Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

machine qui rame

advitameternam

Par advitameternam
dans Analyses et éradication malwares

 Partager

Messages recommandés

advitameternam Junior Member

advitameternam

Posté(e)
Posté(e)

Bonjour,

Après formatage et reformatage je vous envoi deux fichier un hijackthis et un combofix

 

apres formatage et install de windows avec nlite tout va bien.

Je recopie les données tout va bien

 

et au bout de quelques heures

 

l'ordi rame beaucoup trop

 

Merci de votre aide

 

chris

 

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:48, on 05/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service - Unknown owner - F:\utilitaires\Ad-Aware2007Portable\aawservice.exe (file missing)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4767 bytes

 

 

rapport combofix

 

ComboFix 09-09-04.02 - jean-pierre 05/09/2009 19:13.1.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1007.709 [GMT 2:00]

Running from: c:\documents and settings\jean-pierre\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))

.

 

2009-09-05 09:19 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-05 09:16 . 2009-09-05 12:38 -------- d-----w- c:\windows\system32\HouseCall 6.6

2009-09-03 22:51 . 2009-09-03 22:51 -------- d-sh--w- c:\documents and settings\jean-pierre\IECompatCache

2009-09-03 21:10 . 2009-09-03 21:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2009-09-03 07:27 . 2009-09-03 07:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-03 07:27 . 2009-09-05 12:44 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\skypePM

2009-09-03 07:25 . 2009-09-05 17:21 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Skype

2009-09-03 07:25 . 2009-09-03 07:25 -------- d-----w- c:\program files\Fichiers communs\Skype

2009-09-03 07:24 . 2009-09-03 22:48 -------- d-----r- c:\program files\Skype

2009-09-03 07:24 . 2009-09-03 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-09-02 15:26 . 2009-09-02 15:26 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Adobe

2009-09-02 15:24 . 2009-09-02 15:25 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-09-02 15:15 . 2009-09-02 15:16 -------- d-----w- c:\program files\PhotoFiltre

2009-09-02 15:11 . 2009-09-02 15:11 -------- d-sh--w- c:\documents and settings\jean-pierre\PrivacIE

2009-09-02 15:07 . 2009-09-02 15:07 -------- d-sh--w- c:\documents and settings\jean-pierre\IETldCache

2009-09-02 15:05 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-09-02 15:05 . 2009-09-02 15:06 -------- d-----w- c:\windows\ie8updates

2009-09-02 15:05 . 2009-07-19 16:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-09-02 15:05 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-09-02 15:05 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-09-02 15:05 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-09-02 15:05 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-09-02 15:05 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-09-02 15:02 . 2009-09-02 15:05 -------- dc-h--w- c:\windows\ie8

2009-09-02 14:58 . 2009-09-02 14:58 -------- d-----w- c:\program files\Microsoft Works

2009-09-02 14:52 . 2009-09-02 15:00 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-09-02 14:51 . 2009-09-02 14:52 -------- d-----w- c:\windows\SHELLNEW

2009-09-02 14:51 . 2009-09-02 14:51 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Microsoft Help

2009-09-02 14:50 . 2009-09-02 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-02 14:49 . 2009-09-02 14:49 -------- d--h--r- C:\MSOCache

2009-09-02 14:44 . 2009-09-02 14:44 -------- d-----w- c:\program files\Elaborate Bytes

2009-09-02 10:51 . 2009-09-02 10:51 -------- d-----w- c:\windows\srchasst

2009-09-02 10:20 . 2009-09-02 15:04 -------- d-----w- c:\windows\system32\fr-fr

2009-09-02 10:20 . 2009-09-02 14:31 -------- d-----w- c:\windows\system32\fr

2009-09-02 10:20 . 2009-09-02 14:29 -------- d-----w- c:\windows\l2schemas

2009-09-02 10:20 . 2009-09-02 14:31 -------- d-----w- c:\windows\system32\bits

2009-09-02 10:08 . 2004-08-19 14:10 60416 ----a-w- c:\windows\system32\dllcache\msimn.exe

2009-09-02 10:07 . 2009-07-03 16:57 206848 -c----w- c:\windows\system32\dllcache\occache.dll

2009-09-02 09:38 . 2004-08-19 14:09 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-09-02 09:37 . 2004-08-19 14:09 4096 ----a-w- c:\windows\system32\ksuser.dll

2009-09-01 20:20 . 2009-09-01 20:20 -------- d-----w- c:\documents and settings\jean-pierre\Thunderbird

2009-09-01 20:18 . 2009-09-01 20:18 0 ----a-w- c:\windows\nsreg.dat

2009-09-01 20:17 . 2009-09-01 20:18 -------- d-----w- c:\documents and settings\jean-pierre\Local Settings\Application Data\Thunderbird

2009-09-01 20:17 . 2009-09-01 20:17 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Thunderbird

2009-09-01 20:16 . 2009-09-05 17:02 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-09-01 19:22 . 2009-09-02 14:40 -------- d-----w- c:\windows\ServicePackFiles

2009-09-01 19:12 . 2009-09-01 19:12 -------- d-sh--w- c:\documents and settings\jean-pierre\UserData

2009-09-01 18:19 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2009-09-01 18:19 . 2009-09-03 22:42 -------- d--h--w- c:\windows\$hf_mig$

2009-09-01 17:35 . 2009-09-05 17:20 4532256 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-01 17:32 . 2009-09-01 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier

2009-09-01 17:32 . 2009-09-01 17:34 4212 ---h--w- c:\windows\system32\zllictbl.dat

2009-09-01 17:31 . 2009-09-01 17:31 -------- d-----w- c:\program files\Zone Labs

2009-09-01 17:31 . 2008-07-09 07:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll

2009-09-01 17:29 . 2009-09-05 17:20 -------- d-----w- c:\windows\Internet Logs

2009-09-01 17:22 . 2009-09-04 12:47 44848 ----a-w- c:\documents and settings\jean-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-01 17:18 . 2009-09-01 17:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-01 17:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-01 17:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-01 17:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-01 17:18 . 2009-09-01 17:18 -------- d-----w- c:\program files\Avira

2009-09-01 17:18 . 2009-09-01 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-01 17:16 . 2009-09-01 17:16 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\Malwarebytes

2009-09-01 17:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-01 17:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-01 17:16 . 2009-09-01 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-01 17:16 . 2009-09-01 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-01 17:09 . 2009-09-01 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-09-01 16:58 . 2004-06-23 19:36 3147776 ----a-r- c:\windows\system32\drivers\w22n51.sys

2009-09-01 16:58 . 2004-06-01 20:50 1003520 ----a-r- c:\windows\system32\W22MLRes.dll

2009-09-01 16:58 . 2004-06-01 20:50 344064 ----a-r- c:\windows\system32\w22NCPA.dll

2009-09-01 16:57 . 2003-10-29 18:14 34329 ------w- c:\windows\O2Remove.EXE

2009-09-01 16:57 . 2004-02-12 02:18 191092 ----a-r- c:\windows\system32\drivers\o2mmb.sys

2009-09-01 16:57 . 2004-01-28 15:15 6100 ----a-r- c:\windows\system32\drivers\MbxStby.sys

2009-09-01 16:56 . 2004-05-07 02:49 66048 ----a-w- c:\windows\system32\SynTPFcs.dll

2009-09-01 16:56 . 2004-05-07 02:51 77824 ----a-w- c:\windows\system32\SynTPCoI.dll

2009-09-01 16:56 . 2004-05-07 02:46 90112 ----a-w- c:\windows\system32\SynTPAPI.dll

2009-09-01 16:56 . 2004-05-07 02:44 182688 ----a-w- c:\windows\system32\drivers\SynTP.sys

2009-09-01 16:56 . 2004-05-07 02:46 114688 ----a-w- c:\windows\system32\SynCtrl.dll

2009-09-01 16:56 . 2004-05-07 02:46 77824 ----a-w- c:\windows\system32\SynCOM.dll

2009-09-01 16:56 . 2009-09-01 16:56 -------- d-----w- c:\program files\Synaptics

2009-09-01 16:56 . 2009-09-01 16:56 -------- d-----w- c:\windows\OPTIONS

2009-09-01 16:56 . 2004-04-13 12:14 70144 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys

2009-09-01 16:55 . 2004-10-08 00:32 167936 ----a-r- c:\windows\system32\igfxres.dll

2009-09-01 16:51 . 2009-09-01 16:58 -------- d-----w- c:\program files\Intel

2009-09-01 16:50 . 2009-09-01 16:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-01 16:50 . 2009-09-01 16:57 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2009-09-01 16:06 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2009-09-01 16:04 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

2009-09-01 16:04 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2009-09-01 16:04 . 2004-08-19 14:09 77312 ----a-w- c:\windows\system32\usbui.dll

2009-09-01 16:03 . 2009-09-04 14:52 -------- d-sh--w- c:\windows\Installer

2009-09-01 16:03 . 2002-08-30 12:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll

2009-09-01 16:03 . 2002-08-30 12:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll

2009-09-01 16:03 . 2002-08-30 12:00 65536 -c--a-w- c:\windows\system32\dllcache\spcplui.dll

2009-09-01 16:03 . 2002-08-30 12:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe

2009-09-01 16:03 . 2009-09-04 10:20 -------- d-----r- C:\Program Files

2009-09-01 16:01 . 2009-09-03 21:09 -------- d-----w- C:\Documents and Settings

2009-09-01 16:01 . 2009-09-01 14:13 -------- d--h--w- c:\documents and settings\Default User

2009-09-01 16:01 . 2009-09-01 14:11 -------- d-----w- c:\documents and settings\All Users

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-05 17:17 . 2009-09-01 17:35 57224 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-05 06:10 . 2009-09-04 10:20 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-04 14:52 . 2009-09-04 08:53 -------- d-----w- c:\program files\Java

2009-09-04 10:20 . 2009-09-04 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-04 10:20 . 2009-09-04 10:20 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\SUPERAntiSpyware.com

2009-09-04 10:19 . 2009-09-04 10:19 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-09-04 09:48 . 2009-09-04 09:48 -------- d-----w- c:\program files\Trend Micro

2009-09-04 09:01 . 2009-09-04 09:01 -------- d-----w- c:\documents and settings\jean-pierre\Application Data\OpenOffice.org

2009-09-04 08:54 . 2009-09-04 08:54 -------- d-----w- c:\program files\JRE

2009-09-04 08:54 . 2009-09-04 08:53 -------- d-----w- c:\program files\OpenOffice.org 3

2009-09-02 14:47 . 2002-08-30 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat

2009-09-02 14:47 . 2002-08-30 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat

2009-09-01 14:13 . 2009-09-01 14:13 -------- d-----w- c:\program files\microsoft frontpage

2009-09-01 14:11 . 2009-09-01 14:11 -------- d-----w- c:\program files\Services en ligne

2009-09-01 14:09 . 2009-09-01 14:09 21892 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-05 09:06 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:53 . 2004-08-19 14:09 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:53 . 2002-08-30 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-25 03:23 . 2009-09-04 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 18:56 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 00:18 . 2004-08-19 14:09 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 16:57 . 2004-08-19 14:09 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-15 11:33 . 2004-08-19 14:10 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:23 . 2004-08-19 14:09 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:30 . 2009-09-02 10:07 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll

[-] 2008-04-26 12:28 1548288 ED5C110C351EC3429F6959923E9517CF c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-05 1994480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

 

c:\documents and settings\jean-pierre\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"StartMenuLogoff"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2009 15:22 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2009 15:22 74480]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/09/2009 19:18 108289]

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [01/09/2009 18:57 191092]

R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [01/09/2009 18:57 6100]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2009 15:22 7408]

S3 Ad-Aware 2007 Service;Ad-Aware 2007 Service;f:\utilitaires\Ad-Aware2007Portable\aawservice.exe --> f:\utilitaires\Ad-Aware2007Portable\aawservice.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORPHANS REMOVED - - - -

 

Notify-dimsntfy - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-05 19:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(508)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

- - - - - - - > 'explorer.exe'(2780)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Completion time: 2009-09-05 19:25 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-05 17:25

 

Pre-Run: 19 572 428 800 octets libres

Post-Run: 19 572 703 232 octets libres

 

250 --- E O F --- 2009-09-02 16:22

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...