Ordi assez lent analyse scan hijackthis
Cyril_lol
Messages postés
25
Statut
Membre
-
Cyril_lol Messages postés 25 Statut Membre -
Cyril_lol Messages postés 25 Statut Membre -
Mon ordi est tres tres lentet c'est pas la ram ou l'espace sur le disque dure
j'espere avoir une aide
Voici le scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:20, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Documents and Settings\en cas de probelme\Application Data\Microsoft\Windows\jjrks.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OFFICE ONE6.5\OFFICE One Zip v6\OFFICE One Zip v6.exe
C:\Documents and Settings\en cas de probelme\Mes documents\OFFICE One Zip\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\wvuvsqq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nshB3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {E2E32BF3-D539-423B-8F8B-85538397870C} - C:\Program Files\MSN Gaming Zone\mefotyjyd.dll (file missing)
O2 - BHO: (no name) - {E7455AC2-7850-4091-9CEF-485987AED043} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [VWLP Agent] C:\WINDOWS\28463\VWLP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dyelrxd] c:\windows\system32\dyelrxd.exe dyelrxd
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [689a62fb] rundll32.exe "C:\WINDOWS\system32\qhgikwaj.dll",b
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DriveLog] C:\DOCUME~1\ENCASD~1\APPLIC~1\BIASVC~1\Long Play.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\en cas de probelme\Application Data\Microsoft\Windows\jjrks.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9cf511efac1f4db68abf61882997d1a6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9cf511efac1f4db68abf61882997d1a6
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mvr4l99q1.dll (file missing)
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll
O20 - Winlogon Notify: wvuvsqq - C:\WINDOWS\SYSTEM32\wvuvsqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
j'espere avoir une aide
Voici le scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:20, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Documents and Settings\en cas de probelme\Application Data\Microsoft\Windows\jjrks.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OFFICE ONE6.5\OFFICE One Zip v6\OFFICE One Zip v6.exe
C:\Documents and Settings\en cas de probelme\Mes documents\OFFICE One Zip\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\wvuvsqq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nshB3.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {E2E32BF3-D539-423B-8F8B-85538397870C} - C:\Program Files\MSN Gaming Zone\mefotyjyd.dll (file missing)
O2 - BHO: (no name) - {E7455AC2-7850-4091-9CEF-485987AED043} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [VWLP Agent] C:\WINDOWS\28463\VWLP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dyelrxd] c:\windows\system32\dyelrxd.exe dyelrxd
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [689a62fb] rundll32.exe "C:\WINDOWS\system32\qhgikwaj.dll",b
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DriveLog] C:\DOCUME~1\ENCASD~1\APPLIC~1\BIASVC~1\Long Play.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\en cas de probelme\Application Data\Microsoft\Windows\jjrks.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?9cf511efac1f4db68abf61882997d1a6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?9cf511efac1f4db68abf61882997d1a6
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mvr4l99q1.dll (file missing)
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll
O20 - Winlogon Notify: wvuvsqq - C:\WINDOWS\SYSTEM32\wvuvsqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
A voir également:
- Ordi assez lent analyse scan hijackthis
- Pc lent - Guide
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Comment reinitialiser un ordi - Guide
- Scan qr code pc - Guide
- Mon mac est lent comment le nettoyer - Guide
24 réponses
J'ai reussit :
omboFix 08-01-11.1 - en cas de probelme 2008-01-11 15:45:45.2 - NTFSx86
Running from: C:\Documents and Settings\en cas de probelme\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Router
C:\Program Files\Router\Router.exe~
C:\Program Files\Router\UnInstall.exe
C:\WINDOWS\system32\jawkighq.ini
C:\WINDOWS\system32\jbmdhrbw.ini
C:\WINDOWS\system32\kioqvlda.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ocgywdka.ini
C:\WINDOWS\system32\qsbfqxfk.ini
C:\WINDOWS\system32\scucdhht.ini
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\ufewktik.ini
C:\WINDOWS\system32\vdoeqjxm.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.
2008-01-11 15:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 14:19 . 2008-01-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 14:19 . 2008-01-11 14:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 12:24 . 2008-01-11 12:24 <REP> d-------- C:\WINDOWS\LastGood
2007-12-30 08:58 . 2007-12-30 08:58 <REP> d-------- C:\Program Files\Java
2007-12-30 08:58 . 2007-12-30 08:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-30 08:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-28 21:07 . 2007-12-28 21:07 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-28 20:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-12-28 20:48 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-12-28 20:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-12-28 20:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-12-28 20:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-28 20:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-12-28 20:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-12-28 20:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-12-28 20:47 . 2005-02-12 17:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2007-12-28 20:47 . 2005-01-17 17:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
2007-12-28 20:47 . 2006-08-16 08:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
2007-12-28 20:47 . 2005-02-05 17:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2007-12-28 20:47 . 2005-02-22 10:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
2007-12-28 20:47 . 2005-02-12 17:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2007-12-28 20:47 . 2005-02-12 17:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2007-12-28 10:50 . 2007-12-28 13:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-27 18:28 . 2007-12-27 18:28 272 --a------ C:\WINDOWS\_delis32.ini
2007-12-24 21:09 . 2007-12-24 21:29 316 --a------ C:\Clara Morgane Videosexe-Fr - Amateurs - Amatrice Francaise Avec Son Copain, Casting Pour Film Xxx - Porno Sexe Bite Vagin Fellation Pipe Sperme Anus Sodomie.amv
2007-12-24 21:07 . 2007-12-24 21:31 28,591,698 --a------ C:\Clara morgane et laure sinclair - 07 - Sex orgy bukkake snowball snuff a2m hardcore like max buttman r.amv
2007-12-24 20:05 . 2008-01-11 15:11 <REP> d-------- C:\Documents and Settings\en cas de probelme\.limewire
2007-12-24 13:18 . 2007-12-24 13:18 57,856 --a------ C:\fjrnkqwn.exe
2007-12-24 13:18 . 2007-12-24 13:18 2 --a------ C:\1754948180
2007-12-23 12:58 . 2008-01-03 10:58 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-23 12:58 . 2007-12-23 12:58 <REP> d-------- C:\Documents and Settings\en cas de probelme\Application Data\PC Tools
2007-12-23 12:58 . 2007-12-23 13:03 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-23 12:58 . 2007-12-23 13:03 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-23 12:58 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 12:58 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 12:57 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-22 08:14 . 2008-01-11 14:48 <REP> d-------- C:\Program Files\IntelligentAdvisor
2007-12-21 16:08 . 2001-07-13 13:56 14,976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2007-12-21 16:08 . 1997-02-08 17:11 13,312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2007-12-21 16:07 . 2005-11-26 19:45 2,799 --a------ C:\WINDOWS\SKLANG.INI
2007-12-21 15:24 . 2007-12-21 15:24 77 --a------ C:\Documents and Settings\en cas de probelme\8800.bat
2007-12-20 18:53 . 2007-12-28 11:38 <REP> d-------- C:\Program Files\HTV
2007-12-19 19:15 . 2007-12-19 19:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-19 19:12 . 2007-12-19 19:12 134 --a------ C:\n.bat
2007-12-19 19:10 . 2008-01-03 10:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 18:55 . 2007-12-28 11:35 <REP> d-------- C:\Program Files\BPK
2007-12-14 11:27 . 2007-12-14 11:27 309,760 --a------ C:\WINDOWS\system32\dyelrxd.exe~
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-29 22:24 472 --sha-w C:\WINDOWS\Vm90cmUgbm9tIGQndXRpbGlzYXRldXI\pA6XwAo0vA6QK3kBxrlDv35Wsrl5xrK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2E32BF3-D539-423B-8F8B-85538397870C}]
C:\Program Files\MSN Gaming Zone\mefotyjyd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2006-10-04 14:34 315436]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 20:15 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VWLP Agent"="C:\WINDOWS\28463\VWLP.exe" [ ]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 05:28 9728]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
C:\Documents and Settings\en cas de probelme\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 08:56:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveLog]
C:\DOCUME~1\ENCASD~1\APPLIC~1\BIASVC~1\Long Play.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvMon.exe]
--------- 2004-09-22 03:53 53248 C:\WINDOWS\system32\DrvMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2006-01-29 09:22 200747 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 10:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-11-02 17:24 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2004-08-19 07:00]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 07:00]
S3 idrmkl;idrmkl;C:\DOCUME~1\ENCASD~1\LOCALS~1\Temp\idrmkl.sys []
S3 PsShutdownSvc;PsShutdown;C:\WINDOWS\System32\PSSDNSVC.EXE [2005-10-24 06:59]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 04:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64aa9ff4-06b5-11db-9434-00142a4c83ab}]
\Shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 20:00:03 C:\WINDOWS\Tasks\9B78AE5994D37955.job"
- c:\docume~1\encasd~1\applic~1\biasvc~1\LOGO BOWS THUNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:52:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 15:55:32
ComboFix-quarantined-files.txt 2008-01-11 20:55:29
.
2007-12-22 17:50:16 --- E O F ---
omboFix 08-01-11.1 - en cas de probelme 2008-01-11 15:45:45.2 - NTFSx86
Running from: C:\Documents and Settings\en cas de probelme\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Router
C:\Program Files\Router\Router.exe~
C:\Program Files\Router\UnInstall.exe
C:\WINDOWS\system32\jawkighq.ini
C:\WINDOWS\system32\jbmdhrbw.ini
C:\WINDOWS\system32\kioqvlda.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ocgywdka.ini
C:\WINDOWS\system32\qsbfqxfk.ini
C:\WINDOWS\system32\scucdhht.ini
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\ufewktik.ini
C:\WINDOWS\system32\vdoeqjxm.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.
2008-01-11 15:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 14:19 . 2008-01-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 14:19 . 2008-01-11 14:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 12:24 . 2008-01-11 12:24 <REP> d-------- C:\WINDOWS\LastGood
2007-12-30 08:58 . 2007-12-30 08:58 <REP> d-------- C:\Program Files\Java
2007-12-30 08:58 . 2007-12-30 08:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-30 08:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-28 21:07 . 2007-12-28 21:07 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-28 20:48 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-12-28 20:48 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-12-28 20:48 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-12-28 20:48 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-12-28 20:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-28 20:48 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-12-28 20:48 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-12-28 20:48 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-12-28 20:47 . 2005-02-12 17:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2007-12-28 20:47 . 2005-01-17 17:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
2007-12-28 20:47 . 2006-08-16 08:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
2007-12-28 20:47 . 2005-02-05 17:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2007-12-28 20:47 . 2005-02-22 10:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
2007-12-28 20:47 . 2005-02-12 17:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2007-12-28 20:47 . 2005-02-12 17:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2007-12-28 10:50 . 2007-12-28 13:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-27 18:28 . 2007-12-27 18:28 272 --a------ C:\WINDOWS\_delis32.ini
2007-12-24 21:09 . 2007-12-24 21:29 316 --a------ C:\Clara Morgane Videosexe-Fr - Amateurs - Amatrice Francaise Avec Son Copain, Casting Pour Film Xxx - Porno Sexe Bite Vagin Fellation Pipe Sperme Anus Sodomie.amv
2007-12-24 21:07 . 2007-12-24 21:31 28,591,698 --a------ C:\Clara morgane et laure sinclair - 07 - Sex orgy bukkake snowball snuff a2m hardcore like max buttman r.amv
2007-12-24 20:05 . 2008-01-11 15:11 <REP> d-------- C:\Documents and Settings\en cas de probelme\.limewire
2007-12-24 13:18 . 2007-12-24 13:18 57,856 --a------ C:\fjrnkqwn.exe
2007-12-24 13:18 . 2007-12-24 13:18 2 --a------ C:\1754948180
2007-12-23 12:58 . 2008-01-03 10:58 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-23 12:58 . 2007-12-23 12:58 <REP> d-------- C:\Documents and Settings\en cas de probelme\Application Data\PC Tools
2007-12-23 12:58 . 2007-12-23 13:03 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-23 12:58 . 2007-12-23 13:03 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-23 12:58 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 12:58 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 12:57 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-22 08:14 . 2008-01-11 14:48 <REP> d-------- C:\Program Files\IntelligentAdvisor
2007-12-21 16:08 . 2001-07-13 13:56 14,976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2007-12-21 16:08 . 1997-02-08 17:11 13,312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2007-12-21 16:07 . 2005-11-26 19:45 2,799 --a------ C:\WINDOWS\SKLANG.INI
2007-12-21 15:24 . 2007-12-21 15:24 77 --a------ C:\Documents and Settings\en cas de probelme\8800.bat
2007-12-20 18:53 . 2007-12-28 11:38 <REP> d-------- C:\Program Files\HTV
2007-12-19 19:15 . 2007-12-19 19:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-19 19:12 . 2007-12-19 19:12 134 --a------ C:\n.bat
2007-12-19 19:10 . 2008-01-03 10:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 18:55 . 2007-12-28 11:35 <REP> d-------- C:\Program Files\BPK
2007-12-14 11:27 . 2007-12-14 11:27 309,760 --a------ C:\WINDOWS\system32\dyelrxd.exe~
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-29 22:24 472 --sha-w C:\WINDOWS\Vm90cmUgbm9tIGQndXRpbGlzYXRldXI\pA6XwAo0vA6QK3kBxrlDv35Wsrl5xrK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2E32BF3-D539-423B-8F8B-85538397870C}]
C:\Program Files\MSN Gaming Zone\mefotyjyd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2006-10-04 14:34 315436]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 20:15 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VWLP Agent"="C:\WINDOWS\28463\VWLP.exe" [ ]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 05:28 9728]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
C:\Documents and Settings\en cas de probelme\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 08:56:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveLog]
C:\DOCUME~1\ENCASD~1\APPLIC~1\BIASVC~1\Long Play.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvMon.exe]
--------- 2004-09-22 03:53 53248 C:\WINDOWS\system32\DrvMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2006-01-29 09:22 200747 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 10:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-11-02 17:24 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2004-08-19 07:00]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 07:00]
S3 idrmkl;idrmkl;C:\DOCUME~1\ENCASD~1\LOCALS~1\Temp\idrmkl.sys []
S3 PsShutdownSvc;PsShutdown;C:\WINDOWS\System32\PSSDNSVC.EXE [2005-10-24 06:59]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 04:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64aa9ff4-06b5-11db-9434-00142a4c83ab}]
\Shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 20:00:03 C:\WINDOWS\Tasks\9B78AE5994D37955.job"
- c:\docume~1\encasd~1\applic~1\biasvc~1\LOGO BOWS THUNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:52:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 15:55:32
ComboFix-quarantined-files.txt 2008-01-11 20:55:29
.
2007-12-22 17:50:16 --- E O F ---
Re Cyril_lol
...Le Sioux est au boulot cette nuit / ok
Il te reprendra demain
Pour faire avancer la situation :
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) , ( maxi 3 )
C:\WINDOWS\system32\dkqvwdxq.dll
C:\WINDOWS\system32\fccndhun.dll
C:\WINDOWS\system32\kfxqfbsq.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
Refait la meme chose que ci dessus avec :
C:\WINDOWS\system32\wvuvsqq.dll
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis / STP
Bonne réception
...Le Sioux est au boulot cette nuit / ok
Il te reprendra demain
Pour faire avancer la situation :
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) , ( maxi 3 )
C:\WINDOWS\system32\dkqvwdxq.dll
C:\WINDOWS\system32\fccndhun.dll
C:\WINDOWS\system32\kfxqfbsq.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
Refait la meme chose que ci dessus avec :
C:\WINDOWS\system32\wvuvsqq.dll
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis / STP
Bonne réception
Bonjour,
tu es bien infecté.
Fixe les lignes:
Je me renseigne sur les démarches à suivre.
tu es bien infecté.
Fixe les lignes:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E2E32BF3-D539-423B-8F8B-85538397870C} - C:\Program Files\MSN Gaming Zone\mefotyjyd.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [DriveLog] C:\DOCUME~1\ENCASD~1\APPLIC~1\BIASVC~1\Long Play.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mvr4l99q1.dll (file missing)
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll
O20 - Winlogon Notify: wvuvsqq - C:\WINDOWS\SYSTEM32\wvuvsqq.dllFais un scan en ligne BitDefender à partir d'IE: https://www.bitdefender.com/toolbox/
Je me renseigne sur les démarches à suivre.
