Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
pc worked slow
removed first old version reader ...
after runned combofix offline;
that's my log:
Quote
ComboFix 12-01-21.02 - papa 25/01/2012 20:01:48.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.1966 [GMT 1:00]
Lancé depuis: c:\users\papa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\papa\AppData\Local\TempDIR
c:\users\papa\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-25 au 2012-01-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-25 19:05 . 2012-01-25 19:06 -------- d-----w- c:\users\papa\AppData\Local\temp
2012-01-25 19:05 . 2012-01-25 19:05 -------- d-----w- c:\users\anne\AppData\Local\temp
2012-01-25 19:00 . 2012-01-25 19:00 -------- d-----w- c:\users\Public
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\users\papa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 17:11 . 2012-01-25 17:11 -------- d-----w- c:\users\papa\AppData\Local\Microsoft Help
2012-01-25 17:06 . 2012-01-25 17:06 20534 ----a-w- c:\windows\cscmondump.bin
2012-01-25 16:27 . 2012-01-25 16:27 -------- d-----w- c:\program files\Windows Live
2012-01-24 16:21 . 2012-01-24 16:21 -------- d-----w- c:\program files\Defraggler
2012-01-24 15:31 . 2012-01-24 15:31 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-24 06:38 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0677257-2613-40BC-A5E9-5D9629ABD89C}\mpengine.dll
2012-01-21 06:04 . 2012-01-21 06:04 -------- d-----w- c:\users\anne\AppData\Local\Logitech® Webcam Software
2012-01-19 17:14 . 2012-01-19 17:14 -------- d-----w- c:\users\papa\AppData\Local\Logitech® Webcam Software
2012-01-19 17:04 . 2012-01-19 17:04 -------- d-----w- c:\program files\Wikikou
2012-01-19 15:36 . 2012-01-19 17:05 -------- d-----w- c:\program files\Microsoft
2012-01-19 15:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-19 15:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-19 15:36 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\users\papa\AppData\Roaming\Leadertech
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\programdata\Logitech
2012-01-19 15:31 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-19 15:11 . 2012-01-19 15:11 -------- d-----w- c:\program files\CCleaner
2012-01-19 14:35 . 2012-01-19 14:35 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-19 14:35 . 2012-01-25 16:04 -------- d-----w- c:\windows\system32\catroot2
2012-01-19 14:24 . 2012-01-19 14:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-19 14:24 . 2012-01-19 14:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-19 14:24 . 2012-01-19 14:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-19 14:24 . 2012-01-19 14:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 09:26 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 09:26 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 09:26 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 09:26 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 09:26 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 09:26 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 06:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 17:27 . 2011-12-20 17:27 3584 ----a-r- c:\users\papa\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-12-19 18:59 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-05-02 18:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-05-02 18:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-05-02 18:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-24 08:03 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-05-02 18:36 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-23 13:37 . 2011-12-14 07:23 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 17:06 . 2011-12-20 13:31 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-08-13 09:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 13:29 . 2009-10-03 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-14 09:58 . 2011-11-14 09:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-19 14:24 . 2011-10-03 13:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cnat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2009-04-09 21:22 185640 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 08:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 11:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-03-05 16:28 915512 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-15 37632]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-18 2998832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\l6ztlgqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-HP Health Check Scheduler - (no file)
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 20:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\JavaSoft\Prefs]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Theorica\Safe XP]
@DACL=(02 0000)
"BackupData"="8D2010002000000"
"LangID"=dword:0000040c
"Top"="227"
"Left"="277"
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\25\Rules]
@DACL=(02 0000)
"Num"=dword:00000012
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Rules]
@DACL=(02 0000)
"Num"=dword:00000003
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Rules]
@DACL=(02 0000)
"Num"=dword:0000000f
.
Heure de fin: 2012-01-25 20:07:03
ComboFix-quarantined-files.txt 2012-01-25 19:07
.
Avant-CF: 927.406.166.016 octets libres
Après-CF: 926.621.515.776 octets libres
.
- - End Of File - - F06012A91F13CB87BEADBAC9F478E329
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.1966 [GMT 1:00]
Lancé depuis: c:\users\papa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\papa\AppData\Local\TempDIR
c:\users\papa\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-25 au 2012-01-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-25 19:05 . 2012-01-25 19:06 -------- d-----w- c:\users\papa\AppData\Local\temp
2012-01-25 19:05 . 2012-01-25 19:05 -------- d-----w- c:\users\anne\AppData\Local\temp
2012-01-25 19:00 . 2012-01-25 19:00 -------- d-----w- c:\users\Public
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\users\papa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 17:11 . 2012-01-25 17:11 -------- d-----w- c:\users\papa\AppData\Local\Microsoft Help
2012-01-25 17:06 . 2012-01-25 17:06 20534 ----a-w- c:\windows\cscmondump.bin
2012-01-25 16:27 . 2012-01-25 16:27 -------- d-----w- c:\program files\Windows Live
2012-01-24 16:21 . 2012-01-24 16:21 -------- d-----w- c:\program files\Defraggler
2012-01-24 15:31 . 2012-01-24 15:31 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-24 06:38 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0677257-2613-40BC-A5E9-5D9629ABD89C}\mpengine.dll
2012-01-21 06:04 . 2012-01-21 06:04 -------- d-----w- c:\users\anne\AppData\Local\Logitech® Webcam Software
2012-01-19 17:14 . 2012-01-19 17:14 -------- d-----w- c:\users\papa\AppData\Local\Logitech® Webcam Software
2012-01-19 17:04 . 2012-01-19 17:04 -------- d-----w- c:\program files\Wikikou
2012-01-19 15:36 . 2012-01-19 17:05 -------- d-----w- c:\program files\Microsoft
2012-01-19 15:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-19 15:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-19 15:36 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\users\papa\AppData\Roaming\Leadertech
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\programdata\Logitech
2012-01-19 15:31 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-19 15:11 . 2012-01-19 15:11 -------- d-----w- c:\program files\CCleaner
2012-01-19 14:35 . 2012-01-19 14:35 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-19 14:35 . 2012-01-25 16:04 -------- d-----w- c:\windows\system32\catroot2
2012-01-19 14:24 . 2012-01-19 14:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-19 14:24 . 2012-01-19 14:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-19 14:24 . 2012-01-19 14:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-19 14:24 . 2012-01-19 14:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 09:26 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 09:26 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 09:26 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 09:26 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 09:26 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 09:26 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 06:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 17:27 . 2011-12-20 17:27 3584 ----a-r- c:\users\papa\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-12-19 18:59 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-05-02 18:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-05-02 18:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-05-02 18:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-24 08:03 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-05-02 18:36 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-23 13:37 . 2011-12-14 07:23 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 17:06 . 2011-12-20 13:31 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-08-13 09:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 13:29 . 2009-10-03 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-14 09:58 . 2011-11-14 09:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-19 14:24 . 2011-10-03 13:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cnat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2009-04-09 21:22 185640 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 08:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 11:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-03-05 16:28 915512 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-15 37632]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-18 2998832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\l6ztlgqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-HP Health Check Scheduler - (no file)
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 20:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\JavaSoft\Prefs]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Theorica\Safe XP]
@DACL=(02 0000)
"BackupData"="8D2010002000000"
"LangID"=dword:0000040c
"Top"="227"
"Left"="277"
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\25\Rules]
@DACL=(02 0000)
"Num"=dword:00000012
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Rules]
@DACL=(02 0000)
"Num"=dword:00000003
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Rules]
@DACL=(02 0000)
"Num"=dword:0000000f
.
Heure de fin: 2012-01-25 20:07:03
ComboFix-quarantined-files.txt 2012-01-25 19:07
.
Avant-CF: 927.406.166.016 octets libres
Après-CF: 926.621.515.776 octets libres
.
- - End Of File - - F06012A91F13CB87BEADBAC9F478E329
my computer is clean now or not ?
This post has been edited by zebuth007: 27 January 2012 - 04:06 AM
Back to top
