((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ZipFile]
@={2D7E38A6-A604-45AE-9A87-4F5F25760650}
[HKEY_CLASSES_ROOT\CLSID{2D7E38A6-A604-45AE-9A87-4F5F25760650}]
C:\WINDOWS\System32\winsdrv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gestionnaire Antidote.exe”=“C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe” [2004-06-24 02:10 702539]
“system32”=“C:\WINDOWS\system32\issass.exe” [2008-02-18 14:19 1223913]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-10-31 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-12 16:44 8429568]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-12 16:44 81920]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 21:34 868352]
“TrueImageMonitor.exe”=“C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe” [2006-10-18 17:58 1185264]
“AcronisTimounterMonitor”=“C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe” [2006-10-18 18:02 1961576]
“Acronis Scheduler2 Service”=“C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe” [2006-10-17 11:47 87584]
“zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2004-03-18 09:33 892928]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-11-12 11:48 157592]
“MirrorFolderShell”=“C:\WINDOWS\system32\mrfshl.exe” [2004-06-07 16:05 135168]
“NWEReboot”=“”
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-10-31 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\softkey32]
softkey32.dll 2004-08-17 06:52 8192 C:\WINDOWS\system32\softkey32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
R0 MrFoldr;MirrorFolder real-time replication driver;C:\WINDOWS\system32\drivers\mrfoldr.sys [2004-06-07 16:05]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-10-31 13:00]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-02-18 14:18]
R2 acedrv09;acedrv09;C:\WINDOWS\system32\drivers\acedrv09.sys [2007-06-18 14:10]
R2 acehlp09;acehlp09;C:\WINDOWS\system32\drivers\acehlp09.sys [2007-05-30 17:54]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]
R3 mod7700;DiBcom S830 based TV tuner device;C:\WINDOWS\system32\Drivers\dvb7700all.sys [2007-01-30 05:10]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-02-17 18:37]
S3 PciCon;PciCon;D:\PciCon.sys
S3 ptiusbf;PTI USB Filter;C:\WINDOWS\system32\DRIVERS\PTIUSBF.SYS [2001-04-14 00:22]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]
S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 21:33:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s …
Balayage cach‚ autostart entries …
Balayage des fichiers cach‚s …
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
→ C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
→ C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
→ C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
.
.
Temps d’accomplissement: 2008-02-18 21:37:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 20:37:12
ComboFix2.txt 2008-02-18 18:27:37
ComboFix3.txt 2008-02-18 18:08:55
ComboFix4.txt 2008-02-16 23:09:42
.
2008-02-17 12:49:32 — E O F —