rapport combofix
ComboFix 07-10-26.4 - Administrateur 2007-10-28 1:23:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1450 [GMT 2:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Application Data\BestsellerAntivirus
C:\Documents and Settings\Administrateur\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Administrateur\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Administrateur\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Administrateur\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Program Files\BestsellerAntivirus
C:\Program Files\BestsellerAntivirus\Engines(2)\AWBase(2)\database(2)\enemies.dat
C:\Program Files\BestsellerAntivirus\Engines(2)\AWBase(2)\vbpv.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\mcroso~1
C:\WINDOWS\mcroso~1\M?crosoft\
C:\WINDOWS\system32\__c00B9652.dat
C:\WINDOWS\system32\__c00BE84.dat
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\mjbpxmwj.dll
C:\WINDOWS\system32\osjmjvlc.dllbox
C:\WINDOWS\system32\oyqhywji.dllbox
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))))))))
.
2007-10-28 01:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 01:03 83,520 --a------ C:\WINDOWS\system32\pehhfclq.dll
2007-10-28 00:58 10,816 --a------ C:\WINDOWS\system32\swecgeuv.dll
2007-10-27 23:26 10,816 --a------ C:\WINDOWS\system32\cywrkcjh.dll
2007-10-27 21:40 10,816 --a------ C:\WINDOWS\system32\fcaeqlwp.dll
2007-10-27 21:13 83,520 --a------ C:\WINDOWS\system32\qmtotdkg.dll
2007-10-27 21:08 10,816 --a------ C:\WINDOWS\system32\eeqqmnhm.dll
2007-10-27 16:36 155 --a------ C:\WINDOWS\system32\EPFRM3.DAT
2007-10-27 15:24 20,336 --a------ C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-10-27 15:23 10,816 --a------ C:\WINDOWS\system32\ycmrvsji.dll
2007-10-27 09:50 <REP> d-------- C:\Program Files\Fichiers communs\EPSON
2007-10-27 09:50 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-10-27 09:50 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-10-27 09:50 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2007-10-27 09:50 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-10-27 09:50 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2007-10-27 09:48 <REP> d-------- C:\Program Files\EPSON
2007-10-27 09:48 68,748 --a------ C:\WINDOWS\system32\E_SL2357.DLL
2007-10-27 09:48 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-27 09:48 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-27 09:48 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-10-27 09:42 83,520 --a------ C:\WINDOWS\system32\agtttafq.dll
2007-10-27 09:39 10,816 --a------ C:\WINDOWS\system32\dmuflbvf.dll
2007-10-27 00:28 10,816 --a------ C:\WINDOWS\system32\aqeouxcu.dll
2007-10-26 21:26 86,592 --a------ C:\WINDOWS\system32\phqsajfo.dll
2007-10-26 21:19 10,816 --a------ C:\WINDOWS\system32\pbjywbud.dll
2007-10-26 15:56 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-26 15:51 10,816 --a------ C:\WINDOWS\system32\sxdjlqke.dll
2007-10-26 15:48 10,816 --a------ C:\WINDOWS\system32\kmsubugg.dll
2007-10-26 14:49 10,816 --a------ C:\WINDOWS\system32\xrmgsnvt.dll
2007-10-25 21:23 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-25 21:23 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-25 21:22 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-25 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-25 21:22 4,734,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-25 21:22 61,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-25 20:53 <REP> d-------- C:\kav
2007-10-25 15:54 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-25 14:50 10,816 --a------ C:\WINDOWS\system32\uticgwrf.dll
2007-10-24 23:26 <REP> d-------- C:\Program Files\Trend Micro
2007-10-24 22:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-24 22:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-24 22:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-24 22:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-24 22:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-24 22:09 2,256 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-24 22:05 <REP> d-------- C:\Program Files\Sunbelt Software
2007-10-24 20:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-24 20:44 <REP> d-------- C:\Program Files\Spyware Doctor
2007-10-24 20:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2007-10-24 20:44 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-24 20:44 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-24 20:44 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-24 20:44 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-24 20:44 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-24 17:03 <REP> d-------- C:\Program Files\Spyware Doctor(2)
2007-10-24 14:32 <REP> d-------- C:\WINDOWS\KXEN4PUB0DUZGXEN
2007-10-24 14:27 <REP> d-------- C:\Program Files\SPYWAREfighter
2007-10-23 21:40 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2007-10-23 19:25 <REP> d-------- C:\VundoFix Backups
2007-10-23 19:15 <REP> d-------- C:\Program Files\Enigma Software Group
2007-10-23 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-10-23 19:07 <REP> d-------- C:\Program Files\Java
2007-10-23 19:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-23 19:02 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2007-10-23 18:47 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-23 18:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simple Star
2007-10-23 18:40 290,816 --a------ C:\WINDOWS\Nero PhotoShow.scr
2007-10-23 18:40 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-23 18:40 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-10-23 18:39 <REP> d-------- C:\Program Files\Fichiers communs\Simple Star Shared
2007-10-23 18:34 <REP> d-------- C:\Program Files\Alcohol Soft
2007-10-23 18:34 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-10-23 18:34 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-10-23 16:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2007-10-23 16:53 <REP> d-------- C:\Program Files\Nero
2007-10-23 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-23 16:47 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-23 16:34 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-10-23 16:28 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-23 16:28 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-23 16:27 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-10-23 16:27 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-10-23 16:27 <REP> dr------- C:\Program Files
2007-10-23 16:26 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2007-10-23 16:26 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2007-10-23 16:26 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2007-10-23 16:26 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2007-10-23 16:26 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2007-10-23 16:26 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2007-10-23 16:26 <REP> dr------- C:\Documents and Settings\All Users\Documents
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2007-10-23 16:26 <REP> d-------- C:\Documents and Settings
2007-10-23 16:23 <REP> d-------- C:\WINDOWS\ShellNew
2007-10-23 16:17 <REP> d-------- C:\Program Files\Alwil Software
2007-10-23 16:14 <REP> d-------- C:\Program Files\MSN Messenger
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 23:28 7,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-27 23:28 65,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 20:41 12,796 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-23 13:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ATI
2007-10-23 13:49 --------- d-----w C:\Program Files\ATI Technologies
2007-10-23 13:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-23 13:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 13:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-23 13:39 --------- d-----w C:\Program Files\Realtek
2007-10-23 13:39 --------- d-----w C:\Program Files\DIFX
2007-10-23 13:37 --------- d-----w C:\Program Files\Intel
2007-10-23 13:31 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-23 13:30 --------- d-----w C:\Program Files\Services en ligne
2007-10-23 13:30 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 15:51 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 C:\WINDOWS\RTHDCPL.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 21:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-03 22:21]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"NWEReboot"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"00a69bd1"="C:\WINDOWS\system32\pehhfclq.dll" [2007-10-28 01:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" []
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-01-13 23:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-11-03 22:21:28]
EPSON Status Monitor 3 Environment Check(2).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-10-27 09:50:04]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\osjmjvlc]
osjmjvlc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-28 01:29:54
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 1:30:32 - machine was rebooted
.
--- E O F ---
ah bon sur ta boite perso ? pourquoi pas sur le forum ?