Virus packed.win32.monder.gen
titi89
-
titi89 -
titi89 -
Bonjour,
Voila j'ai un souci depuis ce matin avec un virus !
packed.win32.monder.gen
Je suis sous XP PRO SP2
je n'arrive pas a m'en depatouiller et mon antivirus ne peu pas le supprimer.
J'ai un rapport combofix
MERCI DE ME DONNER UN COUP DE MAIN !!
ComboFix 08-04-22.5 - titi 2008-04-25 8:34:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1467 [GMT 2:00]
Endroit: C:\Documents and Settings\titi\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\system32\BKnWvyay.ini
C:\WINDOWS\system32\BKnWvyay.ini2
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 18:42 . 2008-04-24 18:42 272,384 --------- C:\WINDOWS\system32\yayvWnKB.dll
2008-04-24 18:37 . 2008-04-24 18:37 39,936 --------- C:\WINDOWS\system32\urqPfFxy.dll
2008-04-24 17:03 . 2008-04-24 17:03 <REP> d-------- C:\Program Files\PowerISO
2008-04-23 10:00 . 2008-04-23 10:00 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-04-23 10:00 . 2008-04-23 10:12 <REP> d-------- C:\Documents and Settings\titi\Application Data\FileZilla
2008-04-23 08:28 . 2006-09-05 12:28 38,480 --------- C:\WINDOWS\system32\IJRMF.exe
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 15:38 . 2008-04-22 15:38 <REP> d-------- C:\Program Files\PowerQuest
2008-04-22 15:14 . 2008-04-24 16:57 <REP> d-------- C:\Documents and Settings\titi\Shared
2008-04-22 15:14 . 2008-04-24 22:26 <REP> d-------- C:\Documents and Settings\titi\Incomplete
2008-04-22 15:14 . 2008-04-24 16:16 <REP> d-------- C:\Documents and Settings\titi\Application Data\LimeWire
2008-04-22 14:18 . 2008-04-22 14:18 <REP> d-------- C:\WINDOWS\system32\VIRepair
2008-04-22 14:14 . 2008-04-22 14:19 <REP> d-------- C:\WINDOWS\system32\VITrans
2008-04-22 14:13 . 2008-04-22 14:14 <REP> d-------- C:\VTPFiles
2008-04-22 14:13 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-04-22 14:13 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-04-22 14:13 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-04-22 10:58 . 2008-04-22 10:58 <REP> d-------- C:\Poker
2008-04-22 10:46 . 2008-04-22 10:46 <REP> d-------- C:\Documents and Settings\titi\Application Data\Sony Corporation
2008-04-22 10:41 . 2008-04-22 10:41 <REP> d-------- C:\Program Files\Sony
2008-04-22 10:04 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-22 10:04 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-22 10:04 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-22 09:55 . 2008-04-22 09:55 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-22 09:51 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 09:51 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 09:51 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 09:51 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 09:51 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 09:51 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 09:51 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 09:51 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 09:51 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-22 09:51 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 09:40 . 2007-07-09 15:19 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-22 09:34 . 2008-04-23 06:04 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 09:31 . 2008-04-22 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-22 09:17 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-22 09:17 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-22 09:08 . 2008-04-22 09:08 <REP> d-------- C:\Program Files\Bonjour
2008-04-22 08:57 . 2008-04-22 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-22 08:52 . 2008-04-24 08:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-22 08:51 . 2008-04-22 08:51 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-22 08:38 . 2008-04-22 08:38 <REP> d-------- C:\Documents and Settings\titi\Application Data\DAEMON Tools
2008-04-22 08:38 . 2008-04-22 08:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-22 08:29 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-04-22 08:29 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-04-22 08:29 . 2005-01-28 01:49 111 --a------ C:\WINDOWS\system32\winx.url
2008-04-22 08:28 . 2008-04-22 08:02 212 -rahs---- C:\BOOT.BKK
2008-04-22 08:27 . 2008-04-22 08:27 <REP> d-------- C:\Program Files\TGTSoft
2008-04-22 08:13 . 2008-04-22 08:13 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\temp\ext18866
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\temp
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-22 08:08 . 2008-04-22 08:08 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-04-22 08:02 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\provisioning
2008-04-22 08:02 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\peernet
2008-04-22 08:02 . 2008-04-22 08:08 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-22 08:02 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-22 08:00 . 2008-04-22 08:00 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-22 07:57 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 07:56 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\EHome
2008-04-22 07:48 . 2001-08-23 13:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-04-22 07:48 . 2001-08-28 14:00 37,228 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-04-22 07:48 . 2001-08-23 13:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-04-22 07:48 . 2008-04-22 07:48 12,922 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 18:49 . 2008-04-21 18:49 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-21 17:53 . 2008-04-23 06:02 <REP> d-------- C:\Program Files\Google
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Program Files\WinFax eXPert
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Program Files\Avanquest update
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-21 17:10 . 2008-04-21 17:53 <REP> d-------- C:\Program Files\Java
2008-04-21 17:10 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-21 17:09 . 2008-04-21 17:10 <REP> d-------- C:\Program Files\LimeWire
2008-04-21 17:09 . 2008-04-21 17:09 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-21 17:06 . 2008-04-21 17:06 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-21 16:17 . 2006-11-06 18:04 28,672 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-04-21 16:17 . 2006-11-06 18:04 28,672 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-04-21 16:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-21 16:12 . 2008-04-21 16:12 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-21 16:11 . 2008-04-21 16:13 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-21 16:09 . 2008-04-21 16:09 <REP> dr-h----- C:\MSOCache
2008-04-21 16:06 . 2008-04-21 16:06 <REP> d-------- C:\Program Files\FileZilla
2008-04-21 15:42 . 2002-08-20 14:58 139,264 --a------ C:\WINDOWS\system32\IDEproperty.dll
2008-04-21 15:42 . 2002-10-17 15:14 49,024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys
2008-04-21 15:42 . 2002-08-20 17:19 9,472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys
2008-04-21 15:42 . 2003-03-25 17:50 4,096 --a------ C:\WINDOWS\system32\drivers\siside.sys
2008-04-21 15:40 . 2008-04-21 15:40 <REP> d-------- C:\Program Files\CONEXANT
2008-04-21 15:40 . 2006-03-03 10:39 1,035,008 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-04-21 15:40 . 2006-03-03 10:39 718,464 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-04-21 15:40 . 2006-03-03 10:39 244,480 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-04-21 15:40 . 2006-03-03 10:39 133,323 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-04-21 15:40 . 2006-03-03 10:39 110,592 --a------ C:\WINDOWS\system32\uci32100.dll
2008-04-21 15:40 . 2006-03-03 10:39 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-04-21 15:40 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-04-21 15:40 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-04-21 15:40 . 2006-03-03 10:39 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-04-21 15:30 . 2008-04-21 15:30 <REP> d-------- C:\9c71c022ea2841f6880f6f9f9f
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\titi\Application Data\ScanSoft
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-21 15:24 . 2008-04-21 15:24 416 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-21 15:23 . 2008-04-21 15:23 <REP> d-------- C:\Program Files\ScanSoft
2008-04-21 15:22 . 2008-04-21 15:22 <REP> d-------- C:\Program Files\ArcSoft
2008-04-21 15:22 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-21 15:22 . 2003-09-18 14:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-21 15:22 . 2003-09-18 14:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-21 15:22 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-21 15:22 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\Program Files\CanonBJ
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-21 15:21 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-04-21 15:20 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-21 15:19 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-21 15:18 . 2008-04-21 15:25 <REP> d-------- C:\Program Files\Canon
2008-04-21 15:18 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-21 15:05 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Program Files\C-Media
2008-04-21 14:56 . 2008-04-21 15:49 25 --a------ C:\WINDOWS\mixerdef.ini
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\WINDOWS\OPTIONS
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\Program Files\Realtek
2008-04-21 14:51 . 2008-04-22 15:38 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\Documents and Settings\titi\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 06:43 --------- d-----w C:\Program Files\Wanadoo
2008-04-21 13:51 --------- d-----w C:\Documents and Settings\titi\Application Data\ma-config.com
2008-04-21 11:29 --------- d-----w C:\Program Files\ma-config.com
2008-04-21 09:57 --------- d-----w C:\Program Files\Wanadoo Messager
2008-04-21 09:50 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-04-21 09:46 --------- d-----w C:\Program Files\Inventel
2008-04-21 09:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 09:32 --------- d-----w C:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{501A8F7C-3A8E-4A91-8192-4CF0DB8AC572}]
2008-04-24 18:42 272384 --------- C:\WINDOWS\system32\yayvWnKB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
2008-04-24 18:37 39936 --------- C:\WINDOWS\system32\urqPfFxy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07 1289000]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"C-Media Mixer"="Mixer.exe" [2003-03-20 14:21 1855488 C:\WINDOWS\mixer.exe]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\urqPfFxy.dll [2008-04-24 18:37 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfFxy]
urqPfFxy.dll 2008-04-24 18:37 39936 C:\WINDOWS\system32\urqPfFxy.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"= C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\program\\fspex.exe
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-21 12:15]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-21 12:43]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 BvrpKrnl;BvrpKrnl;C:\Program Files\WinFax eXPert\BVRPKrnl.exe [2007-01-05 11:23]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 04:02:39 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 08:41:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\urqPfFxy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\Anti-Spyware\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 8:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 06:49:50
Pre-Run: 145,508,589,568 octets libres
Post-Run: 146,988,814,336 octets libres
259 --- E O F --- 2008-04-23 05:14:42
Voila j'ai un souci depuis ce matin avec un virus !
packed.win32.monder.gen
Je suis sous XP PRO SP2
je n'arrive pas a m'en depatouiller et mon antivirus ne peu pas le supprimer.
J'ai un rapport combofix
MERCI DE ME DONNER UN COUP DE MAIN !!
ComboFix 08-04-22.5 - titi 2008-04-25 8:34:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1467 [GMT 2:00]
Endroit: C:\Documents and Settings\titi\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\system32\BKnWvyay.ini
C:\WINDOWS\system32\BKnWvyay.ini2
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 18:42 . 2008-04-24 18:42 272,384 --------- C:\WINDOWS\system32\yayvWnKB.dll
2008-04-24 18:37 . 2008-04-24 18:37 39,936 --------- C:\WINDOWS\system32\urqPfFxy.dll
2008-04-24 17:03 . 2008-04-24 17:03 <REP> d-------- C:\Program Files\PowerISO
2008-04-23 10:00 . 2008-04-23 10:00 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-04-23 10:00 . 2008-04-23 10:12 <REP> d-------- C:\Documents and Settings\titi\Application Data\FileZilla
2008-04-23 08:28 . 2006-09-05 12:28 38,480 --------- C:\WINDOWS\system32\IJRMF.exe
2008-04-23 07:47 . 2008-04-23 07:47 <REP> d-------- C:\WINDOWS\Sun
2008-04-22 15:38 . 2008-04-22 15:38 <REP> d-------- C:\Program Files\PowerQuest
2008-04-22 15:14 . 2008-04-24 16:57 <REP> d-------- C:\Documents and Settings\titi\Shared
2008-04-22 15:14 . 2008-04-24 22:26 <REP> d-------- C:\Documents and Settings\titi\Incomplete
2008-04-22 15:14 . 2008-04-24 16:16 <REP> d-------- C:\Documents and Settings\titi\Application Data\LimeWire
2008-04-22 14:18 . 2008-04-22 14:18 <REP> d-------- C:\WINDOWS\system32\VIRepair
2008-04-22 14:14 . 2008-04-22 14:19 <REP> d-------- C:\WINDOWS\system32\VITrans
2008-04-22 14:13 . 2008-04-22 14:14 <REP> d-------- C:\VTPFiles
2008-04-22 14:13 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-04-22 14:13 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-04-22 14:13 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-04-22 10:58 . 2008-04-22 10:58 <REP> d-------- C:\Poker
2008-04-22 10:46 . 2008-04-22 10:46 <REP> d-------- C:\Documents and Settings\titi\Application Data\Sony Corporation
2008-04-22 10:41 . 2008-04-22 10:41 <REP> d-------- C:\Program Files\Sony
2008-04-22 10:04 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-22 10:04 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-22 10:04 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-22 09:55 . 2008-04-22 09:55 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-22 09:51 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 09:51 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 09:51 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 09:51 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 09:51 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 09:51 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 09:51 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 09:51 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 09:51 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-22 09:51 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 09:40 . 2007-07-09 15:19 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-22 09:34 . 2008-04-23 06:04 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 09:31 . 2008-04-22 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-22 09:17 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-22 09:17 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-22 09:08 . 2008-04-22 09:08 <REP> d-------- C:\Program Files\Bonjour
2008-04-22 08:57 . 2008-04-22 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-22 08:52 . 2008-04-24 08:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-22 08:51 . 2008-04-22 08:51 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-22 08:38 . 2008-04-22 08:38 <REP> d-------- C:\Documents and Settings\titi\Application Data\DAEMON Tools
2008-04-22 08:38 . 2008-04-22 08:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-22 08:29 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-04-22 08:29 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-04-22 08:29 . 2005-01-28 01:49 111 --a------ C:\WINDOWS\system32\winx.url
2008-04-22 08:28 . 2008-04-22 08:02 212 -rahs---- C:\BOOT.BKK
2008-04-22 08:27 . 2008-04-22 08:27 <REP> d-------- C:\Program Files\TGTSoft
2008-04-22 08:13 . 2008-04-22 08:13 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\temp\ext18866
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\temp
2008-04-22 08:11 . 2008-04-22 08:11 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-22 08:08 . 2008-04-22 08:08 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-04-22 08:02 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\provisioning
2008-04-22 08:02 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\peernet
2008-04-22 08:02 . 2008-04-22 08:08 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-22 08:02 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-22 08:00 . 2008-04-22 08:00 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-22 07:57 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 07:56 . 2008-04-22 08:02 <REP> d-------- C:\WINDOWS\EHome
2008-04-22 07:48 . 2001-08-23 13:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-04-22 07:48 . 2001-08-28 14:00 37,228 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-04-22 07:48 . 2001-08-23 13:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-04-22 07:48 . 2008-04-22 07:48 12,922 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 18:49 . 2008-04-21 18:49 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-21 17:53 . 2008-04-23 06:02 <REP> d-------- C:\Program Files\Google
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Program Files\WinFax eXPert
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Program Files\Avanquest update
2008-04-21 17:18 . 2008-04-21 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-21 17:10 . 2008-04-21 17:53 <REP> d-------- C:\Program Files\Java
2008-04-21 17:10 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-21 17:09 . 2008-04-21 17:10 <REP> d-------- C:\Program Files\LimeWire
2008-04-21 17:09 . 2008-04-21 17:09 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-21 17:06 . 2008-04-21 17:06 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-21 16:17 . 2006-11-06 18:04 28,672 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-04-21 16:17 . 2006-11-06 18:04 28,672 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-04-21 16:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-21 16:12 . 2008-04-21 16:12 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-21 16:11 . 2008-04-21 16:13 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-21 16:09 . 2008-04-21 16:09 <REP> dr-h----- C:\MSOCache
2008-04-21 16:06 . 2008-04-21 16:06 <REP> d-------- C:\Program Files\FileZilla
2008-04-21 15:42 . 2002-08-20 14:58 139,264 --a------ C:\WINDOWS\system32\IDEproperty.dll
2008-04-21 15:42 . 2002-10-17 15:14 49,024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys
2008-04-21 15:42 . 2002-08-20 17:19 9,472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys
2008-04-21 15:42 . 2003-03-25 17:50 4,096 --a------ C:\WINDOWS\system32\drivers\siside.sys
2008-04-21 15:40 . 2008-04-21 15:40 <REP> d-------- C:\Program Files\CONEXANT
2008-04-21 15:40 . 2006-03-03 10:39 1,035,008 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-04-21 15:40 . 2006-03-03 10:39 718,464 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-04-21 15:40 . 2006-03-03 10:39 244,480 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-04-21 15:40 . 2006-03-03 10:39 133,323 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-04-21 15:40 . 2006-03-03 10:39 110,592 --a------ C:\WINDOWS\system32\uci32100.dll
2008-04-21 15:40 . 2006-03-03 10:39 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-04-21 15:40 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-04-21 15:40 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-04-21 15:40 . 2006-03-03 10:39 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-04-21 15:30 . 2008-04-21 15:30 <REP> d-------- C:\9c71c022ea2841f6880f6f9f9f
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\titi\Application Data\ScanSoft
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-21 15:24 . 2008-04-21 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-21 15:24 . 2008-04-21 15:24 416 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-21 15:23 . 2008-04-21 15:23 <REP> d-------- C:\Program Files\ScanSoft
2008-04-21 15:22 . 2008-04-21 15:22 <REP> d-------- C:\Program Files\ArcSoft
2008-04-21 15:22 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-21 15:22 . 2003-09-18 14:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-21 15:22 . 2003-09-18 14:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-21 15:22 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-21 15:22 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\Program Files\CanonBJ
2008-04-21 15:21 . 2008-04-21 15:21 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-21 15:21 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-04-21 15:20 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-21 15:19 . 2004-08-04 07:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-21 15:18 . 2008-04-21 15:25 <REP> d-------- C:\Program Files\Canon
2008-04-21 15:18 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-21 15:05 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Program Files\C-Media
2008-04-21 14:56 . 2008-04-21 15:49 25 --a------ C:\WINDOWS\mixerdef.ini
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\WINDOWS\OPTIONS
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\Program Files\Realtek
2008-04-21 14:51 . 2008-04-22 15:38 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:51 . 2008-04-21 14:51 <REP> d-------- C:\Documents and Settings\titi\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 06:43 --------- d-----w C:\Program Files\Wanadoo
2008-04-21 13:51 --------- d-----w C:\Documents and Settings\titi\Application Data\ma-config.com
2008-04-21 11:29 --------- d-----w C:\Program Files\ma-config.com
2008-04-21 09:57 --------- d-----w C:\Program Files\Wanadoo Messager
2008-04-21 09:50 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-04-21 09:46 --------- d-----w C:\Program Files\Inventel
2008-04-21 09:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 09:32 --------- d-----w C:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{501A8F7C-3A8E-4A91-8192-4CF0DB8AC572}]
2008-04-24 18:42 272384 --------- C:\WINDOWS\system32\yayvWnKB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
2008-04-24 18:37 39936 --------- C:\WINDOWS\system32\urqPfFxy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07 1289000]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"C-Media Mixer"="Mixer.exe" [2003-03-20 14:21 1855488 C:\WINDOWS\mixer.exe]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\urqPfFxy.dll [2008-04-24 18:37 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfFxy]
urqPfFxy.dll 2008-04-24 18:37 39936 C:\WINDOWS\system32\urqPfFxy.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"= C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\program\\fspex.exe
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-21 12:15]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-21 12:43]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 BvrpKrnl;BvrpKrnl;C:\Program Files\WinFax eXPert\BVRPKrnl.exe [2007-01-05 11:23]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 04:02:39 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 08:41:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\urqPfFxy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\Anti-Spyware\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 8:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 06:49:50
Pre-Run: 145,508,589,568 octets libres
Post-Run: 146,988,814,336 octets libres
259 --- E O F --- 2008-04-23 05:14:42
A voir également:
- Virus packed.win32.monder.gen
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
2°- Double-cliquer sur OTMoveIt.exe pour le lancer.
(La case Unregister Dll's and OCX's doit être cochée.)
3°- Dans le cadre supérieur gauche de OTMoveIt2 : "Paste standard List of Files/Folders to be moved", faire un copier/coller de cette liste en gras:
C:/WINDOWS/SYSTEM32/EFCDWNHE.dll
4°- Attention (La case Unregister Dll's and OCX's doit être cochée.)
Clique sur MoveIt! pour lancer la suppression.
-le résultat apparaitra dans le cadre "Results".
-clique sur "Exit" pour fermer.
5°- Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
Si c'est le cas accepte par Yes.
6°- Le rapport se trouve en C:\_OTMoveIt\MovedFiles; tu ouvres le dossier et tu trouveras le rapport à poster.
"invalid time flag [EFCDWNHE.dll ] must be numerical"