Votre question

Combo fix rapport

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Avril 2010 01:09:19

Un ordi qui me tape sur le rognon avec sa lenteur....

P4 2.6Ghz, 2G de mémoire, 6 DD pour 5TO, XP SP3, scanné avec Avira, avec Malwarebytes en mode sans échec, avec Ccleaner et avec PC health Optimiser

Le rapport combofix va comme suit:

ComboFix 10-04-10.02 - moi 2010-04-11 10:28:21.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2047.1547 [GMT -4:00]
Lancé depuis: f:\documents and settings\moi\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\18467.exe
f:\windows\system32\19169.exe
f:\windows\system32\26500.exe
f:\windows\system32\6334.exe
f:\windows\system32\IS15.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-11 au 2010-04-11 ))))))))))))))))))))))))))))))))))))
.

2010-04-10 03:32 . 2010-04-10 03:32 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\Sophos
2010-04-10 03:30 . 2008-12-10 07:21 130088 ----a-w- f:\windows\system32\sdccoinstaller.dll
2010-04-10 03:30 . 2010-04-10 03:30 -------- d-----w- f:\program files\Fichiers communs\Cisco Systems
2010-04-10 03:29 . 2008-12-09 15:10 23552 ----a-w- f:\windows\system32\SophosBootTasks.exe
2010-04-10 03:29 . 2010-04-10 03:30 -------- d-----w- f:\program files\Sophos
2010-04-10 03:29 . 2010-04-10 03:29 -------- d-----w- f:\documents and settings\All Users\Application Data\Sophos
2010-04-10 03:28 . 2008-07-18 15:49 35584 ----a-w- f:\windows\system32\drivers\savonaccessfilter.sys
2010-04-10 03:28 . 2008-05-23 12:38 14976 ----a-w- f:\windows\system32\drivers\SophosBootDriver.sys
2010-04-10 03:28 . 2008-07-18 15:49 104704 ----a-w- f:\windows\system32\drivers\savonaccesscontrol.sys
2010-04-10 01:31 . 2010-04-10 01:31 -------- d-----w- f:\program files\Marvell
2010-04-10 00:01 . 2010-04-10 00:12 -------- d-----w- f:\program files\ZHPDiag
2010-04-09 14:10 . 2010-04-09 15:46 -------- d-----w- f:\windows\BDOSCAN8
2010-04-09 02:39 . 2010-04-09 02:39 -------- d-----w- f:\documents and settings\moi\Application Data\NCH Software
2010-04-05 02:29 . 2010-04-05 02:29 -------- d-----w- f:\program files\Elaborate Bytes
2010-04-04 12:52 . 2010-04-04 12:52 -------- d-----w- f:\documents and settings\moi\Application Data\IDMComp
2010-03-26 01:54 . 2010-03-26 01:54 -------- d-----w- f:\program files\PowerISO
2010-03-23 19:05 . 2004-08-04 02:32 10880 -c--a-w- f:\windows\system32\dllcache\admjoy.sys
2010-03-23 16:39 . 2010-03-11 12:34 78336 -c--a-w- f:\windows\system32\dllcache\ieencode.dll
2010-03-23 16:39 . 2010-03-11 12:34 78336 ----a-w- f:\windows\system32\ieencode.dll
2010-03-23 16:31 . 2010-03-23 16:31 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\Xara
2010-03-23 03:35 . 2010-03-23 03:35 -------- d-sh--w- f:\documents and settings\Administrateur\IECompatCache
2010-03-23 03:34 . 2010-03-23 03:34 -------- d-sh--w- f:\documents and settings\Administrateur\PrivacIE
2010-03-19 16:57 . 2010-04-03 16:03 -------- d-----w- f:\documents and settings\moi\Local Settings\Application Data\MicroVision Applications
2010-03-19 16:56 . 2009-12-15 21:25 487424 ----a-w- f:\windows\system32\msvcp70.dll
2010-03-19 16:56 . 2010-03-19 16:56 -------- d-----w- f:\program files\Fichiers communs\SureThing Shared
2010-03-19 16:56 . 2010-03-19 16:57 -------- d-----w- f:\program files\SureThing CD Labeler 5
2010-03-19 16:48 . 2010-04-09 02:39 -------- d-----w- f:\documents and settings\All Users\Application Data\NCH Software
2010-03-19 16:42 . 2010-03-19 16:42 -------- d-----w- f:\documents and settings\moi\Application Data\MAGIX
2010-03-19 16:42 . 2010-03-19 16:42 -------- d-----w- f:\program files\Fichiers communs\xara
2010-03-19 13:36 . 2010-03-19 15:50 -------- d-----w- f:\documents and settings\moi\Application Data\RetinaX
2010-03-19 13:25 . 2010-03-19 13:25 -------- d-----w- f:\documents and settings\moi\Application DataRetinax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 14:28 . 2010-01-03 00:58 -------- d-----w- f:\documents and settings\moi\Application Data\uTorrent
2010-04-10 18:42 . 2006-03-02 12:00 85574 ----a-w- f:\windows\system32\perfc00C.dat
2010-04-10 18:42 . 2006-03-02 12:00 513558 ----a-w- f:\windows\system32\perfh00C.dat
2010-04-10 18:31 . 2010-01-04 02:14 -------- d-----w- f:\program files\Windows Live
2010-04-10 01:28 . 2009-04-11 15:27 -------- d-----w- f:\program files\ma-config.com
2010-04-10 01:28 . 2009-04-11 15:27 -------- d-----w- f:\documents and settings\All Users\Application Data\ma-config.com
2010-04-10 00:58 . 2009-04-03 21:13 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-04-10 00:57 . 2010-01-20 02:41 5918775 ----a-w- f:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-09 06:42 . 2010-03-05 02:48 -------- d-----w- f:\program files\CCleaner
2010-04-09 06:26 . 2010-01-06 01:23 -------- d-----w- f:\documents and settings\moi\Application Data\DMCache
2010-04-09 06:23 . 2010-01-21 15:01 -------- d-----w- f:\documents and settings\moi\Application Data\IDM
2010-04-03 19:40 . 2010-01-29 02:16 -------- d-----w- f:\program files\Fichiers communs\Nero
2010-04-03 19:40 . 2009-05-28 13:42 -------- d-----w- f:\documents and settings\All Users\Application Data\Nero
2010-03-30 04:46 . 2009-04-03 21:13 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-04-03 21:13 20824 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-03-24 23:42 . 2009-01-28 02:04 20912 -c--a-w- f:\documents and settings\moi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 06:09 . 2009-06-18 19:01 -------- d-----w- f:\program files\Fichiers communs\Adobe
2010-03-20 05:17 . 2010-01-22 16:27 198064 ----a-w- f:\documents and settings\moi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-19 21:15 . 2010-01-13 02:49 -------- d-----w- f:\documents and settings\moi\Application Data\FileZilla
2010-03-19 16:50 . 2009-06-10 21:56 -------- d-----w- f:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-03-19 16:42 . 2009-06-17 10:37 -------- d-----w- f:\documents and settings\All Users\Application Data\MAGIX
2010-03-19 13:30 . 2009-05-28 14:15 -------- d-----w- f:\documents and settings\moi\Application Data\Nero
2010-03-19 13:30 . 2010-01-30 21:22 -------- d-----w- f:\documents and settings\All Users\Application Data\NOS
2010-03-19 13:30 . 2009-01-31 12:28 -------- d-----w- f:\documents and settings\moi\Application Data\Ahead
2010-03-11 12:34 . 2006-03-02 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2010-03-11 12:34 . 2006-03-02 12:00 17408 ----a-w- f:\windows\system32\corpol.dll
2010-03-04 00:01 . 2010-02-14 22:25 -------- d-----w- f:\program files\Paint.NET
2010-02-24 23:31 . 2010-01-13 02:49 -------- d-----w- f:\program files\FileZilla FTP Client
2010-02-16 20:10 . 2010-02-16 20:10 -------- d-----w- f:\program files\PC Health Optimizer Free Edition
2010-02-16 18:06 . 2010-02-16 18:06 -------- d-----w- f:\program files\AxBx
2010-02-02 21:18 . 2010-02-02 21:18 348160 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\msvcr71.dll
2010-02-02 21:18 . 2010-02-02 21:18 503808 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\msvcp71.dll
2010-02-02 21:18 . 2010-02-02 21:18 499712 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a04a380-n\jmc.dll
2010-02-02 21:18 . 2010-02-02 21:18 61440 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1873802d-n\decora-sse.dll
2010-02-02 21:18 . 2010-02-02 21:18 12800 ----a-w- f:\documents and settings\moi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1873802d-n\decora-d3d.dll
2010-02-02 21:17 . 2010-02-02 21:17 411368 ----a-w- f:\windows\system32\deploytk.dll
2010-01-20 02:11 . 2010-01-20 02:11 12 ----a-w- f:\documents and settings\NetworkService\Application Data\mvhgkr.dat
2010-01-16 16:17 . 2010-01-15 16:16 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="f:\program files\uTorrent\uTorrent.exe" [2010-01-03 289584]
"Memory Optimizer"="f:\program files\PC Health Optimizer Free Edition\docmemopt.exe" [2008-05-28 2682880]
"Spyware Cleaner Monitor"="f:\program files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" [2008-05-21 2186752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoUpdate Monitor.lnk - f:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 19:57 948672 ----a-r- f:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ------w- f:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9400Fax Series]
2007-03-23 11:00 182272 ----a-w- f:\windows\system32\spool\drivers\w32x86\3\E_FATICFA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]
2008-05-28 16:23 2682880 ----a-w- f:\program files\PC Health Optimizer Free Edition\docmemopt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2008-04-14 02:34 208896 ----a-w- f:\windows\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- f:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- f:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-27 14:03 13684736 ----a-w- f:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-27 14:03 86016 ----a-w- f:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- f:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 12:12 729088 ------w- f:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-r- f:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- f:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-03 00:59 289584 ----a-w- f:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

R1 SAVOnAccessControl;SAVOnAccessControl;f:\windows\system32\drivers\savonaccesscontrol.sys [2010-04-09 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;f:\windows\system32\drivers\savonaccessfilter.sys [2010-04-09 35584]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-15 108289]
R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus;f:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-12-09 69632]
R2 SAVService;Sophos Anti-Virus;f:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-12-09 98304]
S3 maconfservice;Ma-Config Service;f:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
S3 SureThing Labelflash service;SureThing Labelflash service;f:\program files\Fichiers communs\SureThing Shared\stllssvr.exe [2010-03-19 74392]
S3 UPnPService;UPnPService;f:\program files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2009-06-17 548864]
S4 SophosBootDriver;SophosBootDriver;f:\windows\system32\drivers\SophosBootDriver.sys [2010-04-09 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://qc.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - f:\documents and settings\moi\Application Data\Mozilla\Firefox\Profiles\nzuvlup3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
FF - component: f:\documents and settings\moi\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: f:\documents and settings\moi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: f:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: f:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - e:\transfert\programmes\Adobe\Reader\Reader_sl.exe
MSConfigStartUp-IDMan - f:\program files\Internet Download Manager\IDMan.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - f:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 10:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-04-11 10:33:06
ComboFix-quarantined-files.txt 2010-04-11 14:33

Avant-CF: 3 124 350 976 octets libres
Après-CF: 3 314 425 856 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - C8A1138FF16DE95C71FE5A28B696FE3F


Plutôt fatigué de cette lenteur!!!

Merci

Autres pages sur : combo fix rapport

14 Avril 2010 04:46:38

J'y ajoute un Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:20, on 2010-04-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\uTorrent\uTorrent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Documents and Settings\moi\Mes documents\Downloads\Programs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Memory Optimizer] F:\Program Files\PC Health Optimizer Free Edition\docmemopt.exe min
O4 - HKCU\..\Run: [Spyware Cleaner Monitor] "F:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sourc...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - F:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5665 bytes
14 Avril 2010 04:48:08

et aussi un USBfix.txt



############################## | UsbFix V6.103 |

User : moi (Administrateurs) # DARK-CPU
Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:45:26 | 2010-04-13
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 446,23 Go (97,97 Go free) [Lutte et films] # NTFS
D:\ -> Disque fixe local # 465,75 Go (40,3 Go free) [vidéos] # NTFS
E:\ -> Disque fixe local # 1397,25 Go (265,78 Go free) [Music video] # NTFS
F:\ -> Disque fixe local # 19,53 Go (3,25 Go free) # NTFS
G:\ -> Disque fixe local # 931,5 Go (39,46 Go free) [Lutte o-z] # NTFS
H:\ -> Disque fixe local # 931,5 Go (20,65 Go free) [lutte a-n] # NTFS
I:\ -> Disque fixe local # 465,75 Go (254,91 Go free) [music mp3] # NTFS
J:\ -> Disque CD-ROM
K:\ -> Disque amovible
L:\ -> Disque amovible
M:\ -> Disque fixe local # 465,75 Go (16,13 Go free) # NTFS
O:\ -> Disque amovible

################## | Elements infectieux |


################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.103 ! |

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS