| Auteur |
Message |
Neurone isolé
Messages: 4
Tutoriaux : 0
|
 Posté le:
Ven 09 Mai 2008 11:22 Sujet : Mon PC marche au ralenti |
   |
Bonjour à tous,
Alors voila, j'ai un problème car depuis quelques temps, mon oc fonctionne au ralenti. Cela se
traduit par des lancements interminables pour les logiciels, la musique se lit au ralenti,... et la
souris bloque de temps en temps. Lorsque je restaure à l'état initial, ca remarche bien, mais dès
que je redémarre le pc, ca se remet au ralenti. Je pense donc peut etre avoir un virus. J'ai fait la
procédure donnée dans ce form et voici les réponses :
main.txt :
Deckard's System Scanner v20071014.68
Run by Geoffroy PERTHUIS on 2008-05-09 11:12:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
38: 2008-05-09 09:12:25 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2008-05-01 14:44:04 UTC - RP37 - Point de vérification système
36: 2008-04-27 18:56:21 UTC - RP36 - Point de vérification système
35: 2008-04-25 17:14:12 UTC - RP35 - Point de vérification système
34: 2008-04-18 19:03:40 UTC - RP34 - Installé Java(TM) 6 Update 5
-- First Restore Point --
1: 2008-03-19 23:43:01 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Geoffroy PERTHUIS.exe) -----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:20, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\LAUNCH~1\LManager.exe
E:\Program Files\Softwin\BitDefender10\bdagent.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\DOCUME~1\GEOFFR~1\LOCALS~1\Temp\RtkBtMnt.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Documents and Settings\Geoffroy PERTHUIS\Bureau\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\Geoffroy PERTHUIS.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program
Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] E:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] E:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "E:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5504E7F4-5AB3-4508-859E-846A471E6C8F}: NameServer =
194.2.0.50,194.2.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{5504E7F4-5AB3-4508-859E-846A471E6C8F}: NameServer =
194.2.0.50,194.2.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{5504E7F4-5AB3-4508-859E-846A471E6C8F}: NameServer =
194.2.0.50,194.2.0.20
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Fichiers
communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple
Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers
communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program
Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program
Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Fichiers
communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6618 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 BDFsDrv - e:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - e:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "e:\program
files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S3 FLEXnet Licensing Service - "e:\program files\fichiers communs\macrovision shared\flexnet
publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher
(32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID:
HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025007F&REV_0900\4&5CA37AC&0&0
102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID:
HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025007F&REV_0900\4&5CA37AC&0&0
102
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Camera
Device ID: USB\VID_046D&PID_0896\5&20D0F3FF&0&4
Manufacturer:
Name: Camera
PNP Device ID: USB\VID_046D&PID_0896\5&20D0F3FF&0&4
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-03-20 15:30:54 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-04-09 and 2008-05-09 -----------------------------
2008-05-09 11:14:08 0 d-------- E:\Program Files\Trend Micro
2008-04-26 21:32:27 0 d-------- E:\Program Files\GetPDF Splitter Merger
2008-04-25 18:34:12 0 dr-h----- E:\Documents and Settings\Geoffroy PERTHUIS\Recent
2008-04-25 18:27:33 0 d-------- E:\Program Files\CCleaner
2008-04-25 18:24:59 0 d-------- E:\Program Files\RegCleaner
2008-04-25 18:12:48 0 d-------- E:\WINDOWS\pss
2008-04-25 18:00:01 0 d-------- E:\Documents and Settings\All Users\Application Data\Spybot
- Search & Destroy
2008-04-24 16:09:11 0 d-------- E:\Program Files\Fichiers communs\Control Panels
2008-04-18 22:48:00 0 d-------- E:\WINDOWS\Sun
2008-04-18 22:48:00 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Sun
2008-04-18 21:04:39 0 d-------- E:\Program Files\Java
2008-04-18 21:03:51 0 d-------- E:\Program Files\Fichiers communs\Java
-- Find3M Report ---------------------------------------------------------------
2008-05-09 11:09:44 81984 --a------ E:\WINDOWS\system32\bdod.bin
2008-05-05 07:49:52 368314 --a------ E:\WINDOWS\system32\perfh00C.dat
2008-05-05 07:49:52 49054 --a------ E:\WINDOWS\system32\perfc00C.dat
2008-04-26 22:37:10 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Adobe
2008-04-24 16:09:11 0 d-------- E:\Program Files\Fichiers communs
2008-04-24 16:07:52 0 d-------- E:\Program Files\Fichiers communs\Adobe
2008-04-04 01:13:10 0 d-------- E:\Program Files\PDFCreator
2008-04-04 01:12:33 0 d-------- E:\Program Files\Bonjour
2008-04-04 01:11:26 0 d-------- E:\Program Files\Fichiers communs\Macrovision Shared
2008-04-04 01:09:43 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\dvdcss
2008-04-04 00:07:23 1348 --a------ E:\WINDOWS\mozver.dat
2008-04-03 23:10:20 0 d-------- E:\Program Files\Winamp
2008-04-03 22:50:49 0 d-------- E:\Program Files\Call of Duty
2008-03-28 16:22:53 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Apple Computer
2008-03-24 02:05:12 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Macromedia
2008-03-22 20:19:31 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Bitdefender
2008-03-20 15:31:27 0 d-------- E:\Program Files\QuickTime
2008-03-20 15:30:52 0 d-------- E:\Program Files\Apple Software Update
2008-03-20 15:28:06 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\WinRAR
2008-03-20 15:24:08 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\vlc
2008-03-20 15:22:55 0 d-------- E:\Program Files\VideoLAN
2008-03-20 15:20:06 0 d-------- E:\Program Files\Messenger Plus! Live
2008-03-20 15:20:05 0 d-------- E:\Program Files\MSN Messenger
2008-03-20 15:06:40 0 --a------ E:\WINDOWS\nsreg.dat
2008-03-20 15:06:36 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Mozilla
2008-03-20 11:23:28 0 d-------- E:\Program Files\Windows Live
2008-03-20 11:12:58 0 d-------- E:\Program Files\DivX
2008-03-20 03:37:28 0 d-------- E:\Program Files\INFORAD
2008-03-20 03:37:27 0 d-------- E:\Program Files\INFORAD_DRIVERS
2008-03-20 03:29:07 0 d-------- E:\Program Files\Intel
2008-03-20 03:27:08 0 d-------- E:\Program Files\Launch Manager
2008-03-20 03:23:53 0 d-------- E:\Program Files\Realtek
2008-03-20 03:23:52 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-03-20 03:23:45 0 d-------- E:\Program Files\Fichiers communs\InstallShield
2008-03-20 03:21:43 0 d-------- E:\Program Files\Synaptics
2008-03-20 01:42:46 0 d-------- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Identities
2008-03-19 23:29:30 0 d-------- E:\Program Files\Fichiers communs\ODBC
2008-03-19 23:29:26 0 d-------- E:\Program Files\Fichiers communs\SpeechEngines
2008-03-19 23:28:53 62 --ahs---- E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\desktop.ini
2008-03-19 22:45:15 0 d-------- E:\Program Files\microsoft frontpage
2008-03-19 22:43:34 0 d--h----- E:\Program Files\WindowsUpdate
2008-03-19 22:43:29 0 d-------- E:\Program Files\Services en ligne
2008-03-19 22:42:29 0 d-------- E:\Program Files\Fichiers communs\MSSoap
2008-03-19 22:42:18 0 d-------- E:\Program Files\Movie Maker
2008-03-19 22:41:18 21892 --a------ E:\WINDOWS\system32\emptyregdb.dat
2008-03-19 22:40:43 0 d-------- E:\Program Files\Online Services
2008-03-19 22:40:38 0 d-------- E:\Program Files\Messenger
2008-03-19 22:40:32 0 d-------- E:\Program Files\MSN Gaming Zone
2008-03-19 22:40:21 0 d-------- E:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [21/07/2006 04:58]
"nwiz"="nwiz.exe" [21/07/2006 04:58 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [21/07/2006 04:58]
"SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/03/2006 14:07]
"RTHDCPL"="RTHDCPL.EXE" [16/08/2006 12:23 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/08/2006 12:21 E:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [16/08/2006 12:20 E:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="E:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [16/08/2006
12:20]
"LManager"="E:\PROGRA~1\LAUNCH~1\LManager.exe" [20/07/2006 23:15]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"BDMCon"="E:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="E:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007
15:49]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[22/02/2008 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [19/08/2004 17:09]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" [28/01/2008 11:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4568e970-fb6e-11
dc-b16b-0016d41a5603}]
AutoRun\command- ino6.com
explore\Command- ino6.com
open\Command- ino6.com
-- End of Deckard's System Scanner: finished at 2008-05-09 11:14:50 ------------
et extra.txt :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
CPU 1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 1022.04 MiB / 318.56 MiB
Pagefile Memory (total/avail): 2459.2 MiB / 1812.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.04 MiB
C: is Fixed (NTFS) - 58.59 GiB total, 20.65 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 90.45 GiB total, 72.11 GiB free.
\\.\PHYSICALDRIVE0 - SAMSUNG HM160HC - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 58.59 GiB - C:
\PARTITION1 - Étendu avec Inter. 13 étendue - 90.45 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AV: Bitdefender Antivirus v8.0 (Softwin)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authori
zedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re
s.dll,-22019"
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"E:\\Program Files\\MSN Messenger\\livecall.exe"="E:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Autho
rizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re
s.dll,-22019"
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN
Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"E:\\Program Files\\MSN Messenger\\livecall.exe"="E:\\Program Files\\MSN
Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"="E:\\Program
Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Geoffroy PERTHUIS\Application Data
CLASSPATH=.;E:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Fichiers communs
COMPUTERNAME=GEOFFROY
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Geoffroy PERTHUIS
LOGONSERVER=\\GEOFFROY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\GEOFFR~1\LOCALS~1\Temp
TMP=E:\DOCUME~1\GEOFFR~1\LOCALS~1\Temp
USERDOMAIN=GEOFFROY
USERNAME=Geoffroy PERTHUIS
USERPROFILE=E:\Documents and Settings\Geoffroy PERTHUIS
windir=E:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Geoffroy PERTHUIS (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
E:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> E:\Program Files\Fichiers
communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 --> E:\Program Files\Fichiers
communs\Adobe\Installers\a19d073b5af8a4cb528b246d6272563\Setup.exe
Adobe InDesign CS3 --> MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> E:\Program Files\Fichiers
communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{F168BB9D-76DA-40DE-B20B-59AA18891D07}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR --> E:\Program Files\WinRAR\uninstall.exe
BitDefender Free Edition v10 --> MsiExec.exe /I{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
Dell Photo Printer 720 --> E:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo
Printer 720
DivX --> E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
GetPDF Splitter Merger 2.01 --> "E:\Program Files\GetPDF Splitter Merger\unins000.exe"
High Definition Audio Driver Package - KB888111 -->
"E:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
INFORAD MANAGER 3.3 --> "E:\Program Files\INFORAD\unins000.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Launch Manager --> E:\WINDOWS\UnInst32.exe LManager.UNI
Messenger Plus! Live --> "E:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe
/I{9011040C-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.14) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> E:\WINDOWS\system32\nvudisp.exe UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator --> E:\Program Files\PDFCreator\unins000.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32
E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program
Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"
-l0x40c -removeonly
Spybot - Search & Destroy --> "E:\Program Files\Spybot - Search &
Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "E:\Program
Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6e --> E:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
-- Application Event Log -------------------------------------------------------
Event Record #/Type770 / Success
Event Submitted/Written: 04/25/2008 05:27:45 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type747 / Error
Event Submitted/Written: 04/22/2008 04:03:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée DLBCPSWX.EXE, version 1.0.0.0, module bloqué hungapp, version 0.0.0.0, adresse
de blocage 0x00000000.
Event Record #/Type726 / Success
Event Submitted/Written: 04/19/2008 11:42:13 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type697 / Success
Event Submitted/Written: 04/18/2008 08:15:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type682 / Success
Event Submitted/Written: 04/17/2008 07:53:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3453 / Warning
Event Submitted/Written: 05/07/2008 06:25:59 PM
Event ID/Source: 51 / Disk
Event Description:
Une erreur a été détectée sur le périphérique \Device\Harddisk0\D au cours d'une opération de
pagination.
Event Record #/Type3452 / Error
Event Submitted/Written: 05/07/2008 06:25:59 PM
Event ID/Source: 9 / atapi
Event Description:
Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai imparti.
Event Record #/Type3451 / Error
Event Submitted/Written: 05/07/2008 06:22:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service BDRsDrv n'a pas pu démarrer en raison de l'erreur :
%%2
Event Record #/Type3450 / Error
Event Submitted/Written: 05/07/2008 06:22:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service BDFsDrv n'a pas pu démarrer en raison de l'erreur :
%%2
Event Record #/Type3438 / Error
Event Submitted/Written: 05/07/2008 10:28:01 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service BDRsDrv n'a pas pu démarrer en raison de l'erreur :
%%2
-- End of Deckard's System Scanner: finished at 2008-05-09 11:14:50 ------------
Merci d'avance pour votre aide. |
|
|
   |
|
|
Messages: 2793
Tutoriaux : 0
|
| Posté le:
Dim 11 Mai 2008 10:26 Sujet : Mon PC marche au ralenti |
|
Salut à toi et bienvenue,  
j'ai détecté quelques soucis dans ta machine, on va essayer de te sortir de là. 
D'abord,
je constate ceci:
Tu n'as pas de Firewall, c'est la 1ere des protections à
installer pour un minimum de sécurité...
Le parefeu windows ne bloque QUE LES ENTREES, il ne bloque aucune sortie, ce qui fait que lorsque
l'on est infecté, toutes les infos récupérées par les éditeurs de malwares peuvent sortir en douce
sans que tu ne les apercoives, ce qui n'est pas le cas des parefeux suivants, qui bloque les entrées
ET les sorties.
Tu DOIS ABSOLUMENT installer un FIREWALL, en voila 4, gratuits
et performants :
Zone alarm, parefeu gratuit et performant :
-------------------------------------------------------------------------------
* Téléchargement de ZoneAlarm : http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?dc=12b
ms&ctry=&lang=fr
* Tutorial de configuration : http://speedweb1.free.fr/frames2.php?page=tuto1
Kerio Personnal Firewall très bon et gratuit aussi :
-----------------------------------------------------------------------------------
* Téléchargement de Kerio : http://telechargement.zebulon.fr/kerio.html
* Tutorial de configuration : http://www.vulgarisation-informatique.com/kerio.php
Jetico, que je n'ai pas testé mais dont j'ai eu de très bons échos :
----------------------------------------------------------------------------------------------------
-------
* Téléchargement de Jetico : http://www.jetico.com/download.htm
* Tutorial de configuration : http://www.malekal.com/tutorial_JeticoFirewall.php
Outpost
--------------------------
* Téléchargement d'Outpost : http://www.agnitum.com/products/outpostfree/download.php
* Tutorial de configuration : http://c.rosu.free.fr/Conf_outpost.htm
=========================================
Télécharge Malware Byte's Antimalware et installe le (assure toi qu'il se soit bien mis à jour
avant de passer à la suite).
-->source ici
* Redémarre en mode sans échec :
o Redémarre ton ordinateur
o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows
apparaisse, tapote la touche F8 (une pression par seconde).
o A la place du chargement normal de Windows, un menu avec différentes options devrait
apparaître.
o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur
"Entrée".
o Choisis ton compte.
* Lance MBAM et sélectionne "Exécuter un examen
complet". Patiente le temps du scan.
* Une fois le scan terminé,clique sur "Supprimer la
sélection".
Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Enregistre le rapport sur ton Bureau lorsqu'il s'affichera.
Poste le dans ta prochaine réponse. [/list]
========================================
ensuite,
Exécute cette manip pour faire un scan avec Combofix.développé
par sUBs.
-->source ici
Poste le rapport de C:\Combofix.txt. sur le forum. |
_________________
*** je n'ai pas la prétention de résoudre vos soucis, mais juste celle de vous aider à les résoudre
 |
|
 |
|
Neurone isolé
Messages: 4
Tutoriaux : 0
|
| Posté le:
Mar 13 Mai 2008 11:42 Sujet : Mon PC marche au ralenti |
|
Merci beaucoup Winx de t'occuper de mon problème !
J'ai de suite installé Zone alarme, comme ça c'est plus sûr.
J'ai fait les deux analyses que tu m'as demandé, et je te poste donc les rapports :
Pour Mbam :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 742
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 124788
Temps écoulé: 4 hour(s), 11 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
E:\Counter Strike\czero\overviews\cs_italy_cz.bmp (Trojan.Vundo) -> No action taken.
et pour combofix :
ComboFix 08-05-12.1 - Geoffroy PERTHUIS 2008-05-13 11:22:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.550 [GMT 2:00]
Endroit: E:\Documents and Settings\Geoffroy PERTHUIS\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-13 to 2008-05-13
))))))))))))))))))))))))))))))))))))
.
2008-05-13 11:16 . 2008-05-13
11:16 1,024 --ah----- E:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-12 10:37 . 2008-05-12 10:37 <REP> d-------- E:\Documents and Settings\Geoffroy
PERTHUIS\Application Data\Malwarebytes
2008-05-12 10:36 . 2008-05-12 10:36 <REP> d-------- E:\Program Files\Malwarebytes'
Anti-Malware
2008-05-12 10:36 . 2008-05-12 10:36 <REP> d-------- E:\Documents and Settings\All
Users\Application Data\Malwarebytes
2008-05-12 10:36 . 2008-05-05 20:46 27,048 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 10:36 . 2008-05-05 20:46 15,864 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 10:31 . 2008-05-12 10:31 <REP> d-------- E:\Documents and Settings\Geoffroy
PERTHUIS\Application Data\MailFrontier
2008-05-12 10:27 . 2008-05-13 11:25 206,880 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat
2008-05-12 10:27 . 2008-05-12 10:39 2,912 --ahs---- E:\WINDOWS\system32\drivers\fidbox.idx
2008-05-12 10:19 . 2008-05-12 15:26 <REP> d-------- E:\Documents and Settings\All
Users\Application Data\MailFrontier
2008-05-12 10:19 . 2008-05-12 15:25 4,212 ---h----- E:\WINDOWS\system32\zllictbl.dat
2008-05-12 10:17 . 2008-05-12 10:18 <REP> d-------- E:\WINDOWS\system32\ZoneLabs
2008-05-12 10:17 . 2008-05-12 10:17 <REP> d-------- E:\Program Files\Zone Labs
2008-05-12 10:17 . 2008-04-02 21:07 1,086,952 --a------ E:\WINDOWS\system32\zpeng24.dll
2008-05-12 10:17 . 2008-05-12 15:24 358,382 --a------ E:\WINDOWS\system32\vsconfig.xml
2008-05-12 10:16 . 2008-05-13 11:19 <REP> d-------- E:\WINDOWS\Internet Logs
2008-05-09 19:29 . 2008-05-09 19:29 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-05-09 19:29 . 2008-05-09 19:29 1,409 --a------ E:\WINDOWS\QTFont.for
2008-05-09 11:14 . 2008-05-09 11:14 <REP> d-------- E:\Program Files\Trend Micro
2008-05-09 11:12 . 2008-05-09 11:12 <REP> d-------- E:\Deckard
2008-04-26 21:32 . 2008-04-26 21:32 <REP> d-------- E:\Program Files\GetPDF Splitter Merger
2008-04-25 18:27 . 2008-04-25 18:27 <REP> d-------- E:\Program Files\CCleaner
2008-04-25 18:24 . 2008-04-25 18:25 <REP> d-------- E:\Program Files\RegCleaner
2008-04-25 18:00 . 2008-04-25 18:00 <REP> d-------- E:\Program Files\Spybot - Search &
Destroy
2008-04-25 18:00 . 2008-04-25 18:24 <REP> d-------- E:\Documents and Settings\All
Users\Application Data\Spybot - Search & Destroy
2008-04-24 16:09 . 2008-04-24 16:09 <REP> d-------- E:\Program Files\Fichiers communs\Control
Panels
2008-04-19 16:56 . 2008-04-19 16:56 244 --ah----- E:\sqmnoopt02.sqm
2008-04-19 16:56 . 2008-04-19 16:56 232 --ah----- E:\sqmdata02.sqm
2008-04-18 22:57 . 2004-05-14 16:53 462,848 --a------ E:\WINDOWS\system32\ltkrn13n.dll
2008-04-18 22:57 . 2004-05-14 16:53 450,560 --a------ E:\WINDOWS\system32\ltimg13n.dll
2008-04-18 22:57 . 2004-05-14 16:53 401,408 --a------ E:\WINDOWS\system32\lfcmp13n.dll
2008-04-18 22:57 . 2004-05-14 16:53 299,008 --a------ E:\WINDOWS\system32\ltdis13n.dll
2008-04-18 22:57 . 2004-01-12 02:09 206,336 --a------ E:\WINDOWS\system32\ltefx13n.dll
2008-04-18 22:57 . 2004-05-14 16:53 163,840 --a------ E:\WINDOWS\system32\ltfil13n.dll
2008-04-18 22:57 . 2003-11-04 15:10 69,632 --a------ E:\WINDOWS\system32\lfgif13n.dll
2008-04-18 22:57 . 2004-05-14 16:53 57,344 --a------ E:\WINDOWS\system32\lfbmp13n.dll
2008-04-18 22:48 . 2008-04-18 22:48 <REP> d-------- E:\WINDOWS\Sun
2008-04-18 21:06 . 2008-02-22 02:33 69,632 --a------ E:\WINDOWS\system32\javacpl.cpl
2008-04-18 21:04 . 2008-04-18 21:06 <REP> d-------- E:\Program Files\Java
2008-04-18 21:03 . 2008-04-18 21:03 <REP> d-------- E:\Program Files\Fichiers communs\Java
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M
))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 09:25 81,984 ----a-w E:\WINDOWS\system32\bdod.bin
2008-04-24 14:07 --------- d-----w E:\Program Files\Fichiers communs\Adobe
2008-04-18 21:04 --------- d-----w E:\Documents and Settings\All Users\Application Data\Messenger
Plus!
2008-04-07 08:49 --------- d-----w E:\Program Files\Fichiers communs\Softwin
2008-04-03 23:13 --------- d-----w E:\Program Files\PDFCreator
2008-04-03 23:12 --------- d-----w E:\Program Files\Bonjour
2008-04-03 23:11 --------- d-----w E:\Program Files\Fichiers communs\Macrovision Shared
2008-04-03 23:09 --------- d-----w E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\dvdcss
2008-04-03 21:10 --------- d-----w E:\Program Files\Winamp
2008-04-03 20:50 --------- d-----w E:\Program Files\Call of Duty
2008-04-02 19:08 54,672 ----a-w E:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-02 19:08 42,384 ----a-w E:\WINDOWS\zllsputility_loc040c.dll
2008-04-02 19:08 21,904 ----a-w E:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-02 19:08 17,808 ----a-w E:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-02 19:07 75,248 ----a-w E:\WINDOWS\zllsputility.exe
2008-03-28 14:22 --------- d-----w E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Apple Computer
2008-03-22 18:19 --------- d-----w E:\Documents and Settings\Geoffroy PERTHUIS\Application
Data\Bitdefender
2008-03-22 18:18 --------- d-----w E:\Program Files\Softwin
2008-03-22 18:18 --------- d-----w E:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-20 13:51 --------- d-----w E:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-20 13:31 --------- d-----w E:\Program Files\QuickTime
2008-03-20 13:31 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
Computer
2008-03-20 13:30 --------- d-----w E:\Program Files\Apple Software Update
2008-03-20 13:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
2008-03-20 13:24 --------- d-----w E:\Documents and Settings\Geoffroy PERTHUIS\Application Data\vlc
2008-03-20 13:22 --------- d-----w E:\Program Files\VideoLAN
2008-03-20 13:20 --------- d-----w E:\Program Files\MSN Messenger
2008-03-20 13:20 --------- d-----w E:\Program Files\Messenger Plus! Live
2008-03-20 09:23 --------- d-----w E:\Program Files\Windows Live
2008-03-20 09:12 --------- d-----w E:\Program Files\DivX
2008-03-20 01:37 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2008-03-20 01:37 --------- d-----w E:\Program Files\INFORAD
2008-03-20 01:29 --------- d-----w E:\Program Files\Intel
2008-03-20 01:27 --------- d-----w E:\Program Files\Launch Manager
2008-03-20 01:23 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-03-20 01:23 --------- d-----w E:\Program Files\Realtek
2008-03-20 01:23 --------- d-----w E:\Program Files\Fichiers communs\InstallShield
2008-03-20 01:21 --------- d-----w E:\Program Files\Synaptics
2008-03-19 20:45 --------- d-----w E:\Program Files\microsoft frontpage
2008-03-19 20:43 --------- d-----w E:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-07-21 04:58 7581696]
"nwiz"="nwiz.exe" [2006-07-21 04:58 1519616 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2006-07-21 04:58 86016]
"SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 14:07
761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 12:23 16248320 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 12:21 2879488 E:\WINDOWS\SkyTel.exe]
"AzMixerSel"="E:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16
12:20 53248]
"LManager"="E:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 23:15 593920]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13
385024]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDMCon"="E:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48
290816]
"BDAgent"="E:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49
69632]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[2008-02-22 04:25 144784]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[2008-04-02 21:07 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4568e970-fb6e-11
dc-b16b-0016d41a5603}]
\Shell\AutoRun\command - ino6.com
\Shell\explore\Command - ino6.com
\Shell\open\Command - ino6.com
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-20 13:30:54 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 11:25:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 11:28:08
ComboFix-quarantined-files.txt 2008-05-13 09:27:03
Pre-Run: 77,160,632,320 octets libres
Post-Run: 77,218,324,480 octets libres
149
Merci. |
|
|
|
|
|
|
|
|
| |
