008-03-29 19:55 . 2006-09-05 21:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys 2008-03-29 19:55 . 2006-09-05 21:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys 2008-03-29 19:26 . 2008-03-29 19:26 <REP> d-------- C:\Documents and Settings\Eric\Application Data\Teleca 2008-03-29 19:24 . 2008-03-29 19:24 <REP> d-------- C:\Documents and Settings\Eric\Application Data\Sony Ericsson 2008-03-29 19:22 . 2008-03-29 19:22 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared 2008-03-29 19:22 . 2008-03-29 19:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-03-29 19:21 . 2008-03-29 19:21 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-03-29 19:21 . 2008-03-29 19:21 <REP> d-------- C:\Program Files\Sony Ericsson 2008-03-29 19:21 . 2008-03-29 19:22 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared 2008-03-29 19:21 . 2008-03-29 19:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-03-29 19:16 . 2008-03-29 19:16 <REP> d-------- C:\Program Files\Disc2Phone 2008-03-29 12:18 . 2008-03-29 12:18 90,176 --a------ C:\WINDOWS\system32\acklcdop.dll 2008-03-29 12:16 . 2008-03-29 20:10 1,622,230 ---hs---- C:\WINDOWS\system32\uxibynih.ini 2008-03-29 12:16 . 2008-03-29 12:16 86,592 --a------ C:\WINDOWS\system32\qubhqbii.dll 2008-03-28 20:16 . 2008-03-28 20:16 90,688 --a------ C:\WINDOWS\system32\rgecuqqk.dll 2008-03-28 20:13 . 2008-03-29 11:59 1,666,543 ---hs---- C:\WINDOWS\system32\ibgqeeev.ini 2008-03-28 20:10 . 2008-03-28 20:10 87,616 --a------ C:\WINDOWS\system32\ufuakuyt.dll 2008-03-27 17:54 . 2008-03-28 20:09 1,666,423 ---hs---- C:\WINDOWS\system32\vrehdjsq.ini 2008-03-27 17:51 . 2008-03-27 17:51 92,224 --a------ C:\WINDOWS\system32\dcaurtdb.dll 2008-03-27 17:48 . 2008-03-27 17:48 93,248 --a------ C:\WINDOWS\system32\lhmyajfs.dll 2008-03-26 20:41 . 2008-03-27 17:48 1,621,700 ---hs---- C:\WINDOWS\system32\oeviufne.ini 2008-03-26 20:38 . 2008-03-26 20:38 92,736 --a------ C:\WINDOWS\system32\ymlrmjrq.dll 2008-03-26 20:35 . 2008-03-26 20:35 90,688 --a------ C:\WINDOWS\system32\beakvwet.dll 2008-03-25 20:23 . 2008-03-26 20:33 1,726,540 ---hs---- C:\WINDOWS\system32\dehtqvji.ini 2008-03-25 20:20 . 2008-03-25 20:20 94,272 --a------ C:\WINDOWS\system32\bwlfcejm.dll 2008-03-25 20:17 . 2008-03-25 20:17 90,688 --a------ C:\WINDOWS\system32\lqumvcpg.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 20:22 --------- d-----w C:\Program Files\Wanadoo 2008-04-11 17:56 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-30 18:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 18:03 --------- d-----w C:\Program Files\Paint Shop Pro 5 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-18 17:45 92,736 ----a-w C:\WINDOWS\system32\ahrsaapm.dll 2008-03-18 17:39 91,200 ----a-w C:\WINDOWS\system32\gujnlsha.dll 2008-03-17 19:36 93,760 ----a-w C:\WINDOWS\system32\djdsyjps.dll 2008-03-17 19:34 91,200 ----a-w C:\WINDOWS\system32\hamyfrfm.dll 2008-03-08 12:24 92,224 ----a-w C:\WINDOWS\system32\ihnflrxy.dll 2008-03-08 12:21 88,640 ----a-w C:\WINDOWS\system32\bpicpleq.dll 2008-03-08 11:24 92,224 ----a-w C:\WINDOWS\system32\ujixtvmr.dll 2008-03-08 11:21 88,640 ----a-w C:\WINDOWS\system32\lkmhopnj.dll 2008-03-07 22:29 90,688 ----a-w C:\WINDOWS\system32\ogfvydvi.dll 2008-03-07 22:27 88,640 ----a-w C:\WINDOWS\system32\wbvkkeqt.dll 2008-03-04 19:23 96,832 ----a-w C:\WINDOWS\system32\xbywunfw.dll 2008-03-04 19:17 91,712 ----a-w C:\WINDOWS\system32\dsemlcel.dll 2008-03-04 18:23 96,832 ----a-w C:\WINDOWS\system32\jbhdbccl.dll 2008-03-04 18:17 91,712 ----a-w C:\WINDOWS\system32\obihrujp.dll 2008-03-02 15:27 89,664 ----a-w C:\WINDOWS\system32\qwukmmcr.dll 2008-03-02 15:21 91,712 ----a-w C:\WINDOWS\system32\sqqjsghm.dll 2008-03-02 14:24 89,664 ----a-w C:\WINDOWS\system32\dithmpga.dll 2008-03-02 14:21 91,712 ----a-w C:\WINDOWS\system32\hvgergkr.dll 2008-02-29 18:47 88,640 ----a-w C:\WINDOWS\system32\fsfphveo.dll 2008-02-29 18:44 91,712 ----a-w C:\WINDOWS\system32\lanhbjkc.dll 2008-02-29 17:47 88,640 ----a-w C:\WINDOWS\system32\botqdgvi.dll 2008-02-29 17:44 91,712 ----a-w C:\WINDOWS\system32\rorvcugq.dll 2008-02-28 19:32 89,664 ----a-w C:\WINDOWS\system32\usgegkaf.dll 2008-02-28 19:29 91,712 ----a-w C:\WINDOWS\system32\triifkpe.dll 2008-02-28 18:32 89,664 ----a-w C:\WINDOWS\system32\cuvirieg.dll 2008-02-28 18:29 91,712 ----a-w C:\WINDOWS\system32\micnbvcn.dll 2008-02-26 18:11 89,152 ----a-w C:\WINDOWS\system32\ijsavhfb.dll 2008-02-26 18:05 91,712 ----a-w C:\WINDOWS\system32\kxlihwdr.dll 2008-02-26 17:11 89,152 ----a-w C:\WINDOWS\system32\rsjpmaja.dll 2008-02-26 17:05 91,712 ----a-w C:\WINDOWS\system32\pdnpodvb.dll 2008-02-26 10:49 89,152 ----a-w C:\WINDOWS\system32\pbgklsdg.dll 2008-02-22 08:58 91,712 ----a-w C:\WINDOWS\system32\hikckcbf.dll 2008-02-21 19:50 93,760 ----a-w C:\WINDOWS\system32\ebrrodhk.dll 2008-02-20 22:29 94,784 ----a-w C:\WINDOWS\system32\vubuvubr.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-19 22:30 89,152 ----a-w C:\WINDOWS\system32\tgpemfgk.dll 2008-02-19 21:30 89,152 ----a-w C:\WINDOWS\system32\ooaiggsi.dll 2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 1999-04-06 13:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL 1998-12-09 03:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 03:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL 1998-12-09 03:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 03:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL 1998-12-09 03:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL 2007-01-03 17:18 22,541 --sh--w C:\WINDOWS\system32\byxuspn.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac7f0ff0-ecf0-47dc-8f44-5896b85a93f1}] 2008-04-05 13:56 89664 --a------ C:\WINDOWS\system32\mxdkrmvj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25 737369] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 18:28 16005120 C:\WINDOWS\RTHDCPL.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-09-16 15:01 557056 C:\WINDOWS\sm56hlpr.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-03-30 16:20 147456] "InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2006-03-17 00:07 93640] "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-02-27 06:31 69632] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 05:36 757760] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 17:50 253952] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768] "j3271633"="C:\WINDOWS\system32\j3271633.dll" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-30 20:35 155648] "fcc238f0"="C:\WINDOWS\system32\lpfarivr.dll" [ ] "BMfff10b6c"="C:\WINDOWS\system32\vglemxby.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-05 14:00 138240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2006-12-27 20:30:02 32807] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588] Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 15:27:42 46080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winepi32] winepi32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\eMule\\eMule.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04] R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2006-12-27 20:30] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-03-25 20:22] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-24 18:46:02 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt "2008-04-24 20:33:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 22:52:58 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-24 22:54:39 ComboFix-quarantined-files.txt 2008-04-24 20:54:05 ComboFix2.txt 2008-04-24 20:49:34 ComboFix3.txt 2008-04-24 20:42:56 Pre-Run: 16,674,066,432 octets libres Post-Run: 16,662,102,016 octets libres . 2008-04-24 19:33:53 --- E O F --- --------------------------------------------------------------------------------------------------------------------------- Voici le script que je pense exécuter via ComboFix : File:: C:\WINDOWS\system32\fxxswjht.dll C:\WINDOWS\system32\vglemxby.dll.bak C:\WINDOWS\system32\xpthwyhv.dll C:\WINDOWS\system32\tsnixobs.dll C:\WINDOWS\system32\kbpmpogk.dll C:\WINDOWS\system32\mxdkrmvj.dll C:\WINDOWS\system32\nvotidob.dll C:\WINDOWS\system32\yjqtmepc.ini C:\WINDOWS\system32\jxxalobn.dll C:\WINDOWS\system32\wuxmveeb.dll C:\WINDOWS\system32\ihglpcll.dll C:\WINDOWS\system32\oswsmdsr.ini C:\WINDOWS\system32\koppjgpc.dll C:\WINDOWS\system32\okiicqse.ini C:\WINDOWS\system32\cjpcxgxg.dll C:\WINDOWS\system32\nbgpsatj.dll C:\WINDOWS\system32\fgluxqbs.ini C:\WINDOWS\system32\rflcxbkr.dll C:\WINDOWS\system32\stxaarbp.dll C:\WINDOWS\system32\rtcitovn.ini C:\WINDOWS\system32\nrwcdjbr.dll C:\WINDOWS\system32\ueuousvo.dll C:\WINDOWS\system32\okewvuvx.ini C:\WINDOWS\system32\tilesuth.dll C:\WINDOWS\system32\jvbhrqtr.dll C:\WINDOWS\system32\jwxwfjmx.ini C:\WINDOWS\system32\aajiwhhe.dll C:\WINDOWS\system32\acklcdop.dll C:\WINDOWS\system32\uxibynih.ini C:\WINDOWS\system32\qubhqbii.dll C:\WINDOWS\system32\rgecuqqk.dll C:\WINDOWS\system32\ibgqeeev.ini C:\WINDOWS\system32\ufuakuyt.dll C:\WINDOWS\system32\vrehdjsq.ini C:\WINDOWS\system32\dcaurtdb.dll C:\WINDOWS\system32\lhmyajfs.dll C:\WINDOWS\system32\oeviufne.ini C:\WINDOWS\system32\ymlrmjrq.dll C:\WINDOWS\system32\beakvwet.dll C:\WINDOWS\system32\dehtqvji.ini C:\WINDOWS\system32\bwlfcejm.dll C:\WINDOWS\system32\lqumvcpg.dll C:\WINDOWS\system32\ahrsaapm.dll C:\WINDOWS\system32\gujnlsha.dll C:\WINDOWS\system32\djdsyjps.dll C:\WINDOWS\system32\hamyfrfm.dll C:\WINDOWS\system32\ihnflrxy.dll C:\WINDOWS\system32\bpicpleq.dll C:\WINDOWS\system32\ujixtvmr.dll C:\WINDOWS\system32\lkmhopnj.dll C:\WINDOWS\system32\ogfvydvi.dll C:\WINDOWS\system32\wbvkkeqt.dll C:\WINDOWS\system32\xbywunfw.dll C:\WINDOWS\system32\dsemlcel.dll C:\WINDOWS\system32\jbhdbccl.dll C:\WINDOWS\system32\obihrujp.dll C:\WINDOWS\system32\qwukmmcr.dll C:\WINDOWS\system32\sqqjsghm.dll C:\WINDOWS\system32\dithmpga.dll C:\WINDOWS\system32\hvgergkr.dll C:\WINDOWS\system32\fsfphveo.dll C:\WINDOWS\system32\lanhbjkc.dll C:\WINDOWS\system32\botqdgvi.dll C:\WINDOWS\system32\rorvcugq.dll C:\WINDOWS\system32\usgegkaf.dll C:\WINDOWS\system32\triifkpe.dll C:\WINDOWS\system32\cuvirieg.dll C:\WINDOWS\system32\micnbvcn.dll C:\WINDOWS\system32\ijsavhfb.dll C:\WINDOWS\system32\kxlihwdr.dll C:\WINDOWS\system32\rsjpmaja.dll C:\WINDOWS\system32\pdnpodvb.dll C:\WINDOWS\system32\pbgklsdg.dll C:\WINDOWS\system32\hikckcbf.dll C:\WINDOWS\system32\ebrrodhk.dll C:\WINDOWS\system32\vubuvubr.dll C:\WINDOWS\system32\gdi32.dll C:\WINDOWS\system32\dllcache\gdi32.dll C:\WINDOWS\system32\dnsrslvr.dll C:\WINDOWS\system32\dllcache\dnsrslvr.dll C:\WINDOWS\system32\dllcache\dnsapi.dll C:\WINDOWS\system32\tgpemfgk.dll C:\WINDOWS\system32\ooaiggsi.dll C:\WINDOWS\system32\wininet.dll C:\WINDOWS\system32\dllcache\wininet.dll C:\WINDOWS\system32\dllcache\urlmon.dll C:\WINDOWS\system32\dllcache\shlwapi.dll C:\WINDOWS\system32\dllcache\shdocvw.dll C:\WINDOWS\system32\dllcache\iedw.exe C:\Program Files\Fichiers communs\IRAABOUT.DLL C:\Program Files\Fichiers communs\IRAMDMTR.DLL C:\Program Files\Fichiers communs\IRALPTTR.DLL C:\Program Files\Fichiers communs\IRAWEBTR.DLL C:\Program Files\Fichiers communs\IRAREG.DLL C:\Program Files\Fichiers communs\IRASRIAL.DLL C:\WINDOWS\system32\byxuspn.dll Folder:: Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac7f0ff0-ecf0-47dc-8f44-5896b85a93f1}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winepi32] --------------------------------------------------------------------------------------------------------------------------- Merci d'avance pour votre collaboration. Parffrap
- le 3 mai 2008
- 3 réponses

Connexion

Parffrap

Compteur de contenus

Inscription

Dernière visite

Profile Information

Autres informations

Parffrap's Achievements

Junior Member (3/12)

Réputation sur la communauté

Fichu Virus Packed Win32 Monder

Fichu Virus Packed Win32 Monder

Zebulon

Outils en ligne

Naviguer