Voici le rapport de Combofix
ComboFix 07-11-07.3 - HALIMA 2007-11-07 16:15:14.1 - NTFSx86
Running from: C:\Documents and Settings\HALIMA\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-07 to 2007-11-07 ))))))))))))))))))))))))))))))))))))
.
2007-11-07 16:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:49 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-07 11:39 <REP> d-------- C:\Documents and Settings\HALIMA\Application Data\Apple Computer
2007-11-07 11:38 <REP> d-------- C:\Program Files\iTunes
2007-11-07 11:38 <REP> d-------- C:\Program Files\iPod
2007-11-07 11:37 <REP> d-------- C:\Program Files\QuickTime
2007-11-07 11:37 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-07 11:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-07 11:36 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-11-07 11:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-07 00:01 81,472 --a------ C:\WINDOWS\system32\xhvmkwpg.dll
2007-11-06 23:03 <REP> d-------- C:\Documents and Settings\HALIMA\.housecall6.6
2007-11-06 22:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-06 22:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-06 22:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-06 22:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-06 13:58 <REP> d-------- C:\VundoFix Backups
2007-11-06 13:55 <REP> d-------- C:\Program Files\Trend Micro
2007-11-06 10:54 87,104 --a------ C:\WINDOWS\system32\krlfwmfx.dll
2007-11-06 10:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-06 10:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-05 17:27 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-11-05 17:27 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-11-05 17:27 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-11-05 17:27 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-11-05 17:27 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-11-05 17:27 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-11-05 17:26 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-11-05 17:26 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-11-05 17:26 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-11-05 17:26 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-11-05 17:26 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-11-05 17:26 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-11-05 17:26 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-11-05 17:26 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-11-05 17:25 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-05 17:25 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-05 17:23 <REP> d-------- C:\Program Files\Philips
2007-11-05 17:23 147,456 --a------ C:\WINDOWS\VMCap.exe
2007-11-05 17:23 91,527 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-11-05 17:23 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-11-05 17:23 53,248 --a------ C:\WINDOWS\amcap.exe
2007-11-05 17:23 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2007-11-05 17:12 <REP> d-------- C:\Program Files\Windows Live
2007-11-05 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-05 15:25 <REP> d-------- C:\Documents and Settings\HALIMA\Application Data\Earthsim
2007-11-05 15:09 <REP> d-------- C:\Documents and Settings\HALIMA\Application Data\ATI
2007-11-05 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-11-05 15:07 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-05 15:01 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-11-05 14:38 32,768 --a--c--- C:\WINDOWS\system32\dllcache\ativtmxx.dll
2007-11-05 14:38 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-11-05 14:17 <REP> d-------- C:\WINDOWS\pss
2007-11-05 13:35 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-11-01 22:06 45 ---h----- C:\WINDOWS\dsez2342.dat
2007-11-01 22:05 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-11-01 21:17 <REP> d--h----- C:\WINDOWS\PIF
2007-10-31 12:41 <REP> d-------- C:\Program Files\Google
2007-10-31 12:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-31 12:21 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-10-31 12:21 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-10-31 12:21 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-10-31 12:21 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-10-31 12:21 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-10-31 12:13 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-31 12:07 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-31 12:07 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-31 12:07 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-31 11:29 <REP> d-------- C:\Program Files\Lavasoft
2007-10-31 11:29 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-31 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-30 14:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-30 14:52 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-10-30 14:45 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
2007-10-30 14:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-10-30 14:25 <REP> d-------- C:\Program Files\Windows Media Player 11
2007-10-30 13:46 <REP> d-------- C:\Documents and Settings\HALIMA\Application Data\Media Player Classic
2007-10-30 13:42 <REP> d-------- C:\WINDOWS\Sun
2007-10-30 13:41 <REP> d-------- C:\Program Files\Java
2007-10-30 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-30 13:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-30 12:34 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-10-30 12:34 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-10-30 12:34 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-10-30 12:34 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-10-30 12:34 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-10-30 12:34 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-10-30 12:34 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-10-30 12:34 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-10-30 01:17 <REP> d-------- C:\Program Files\DivX
2007-10-30 00:58 <REP> d-------- C:\Program Files\adslTV
2007-10-30 00:58 <REP> d-------- C:\Documents and Settings\HALIMA\Application Data\vlc
2007-10-30 00:26 <REP> d-------- C:\Program Files\CCleaner
2007-10-30 00:23 <REP> d-------- C:\WINDOWS\system32\Lang
2007-10-30 00:19 <REP> d-------- C:\WINDOWS\system32\RTCOM
2007-10-30 00:19 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-30 00:19 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 23:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-29 19:03 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 19:00 --------- d-----w C:\Program Files\Services en ligne
2007-10-29 18:59 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-29 18:53 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-29 18:53 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f25cc24c-b7d0-45c8-97c3-5cfb4b06bf04}]
2007-11-07 00:01 81472 --a------ C:\WINDOWS\system32\xhvmkwpg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Updeta"="dyvhkp.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-29 22:29]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"1465c3cf"="C:\WINDOWS\system32\krlfwmfx.dll" [2007-11-06 10:54]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"Microsoft Windows Updeta"="dyvhkp.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 12:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Windows Updeta"=dyvhkp.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Windows Updeta"=dyvhkp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin200.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin200.exe.lnk
backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-07 10:37:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 16:20:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-07 16:21:18 - machine was rebooted
.
--- E O F ---
C windows system32 config system
