Aller au contenu

advitameternam

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Female
  • Localisation
    france

Autres informations

  • Mes langues
    francais

advitameternam's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. advitameternam
    Bonjour, Après formatage et reformatage je vous envoi deux fichier un hijackthis et un combofix apres formatage et install de windows avec nlite tout va bien. Je recopie les données tout va bien et au bout de quelques heures l'ordi rame beaucoup trop Merci de votre aide chris rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:28:48, on 05/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service - Unknown owner - F:\utilitaires\Ad-Aware2007Portable\aawservice.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4767 bytes rapport combofix ComboFix 09-09-04.02 - jean-pierre 05/09/2009 19:13.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1007.709 [GMT 2:00] Running from: c:\documents and settings\jean-pierre\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))))) . 2009-09-05 09:19 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-05 09:16 . 2009-09-05 12:38 -------- d-----w- c:\windows\system32\HouseCall 6.6 2009-09-03 22:51 . 2009-09-03 22:51 -------- d-sh--w- c:\documents and settings\jean-pierre\IECompatCache 2009-09-03 21:10 . 2009-09-03 21:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-09-03 07:27 . 2009-09-03 07:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-03 07:27 . 2009-09-05 12:44 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\skypePM 2009-09-03 07:25 . 2009-09-05 17:21 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Skype 2009-09-03 07:25 . 2009-09-03 07:25 -------- d-----w- c:\program files\Fichiers communs\Skype 2009-09-03 07:24 . 2009-09-03 22:48 -------- d-----r- c:\program files\Skype 2009-09-03 07:24 . 2009-09-03 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-02 15:26 . 2009-09-02 15:26 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Adobe 2009-09-02 15:24 . 2009-09-02 15:25 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-09-02 15:15 . 2009-09-02 15:16 -------- d-----w- c:\program files\PhotoFiltre 2009-09-02 15:11 . 2009-09-02 15:11 -------- d-sh--w- c:\documents and settings\jean-pierre\PrivacIE 2009-09-02 15:07 . 2009-09-02 15:07 -------- d-sh--w- c:\documents and settings\jean-pierre\IETldCache 2009-09-02 15:05 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-02 15:05 . 2009-09-02 15:06 -------- d-----w- c:\windows\ie8updates 2009-09-02 15:05 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-02 15:05 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-02 15:05 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-02 15:05 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-02 15:05 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-02 15:05 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-02 15:02 . 2009-09-02 15:05 -------- dc-h--w- c:\windows\ie8 2009-09-02 14:58 . 2009-09-02 14:58 -------- d-----w- c:\program files\Microsoft Works 2009-09-02 14:52 . 2009-09-02 15:00 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-09-02 14:51 . 2009-09-02 14:52 -------- d-----w- c:\windows\SHELLNEW 2009-09-02 14:51 . 2009-09-02 14:51 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Microsoft Help 2009-09-02 14:50 . 2009-09-02 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-02 14:49 . 2009-09-02 14:49 -------- d--h--r- C:\MSOCache 2009-09-02 14:44 . 2009-09-02 14:44 -------- d-----w- c:\program files\Elaborate Bytes 2009-09-02 10:51 . 2009-09-02 10:51 -------- d-----w- c:\windows\srchasst 2009-09-02 10:20 . 2009-09-02 15:04 -------- d-----w- c:\windows\system32\fr-fr 2009-09-02 10:20 . 2009-09-02 14:31 -------- d-----w- c:\windows\system32\fr 2009-09-02 10:20 . 2009-09-02 14:29 -------- d-----w- c:\windows\l2schemas 2009-09-02 10:20 . 2009-09-02 14:31 -------- d-----w- c:\windows\system32\bits 2009-09-02 10:08 . 2004-08-19 14:10 60416 ----a-w- c:\windows\system32\dllcache\msimn.exe 2009-09-02 10:07 . 2009-07-03 16:57 206848 -c----w- c:\windows\system32\dllcache\occache.dll 2009-09-02 09:38 . 2004-08-19 14:09 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-09-02 09:37 . 2004-08-19 14:09 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-09-01 20:20 . 2009-09-01 20:20 -------- d-----w- c:\documents and settings\jean-pierre\Thunderbird 2009-09-01 20:18 . 2009-09-01 20:18 0 ----a-w- c:\windows\nsreg.dat 2009-09-01 20:17 . 2009-09-01 20:18 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Thunderbird 2009-09-01 20:17 . 2009-09-01 20:17 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Thunderbird 2009-09-01 20:16 . 2009-09-05 17:02 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-01 19:22 . 2009-09-02 14:40 -------- d-----w- c:\windows\ServicePackFiles 2009-09-01 19:12 . 2009-09-01 19:12 -------- d-sh--w- c:\documents and settings\jean-pierre\UserData 2009-09-01 18:19 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-09-01 18:19 . 2009-09-03 22:42 -------- d--h--w- c:\windows\$hf_mig$ 2009-09-01 17:35 . 2009-09-05 17:20 4532256 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-01 17:32 . 2009-09-01 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2009-09-01 17:32 . 2009-09-01 17:34 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-09-01 17:31 . 2009-09-01 17:31 -------- d-----w- c:\program files\Zone Labs 2009-09-01 17:31 . 2008-07-09 07:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-09-01 17:29 . 2009-09-05 17:20 -------- d-----w- c:\windows\Internet Logs 2009-09-01 17:22 . 2009-09-04 12:47 44848 ----a-w- c:\documents and settings\jean-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-01 17:18 . 2009-09-01 17:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-01 17:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-01 17:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-01 17:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-01 17:18 . 2009-09-01 17:18 -------- d-----w- c:\program files\Avira 2009-09-01 17:18 . 2009-09-01 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-01 17:16 . 2009-09-01 17:16 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Malwarebytes 2009-09-01 17:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-01 17:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-01 17:16 . 2009-09-01 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-01 17:16 . 2009-09-01 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-01 17:09 . 2009-09-01 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-01 16:58 . 2004-06-23 19:36 3147776 ----a-r- c:\windows\system32\drivers\w22n51.sys 2009-09-01 16:58 . 2004-06-01 20:50 1003520 ----a-r- c:\windows\system32\W22MLRes.dll 2009-09-01 16:58 . 2004-06-01 20:50 344064 ----a-r- c:\windows\system32\w22NCPA.dll 2009-09-01 16:57 . 2003-10-29 18:14 34329 ------w- c:\windows\O2Remove.EXE 2009-09-01 16:57 . 2004-02-12 02:18 191092 ----a-r- c:\windows\system32\drivers\o2mmb.sys 2009-09-01 16:57 . 2004-01-28 15:15 6100 ----a-r- c:\windows\system32\drivers\MbxStby.sys 2009-09-01 16:56 . 2004-05-07 02:49 66048 ----a-w- c:\windows\system32\SynTPFcs.dll 2009-09-01 16:56 . 2004-05-07 02:51 77824 ----a-w- c:\windows\system32\SynTPCoI.dll 2009-09-01 16:56 . 2004-05-07 02:46 90112 ----a-w- c:\windows\system32\SynTPAPI.dll 2009-09-01 16:56 . 2004-05-07 02:44 182688 ----a-w- c:\windows\system32\drivers\SynTP.sys 2009-09-01 16:56 . 2004-05-07 02:46 114688 ----a-w- c:\windows\system32\SynCtrl.dll 2009-09-01 16:56 . 2004-05-07 02:46 77824 ----a-w- c:\windows\system32\SynCOM.dll 2009-09-01 16:56 . 2009-09-01 16:56 -------- d-----w- c:\program files\Synaptics 2009-09-01 16:56 . 2009-09-01 16:56 -------- d-----w- c:\windows\OPTIONS 2009-09-01 16:56 . 2004-04-13 12:14 70144 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys 2009-09-01 16:55 . 2004-10-08 00:32 167936 ----a-r- c:\windows\system32\igfxres.dll 2009-09-01 16:51 . 2009-09-01 16:58 -------- d-----w- c:\program files\Intel 2009-09-01 16:50 . 2009-09-01 16:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-01 16:50 . 2009-09-01 16:57 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-09-01 16:06 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2009-09-01 16:04 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2009-09-01 16:04 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-09-01 16:04 . 2004-08-19 14:09 77312 ----a-w- c:\windows\system32\usbui.dll 2009-09-01 16:03 . 2009-09-04 14:52 -------- d-sh--w- c:\windows\Installer 2009-09-01 16:03 . 2002-08-30 12:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll 2009-09-01 16:03 . 2002-08-30 12:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll 2009-09-01 16:03 . 2002-08-30 12:00 65536 -c--a-w- c:\windows\system32\dllcache\spcplui.dll 2009-09-01 16:03 . 2002-08-30 12:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe 2009-09-01 16:03 . 2009-09-04 10:20 -------- d-----r- C:\Program Files 2009-09-01 16:01 . 2009-09-03 21:09 -------- d-----w- C:\Documents and Settings 2009-09-01 16:01 . 2009-09-01 14:13 -------- d--h--w- c:\documents and settings\Default User 2009-09-01 16:01 . 2009-09-01 14:11 -------- d-----w- c:\documents and settings\All Users . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-05 17:17 . 2009-09-01 17:35 57224 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-05 06:10 . 2009-09-04 10:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-04 14:52 . 2009-09-04 08:53 -------- d-----w- c:\program files\Java 2009-09-04 10:20 . 2009-09-04 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-04 10:20 . 2009-09-04 10:20 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\SUPERAntiSpyware.com 2009-09-04 10:19 . 2009-09-04 10:19 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-04 09:48 . 2009-09-04 09:48 -------- d-----w- c:\program files\Trend Micro 2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\OpenOffice.org 2009-09-04 08:54 . 2009-09-04 08:54 -------- d-----w- c:\program files\JRE 2009-09-04 08:54 . 2009-09-04 08:53 -------- d-----w- c:\program files\OpenOffice.org 3 2009-09-02 14:47 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-02 14:47 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-01 14:13 . 2009-09-01 14:13 -------- d-----w- c:\program files\microsoft frontpage 2009-09-01 14:11 . 2009-09-01 14:11 -------- d-----w- c:\program files\Services en ligne 2009-09-01 14:09 . 2009-09-01 14:09 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-05 09:06 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:53 . 2004-08-19 14:09 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:53 . 2002-08-30 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-25 03:23 . 2009-09-04 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 18:56 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 00:18 . 2004-08-19 14:09 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-19 14:09 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-15 11:33 . 2004-08-19 14:10 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:23 . 2004-08-19 14:09 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:30 . 2009-09-02 10:07 132096 ----a-w- c:\windows\system32\wkssvc.dll . ------- Sigcheck ------- [-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll [-] 2008-04-26 12:28 1548288 ED5C110C351EC3429F6959923E9517CF c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-05 1994480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\jean-pierre\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogoff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2009 15:22 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2009 15:22 74480] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/09/2009 19:18 108289] R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [01/09/2009 18:57 191092] R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [01/09/2009 18:57 6100] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2009 15:22 7408] S3 Ad-Aware 2007 Service;Ad-Aware 2007 Service;f:\utilitaires\Ad-Aware2007Portable\aawservice.exe --> f:\utilitaires\Ad-Aware2007Portable\aawservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-05 19:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2780) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2009-09-05 19:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-05 17:25 Pre-Run: 19 572 428 800 octets libres Post-Run: 19 572 703 232 octets libres 250 --- E O F --- 2009-09-02 16:22
×
×
  • Créer...