Voici le rapport :
ComboFix 08-09-14.06 - Administrateur 2008-09-15 17:41:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.618 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\updates\webmediasDB.upd
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\blphc7wwj0ec7e.scr
C:\WINDOWS\system32\lphc7wwj0ec7e.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\okgwiiy.dat
C:\WINDOWS\system32\okgwiiy.exe
C:\WINDOWS\system32\okgwiiy_nav.dat
C:\WINDOWS\system32\okgwiiy_navps.dat
C:\WINDOWS\system32\phc7wwj0ec7e.bmp
C:\WINDOWS\system32\tdssl.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 15:16 . 2008-09-15 15:16 <REP> d-------- C:\Program Files\Trend Micro
2008-09-15 14:27 . 2008-09-15 17:42 4,932,486 --a------ C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20051102}.BAK
2008-09-15 14:06 . 2008-09-15 14:30 3,388 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-15 14:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-15 14:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-15 14:05 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-15 14:05 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-15 14:05 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-15 14:05 . 2008-09-14 18:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-15 14:05 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-15 14:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-15 14:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-15 14:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-14 16:52 . 2008-09-14 16:52 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 16:52 . 2008-09-14 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 16:52 . 2008-09-14 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-14 16:52 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 16:52 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-13 20:55 . 2008-09-14 15:51 <REP> d-------- C:\Downloads
2008-09-13 20:53 . 2008-09-15 14:18 <REP> d-------- C:\Program Files\FlashGet
2008-08-21 16:38 . 2008-09-14 16:51 <REP> d-------- C:\[Download]
2008-08-21 16:35 . 2008-09-15 14:18 <REP> d-------- C:\Program Files\Universal Share Downloader
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 15:44 223,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-15 15:44 18,687,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-15 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-15 15:38 258,980 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-15 15:38 25,820 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-06 16:39 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-29 10:38 --------- d-----w C:\Program Files\PhotoFiltre
2008-07-27 18:55 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-20 50176]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"CTHelper"="CTHELPER.EXE" [2007-04-09 C:\WINDOWS\system32\CtHelper.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMS"="C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]
"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 C:\WINDOWS\MIDIDEF.EXE]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-14 12:58 3977128 C:\Program Files\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2005-11-22 352896]
R2 Zetera;Zetera;C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe [2006-01-06 69632]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-01-08 795616]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2006-01-05 14080]
S0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2006-01-05 11776]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 350282]
S3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2006-01-05 4608]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\NCR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff88787-e461-11dc-a379-0030f1de93ac}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-RecordNow! - (no file)
HKLM-Run-okgwiiy - c:\windows\system32\okgwiiy.exe
HKLM-Run-lphc7wwj0ec7e - C:\WINDOWS\system32\lphc7wwj0ec7e.exe
HKLM-Run-inrhc3wwj0ec7e - C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt15F.tmp.exe
HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\37oulbap.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 17:44:40
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGIE.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
.
Heure de fin: 2008-09-15 17:46:08
ComboFix-quarantined-files.txt 2008-09-15 15:46:05
Avant-CF: 61,349,871,616 octets libres
AprŠs-CF: 62,563,500,032 octets libres
185 --- E O F --- 2008-04-13 14:18:58
Antivirus gratuit
