Pc très lent + page explorer qui s'ouvre seul
Dernière réponse : dans Sécurité
Bonsoir à tous,
Voilà mon problème, tout est dans le titre, mon pc est extremement lent ! (Je navigue via Mozilla) et des pages d'explorer s'ouvre parfois.
Merci d'avance pour votre aide.
Voici un scan hijack this pour vous aider :
Voilà mon problème, tout est dans le titre, mon pc est extremement lent ! (Je navigue via Mozilla) et des pages d'explorer s'ouvre parfois.
Merci d'avance pour votre aide.
Voici un scan hijack this pour vous aider :
Spoiler
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:41, on 16/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Ysedia.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Younglord\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WahOO] "C:\Documents and Settings\Younglord\Local Settings\Application Data\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
O4 - HKCU\..\Run: [Vdulaz] rundll32.exe "C:\WINDOWS\sxclbdf.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1060284298-1844823847-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra button: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra 'Tools' menuitem: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker Xtrem - {16C77156-1AFC-46AC-9CCE-CE236C0E0577} - C:\Microgaming\Poker\PokerXtremfrMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
--
End of file - 9510 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:41, on 16/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Ysedia.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Younglord\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WahOO] "C:\Documents and Settings\Younglord\Local Settings\Application Data\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
O4 - HKCU\..\Run: [Vdulaz] rundll32.exe "C:\WINDOWS\sxclbdf.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1060284298-1844823847-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra button: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra 'Tools' menuitem: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker Xtrem - {16C77156-1AFC-46AC-9CCE-CE236C0E0577} - C:\Microgaming\Poker\PokerXtremfrMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
--
End of file - 9510 bytes
Autres pages sur : tres lent page explorer ouvre seul
Lassé par la pub ? Créez un compte
Bonjour,
Suis la procédure suivante et poste le rapport :
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
Merci beaucoup pour ta rapidité.
J'ai suivi le lien, et pendant le scan, mon ordi s'est mis à redémarrer seul.
J'ai donc, comme conseillé dans le tuto, télécharger et mis en route rkill (en cas d'empechement de fonction du malware) dont voici le rapport :
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 16/04/2011 at 21:29:03.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\WINDOWS\system32\grpconv.exe
Rkill completed on 16/04/2011 at 21:29:16.
EDIT : petite précision, pendant le scan des infections avaient trouvés avec le malware. Dois je retenter de relancer Malwarebyte ?? En mode sans échec ??
J'ai suivi le lien, et pendant le scan, mon ordi s'est mis à redémarrer seul.
J'ai donc, comme conseillé dans le tuto, télécharger et mis en route rkill (en cas d'empechement de fonction du malware) dont voici le rapport :
Citation :
This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 16/04/2011 at 21:29:03.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\WINDOWS\system32\grpconv.exe
Rkill completed on 16/04/2011 at 21:29:16.
EDIT : petite précision, pendant le scan des infections avaient trouvés avec le malware. Dois je retenter de relancer Malwarebyte ?? En mode sans échec ??
Le scan s'est bien déroulé.
Voici le rapport :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6375
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16/04/2011 22:58:37
mbam-log-2011-04-16 (22-58-37).txt
Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 277439
Temps écoulé: 1 heure(s), 3 minute(s), 4 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> 936 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChilipokerFR (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan.fr (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vdulaz (Trojan.Hiloti) -> Value: Vdulaz -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ESKOMO9JO (Trojan.Downloader) -> Value: 0ESKOMO9JO -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycl.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yco.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yct.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\ocxrsemanw.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\everest poker.fr.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\chilipoker.fr\_setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\Titan.fr\_setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\program files\microsoft games for windows - live\Client\GFWLive.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058091.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Voici le rapport :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6375
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16/04/2011 22:58:37
mbam-log-2011-04-16 (22-58-37).txt
Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 277439
Temps écoulé: 1 heure(s), 3 minute(s), 4 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> 936 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChilipokerFR (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan.fr (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vdulaz (Trojan.Hiloti) -> Value: Vdulaz -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ESKOMO9JO (Trojan.Downloader) -> Value: 0ESKOMO9JO -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycl.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yco.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yct.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\ocxrsemanw.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\everest poker.fr.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\chilipoker.fr\_setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\Titan.fr\_setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\program files\microsoft games for windows - live\Client\GFWLive.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058091.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
1/
Télécharge et installe CCleaner.
Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
2/
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
==Prévention==
Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
Clique, dans ton premier message, sur le bouton Editer ![]()
.
Ajoute la mention [Résolu] devant le titre.
Clique ensuite sur Valider votre message.
![;)]( ";)")
2/
==Prévention==
Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
.
Lassé par la pub ? Créez un compte
