trouve pas le rapport

[grominetto]

WIN XP SP3, P4 2.6 Ghz, 2 G de mémoire, 6 DD pour 5 TO .......et très lent!!

 

rapport hijackthis:

 

 

J'y ajoute un Hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:38:20, on 2010-04-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avira\AntiVir Desktop\sched.exe

F:\Program Files\Avira\AntiVir Desktop\avguard.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\wbem\wmiapsrv.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\Avira\AntiVir Desktop\avgnt.exe

F:\Program Files\uTorrent\uTorrent.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\taskmgr.exe

F:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\WINDOWS\system32\rundll32.exe

F:\Documents and Settings\moi\Mes documents\Downloads\Programs\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qc.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Memory Optimizer] F:\Program Files\PC Health Optimizer Free Edition\docmemopt.exe min

O4 - HKCU\..\Run: [spyware Cleaner Monitor] "F:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com [...] _0_2_0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - F:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe

O23 - Service: UPnPService - Magix AG - F:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

 

--

End of file - 5665 bytes

[grominetto]

avec un combofix:

 

 

 

Le rapport combofix va comme suit:

 

ComboFix 10-04-10.02 - moi 2010-04-11 10:28:21.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2047.1547 [GMT -4:00]

Lancé depuis: f:\documents and settings\moi\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

f:\windows\system32\18467.exe

f:\windows\system32\19169.exe

f:\windows\system32\26500.exe

f:\windows\system32\6334.exe

f:\windows\system32\IS15.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-11 au 2010-04-11 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-10 03:32 . 2010-04-10 03:32 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\Sophos

2010-04-10 03:30 . 2008-12-10 07:21 130088 ----a-w- f:\windows\system32\sdccoinstaller.dll

2010-04-10 03:30 . 2010-04-10 03:30 -------- d-----w- f:\program files\Fichiers communs\Cisco Systems

2010-04-10 03:29 . 2008-12-09 15:10 23552 ----a-w- f:\windows\system32\SophosBootTasks.exe

2010-04-10 03:29 . 2010-04-10 03:30 -------- d-----w- f:\program files\Sophos

2010-04-10 03:29 . 2010-04-10 03:29 -------- d-----w- f:\documents and settings\All Users\Application Data\Sophos

2010-04-10 03:28 . 2008-07-18 15:49 35584 ----a-w- f:\windows\system32\drivers\savonaccessfilter.sys

2010-04-10 03:28 . 2008-05-23 12:38 14976 ----a-w- f:\windows\system32\drivers\SophosBootDriver.sys

2010-04-10 03:28 . 2008-07-18 15:49 104704 ----a-w- f:\windows\system32\drivers\savonaccesscontrol.sys

2010-04-10 01:31 . 2010-04-10 01:31 -------- d-----w- f:\program files\Marvell

2010-04-10 00:01 . 2010-04-10 00:12 -------- d-----w- f:\program files\ZHPDiag

2010-04-09 14:10 . 2010-04-09 15:46 -------- d-----w- f:\windows\BDOSCAN8

2010-04-09 02:39 . 2010-04-09 02:39 -------- d-----w- f:\documents and settings\moi\Application Data\NCH Software

2010-04-05 02:29 . 2010-04-05 02:29 -------- d-----w- f:\program files\Elaborate Bytes

2010-04-04 12:52 . 2010-04-04 12:52 -------- d-----w- f:\documents and settings\moi\Application Data\IDMComp

2010-03-26 01:54 . 2010-03-26 01:54 -------- d-----w- f:\program files\PowerISO

2010-03-23 19:05 . 2004-08-04 02:32 10880 -c--a-w- f:\windows\system32\dllcache\admjoy.sys

2010-03-23 16:39 . 2010-03-11 12:34 78336 -c--a-w- f:\windows\system32\dllcache\ieencode.dll

2010-03-23 16:39 . 2010-03-11 12:34 78336 ----a-w- f:\windows\system32\ieencode.dll

2010-03-23 16:31 . 2010-03-23 16:31 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\Xara

2010-03-23 03:35 . 2010-03-23 03:35 -------- d-sh--w- f:\documents and settings\Administrateur\IECompatCache

2010-03-23 03:34 . 2010-03-23 03:34 -------- d-sh--w- f:\documents and settings\Administrateur\PrivacIE

2010-03-19 16:57 . 2010-04-03 16:03 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\MicroVision Applications

2010-03-19 16:56 . 2009-12-15 21:25 487424 ----a-w- f:\windows\system32\msvcp70.dll

2010-03-19 16:56 . 2010-03-19 16:56 -------- d-----w- f:\program files\Fichiers communs\SureThing Shared

2010-03-19 16:56 . 2010-03-19 16:57 -------- d-----w- f:\program files\SureThing CD Labeler 5

2010-03-19 16:48 . 2010-04-09 02:39 -------- d-----w- f:\documents and settings\All Users\Application Data\NCH Software

2010-03-19 16:42 . 2010-03-19 16:42 -------- d-----w- f:\documents and settings\moi\Application Data\MAGIX

2010-03-19 16:42 . 2010-03-19 16:42 -------- d-----w- f:\program files\Fichiers communs\xara

2010-03-19 13:36 . 2010-03-19 15:50 -------- d-----w- f:\documents and settings\moi\Application Data\RetinaX

2010-03-19 13:25 . 2010-03-19 13:25 -------- d-----w- f:\documents and settings\moi\Application DataRetinax

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-11 14:28 . 2010-01-03 00:58 -------- d-----w- f:\documents and settings\moi\Application Data\uTorrent

2010-04-10 18:42 . 2006-03-02 12:00 85574 ----a-w- f:\windows\system32\perfc00C.dat

2010-04-10 18:42 . 2006-03-02 12:00 513558 ----a-w- f:\windows\system32\perfh00C.dat

2010-04-10 18:31 . 2010-01-04 02:14 -------- d-----w- f:\program files\Windows Live

2010-04-10 01:28 . 2009-04-11 15:27 -------- d-----w- f:\program files\ma-config.com

2010-04-10 01:28 . 2009-04-11 15:27 -------- d-----w- f:\documents and settings\All Users\Application Data\ma-config.com

2010-04-10 00:58 . 2009-04-03 21:13 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware

2010-04-10 00:57 . 2010-01-20 02:41 5918775 ----a-w- f:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-04-09 06:42 . 2010-03-05 02:48 -------- d-----w- f:\program files\CCleaner

2010-04-09 06:26 . 2010-01-06 01:23 -------- d-----w- f:\documents and settings\moi\Application Data\DMCache

2010-04-09 06:23 . 2010-01-21 15:01 -------- d-----w- f:\documents and settings\moi\Application Data\IDM

2010-04-03 19:40 . 2010-01-29 02:16 -------- d-----w- f:\program files\Fichiers communs\Nero

2010-04-03 19:40 . 2009-05-28 13:42 -------- d-----w- f:\documents and settings\All Users\Application Data\Nero

2010-03-30 04:46 . 2009-04-03 21:13 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 04:45 . 2009-04-03 21:13 20824 ----a-w- f:\windows\system32\drivers\mbam.sys

2010-03-24 23:42 . 2009-01-28 02:04 20912 -c--a-w- f:\documents and settings\moi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-23 06:09 . 2009-06-18 19:01 -------- d-----w- f:\program files\Fichiers communs\Adobe

2010-03-20 05:17 . 2010-01-22 16:27 198064 ----a-w- f:\documents and settings\moi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-03-19 21:15 . 2010-01-13 02:49 -------- d-----w- f:\documents and settings\moi\Application Data\FileZilla

2010-03-19 16:50 . 2009-06-10 21:56 -------- d-----w- f:\documents and settings\All Users\Application Data\NCH Swift Sound

2010-03-19 16:42 . 2009-06-17 10:37 -------- d-----w- f:\documents and settings\All Users\Application Data\MAGIX

2010-03-19 13:30 . 2009-05-28 14:15 -------- d-----w- f:\documents and settings\moi\Application Data\Nero

2010-03-19 13:30 . 2010-01-30 21:22 -------- d-----w- f:\documents and settings\All Users\Application Data\NOS

2010-03-19 13:30 . 2009-01-31 12:28 -------- d-----w- f:\documents and settings\moi\Application Data\Ahead

2010-03-11 12:34 . 2006-03-02 12:00 832512 ----a-w- f:\windows\system32\wininet.dll

2010-03-11 12:34 . 2006-03-02 12:00 17408 ----a-w- f:\windows\system32\corpol.dll

2010-03-04 00:01 . 2010-02-14 22:25 -------- d-----w- f:\program files\Paint.NET

2010-02-24 23:31 . 2010-01-13 02:49 -------- d-----w- f:\program files\FileZilla FTP Client

2010-02-16 20:10 . 2010-02-16 20:10 -------- d-----w- f:\program files\PC Health Optimizer Free Edition

2010-02-16 18:06 . 2010-02-16 18:06 -------- d-----w- f:\program files\AxBx

2010-02-02 21:18 . 2010-02-02 21:18 348160 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\msvcr71.dll

2010-02-02 21:18 . 2010-02-02 21:18 503808 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\msvcp71.dll

2010-02-02 21:18 . 2010-02-02 21:18 499712 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\jmc.dll

2010-02-02 21:18 . 2010-02-02 21:18 61440 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1873802d-n\decora-sse.dll

2010-02-02 21:18 . 2010-02-02 21:18 12800 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1873802d-n\decora-d3d.dll

2010-02-02 21:17 . 2010-02-02 21:17 411368 ----a-w- f:\windows\system32\deploytk.dll

2010-01-20 02:11 . 2010-01-20 02:11 12 ----a-w- f:\documents and settings\NetworkService\Application Data\mvhgkr.dat

2010-01-16 16:17 . 2010-01-15 16:16 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"uTorrent"="f:\program files\uTorrent\uTorrent.exe" [2010-01-03 289584]

"Memory Optimizer"="f:\program files\PC Health Optimizer Free Edition\docmemopt.exe" [2008-05-28 2682880]

"Spyware Cleaner Monitor"="f:\program files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" [2008-05-21 2186752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

AutoUpdate Monitor.lnk - f:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 19:57 948672 ----a-r- f:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:33 15360 ------w- f:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9400Fax Series]

2007-03-23 11:00 182272 ----a-w- f:\windows\system32\spool\drivers\w32x86\3\E_FATICFA.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

2008-05-28 16:23 2682880 ----a-w- f:\program files\PC Health Optimizer Free Edition\docmemopt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

2008-04-14 02:34 208896 ----a-w- f:\windows\inf\unregmp2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 21:44 3883856 ----a-w- f:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- f:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-03-27 14:03 13684736 ----a-w- f:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-03-27 14:03 86016 ----a-w- f:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-11-02 08:38 167936 ----a-w- f:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2006-07-13 12:12 729088 ------w- f:\program files\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2006-12-18 13:34 868352 ----a-r- f:\program files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2006-09-07 17:19 15872 ----a-w- f:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-01-03 00:59 289584 ----a-w- f:\program files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program Files\\Messenger\\msmsgs.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

 

R1 SAVOnAccessControl;SAVOnAccessControl;f:\windows\system32\drivers\savonaccesscontrol.sys [2010-04-09 104704]

R1 SAVOnAccessFilter;SAVOnAccessFilter;f:\windows\system32\drivers\savonaccessfilter.sys [2010-04-09 35584]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-15 108289]

R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus;f:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-12-09 69632]

R2 SAVService;Sophos Anti-Virus;f:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-12-09 98304]

S3 maconfservice;Ma-Config Service;f:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]

S3 SureThing Labelflash service;SureThing Labelflash service;f:\program files\Fichiers communs\SureThing Shared\stllssvr.exe [2010-03-19 74392]

S3 UPnPService;UPnPService;f:\program files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2009-06-17 548864]

S4 SophosBootDriver;SophosBootDriver;f:\windows\system32\drivers\SophosBootDriver.sys [2010-04-09 14976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://qc.yahoo.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - f:\documents and settings\moi\Application Data\Mozilla\Firefox\Profiles\nzuvlup3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

FF - component: f:\documents and settings\moi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: f:\documents and settings\moi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll

FF - plugin: f:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: f:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-Locked - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - e:\transfert\programmes\Adobe\Reader\Reader_sl.exe

MSConfigStartUp-IDMan - f:\program files\Internet Download Manager\IDMan.exe

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - f:\program files\NOS\bin\getPlus_Helper.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-11 10:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2010-04-11 10:33:06

ComboFix-quarantined-files.txt 2010-04-11 14:33

 

Avant-CF: 3 124 350 976 octets libres

Après-CF: 3 314 425 856 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

- - End Of File - - C8A1138FF16DE95C71FE5A28B696FE3F