Sujet Précédent Sujet Suivant

Ordinateur très lent

Résolu/Fermé
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010 - 11 oct. 2009 à 00:12
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010 - 5 nov. 2009 à 00:41
Bonjour, depuis peu, mon ordinateur est SUPER lent, il prend 5 mins au logo de windows quand il ouvre, il saccade les vidéos youtube en BASSE sans FULLSCREEN qualité quand avant je les regardais en HAUTE QUALITÉ + FULLSCREEN... Même windows media player saccade les chansons. Même parfois la souris est au ralentit et le texte mets 2 mins. à apparaître... Tiens il le refait :S

J'utilise : Windows XP Familial SP3
512MB de Ram
1.34 Ggz
64MB de graphique

Je sais que l'ordinateur n'est pas une bombe mais avant il fonctionnait super bien.

Merci d'avance :)

24 réponses

  • 1
  • 2
Réponse 1 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 00:17
Salut ,

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

Telecharger Hijack

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Une fois Hijack installer, exécuter le :
• Cliquer sur "Do a system scan and save a logfile"

• Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
• Faire édition / sélectionner tout
• Clic droit / copier

• Poste moi le rapport entier
2
Réponse 2 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 00:41
-> Relance HijackThis cliques sur « do a scan only »
coche les cases devant ces lignes :

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/mgusamanagerv1001.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/full/launcher/M9ActiveX.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab

Et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked".
Ferme HijackThis!


-> Tu a quoi comme Antivirus ?

~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~


Télécharger Malwarebytes

https://download.cnet.com/malwarebytes-anti-malware/windows.html?part=dl-10804572&subj=dl&tag=button

• Enregistre le sur le bureau
• Double clique sur le fichier téléchargé pour lancer le processus d’installation
• Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
• Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
• Une fois la mise à jour terminée, ferme Malwarebytes

Double-clique sur l’icône de malwarebytes pour le relancer
• Dans l’onglet, Recherche, probablement ouvert par défaut,
• Sélectionne Exécuter un examen complet
• Clique sur Rechercher
• Le scan démarre

• A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
• Clique sur Ok pour poursuivre.
• Si des malwares ont été détectés, cliques sur Afficher les résultats
• Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

• Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
• Rends toi dans l’onglet rapport/log
• Tu clique dessus pour l’afficher.
• Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
• Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
• Tu clique droit dans le cadre de la réponse et coller
1
Réponse 3 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 00:51
Installe celui la , et fait un scan après celui de Mbam

• Antivir est très facile d'emploi , il suffit de te diriger sur ce lien , et tu trouveras ton bonheur
http://www.malekal.com//tutorial_antivirold.php

1
Réponse 4 / 24
Utilisateur anonyme
11 oct. 2009 à 00:16
Diagnostic : à mon avis ta un ptit virus ou koi...
Traitement : Une petite analyse antivirus + spybot + un coup de Ccleaner et il ne peut pas sortir pendant 2 semaines LOL
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 00:24
Voilà le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:59, on 2009-10-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Real\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] E:\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.miniclip.com/games/jet-ski-racing/en/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/mgusamanagerv1001.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/full/launcher/M9ActiveX.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9f5e055f9e57c) (gupdate1c9f5e055f9e57c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\MapleStory\npkcmsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 6 / 24
valcorse
11 oct. 2009 à 00:46
quel est ton anti virus?
un ralentissement du pc est généralement un signe qu'il est infecté
0
Réponse 7 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 00:49
Bon je commence le scan de MBAM

Aucun antivirus, voilà le problème vous en avez un à me conseiller ?
0
Réponse 8 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 00:56
Ok merci, je fini les scans, et je te redonnerai des nouvelles ainsi que le rapport de MBAM.

Merci du temps consacré à m'aider, c'est vraiment gentil.
0
Réponse 9 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 00:57
Mais de rien !

0
Utilisateur anonyme
11 oct. 2009 à 02:13
XATON DIS MOI LE STP SI TU VEU PAS M'AIDER
MERCI
0
Réponse 10 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 05:06
Voilà le rapport MBAM, je commence le scan avec Avira:

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2939
Windows 5.1.2600 Service Pack 3

2009-10-10 22:24:34
mbam-log-2009-10-10 (22-24-34).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 221715
Temps écoulé: 3 hour(s), 24 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 08:34
Je pourrais avoir un rapport d'Antivir
0
Réponse 12 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 17:04
Voilà le rapport d'Antivir



Avira AntiVir Personal
Report file date: 10 octobre 2009 23:21

Scanning for 1787120 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILLE

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 14:21:42
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29/09/2009 03:18:24
ANTIVIR3.VDF : 7.1.6.95 404480 Bytes 09/10/2009 03:18:26
Engineversion : 8.2.1.35
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/10/2009 03:18:36
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 11/10/2009 03:18:36
AESCN.DLL : 8.1.2.5 127346 Bytes 11/10/2009 03:18:35
AERDL.DLL : 8.1.3.2 479604 Bytes 11/10/2009 03:18:35
AEPACK.DLL : 8.2.0.0 422261 Bytes 11/10/2009 03:18:33
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 14:59:39
AEHEUR.DLL : 8.1.0.167 2011511 Bytes 11/10/2009 03:18:32
AEHELP.DLL : 8.1.7.0 237940 Bytes 11/10/2009 03:18:29
AEGEN.DLL : 8.1.1.67 364916 Bytes 11/10/2009 03:18:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 03:18:27
AECORE.DLL : 8.1.8.1 184693 Bytes 11/10/2009 03:18:27
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: e:\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 10 octobre 2009 23:21

Starting search for hidden objects.
'68161' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ScsiAccess.EXE' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\Fichiers communs\Enterbrain\RGSS\Standard\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Netscape\Users\User00\Cache\M0QT74RD.5
[DETECTION] Contains recognition pattern of the ADSPY/Gator.K adware or spyware
C:\WINDOWS\system32\HinjectOR v4.rar
[0] Archive type: RAR
--> HinjectOR v4\HinjectOR v4.exe
[DETECTION] Is the TR/Keylogger.ZG Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
E:\Marco\Ma Musique\Amon Amarth - Bleed For Ancient Gods.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
E:\Marco\Ma Musique\Skillet - My Beautiful Rose.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
E:\Marco\Ma Musique\Sonata Artica - The End of this Chapter.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
E:\RGSS\Standard\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed

Beginning disinfection:
C:\Program Files\Netscape\Users\User00\Cache\M0QT74RD.5
[DETECTION] Contains recognition pattern of the ADSPY/Gator.K adware or spyware
[NOTE] The file was moved to '4b22c44a.qua'!
C:\WINDOWS\system32\HinjectOR v4.rar
[NOTE] The file was moved to '4b3fc483.qua'!
E:\Marco\Ma Musique\Amon Amarth - Bleed For Ancient Gods.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to '4b40c488.qua'!
E:\Marco\Ma Musique\Skillet - My Beautiful Rose.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.24 Trojan
[NOTE] The file was moved to '4b3ac486.qua'!
E:\Marco\Ma Musique\Sonata Artica - The End of this Chapter.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to '4b3fc48a.qua'!


End of the scan: 11 octobre 2009 07:40
Used time: 4:26:49 Hour(s)

The scan has been done completely.

23202 Scanned directories
704667 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
704657 Files not concerned
17282 Archives were scanned
5 Warnings
9 Notes
68161 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 13 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 17:54
Bon revenant sur ma situation, j'ai redémarrer l'ordinateur... Toujours aussi lent MAIS parfois ça revient pendant 5 minutes à la vitesse normale. Mais après le redémarrage plusieurs erreurs arrivent.

Les voilà : http://img63.imageshack.us/img63/3636/erreursmultiple.png

EDIT : Après environ 20mins l'ordinateur va à la bonne vitesse, pour l'instant c'est stable mais j'aimerais que tu m'aides avec les erreurs :)

EDIT2: En fait c'est un peu plus lent qu'avant le ralentissement mais beaucoup mieux que pendant le ralentissement.
0
Réponse 14 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
11 oct. 2009 à 19:17
Fait ceci !

~~~~~~~~~~~~~~~~> RSIT <~~~~~~~~~~~~~~~~~~~

Télécharger Random's System Information Tool (RSIT) sur le Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-cliquer sur RSIT.exe afin de lancer le programme (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur).

• Cliquer sur Continue à l'écran Disclaimer.

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autoriser l'accès dans le pare-feu, si demandé) et vous devrez accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poster le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que vous verrez dans la barre des tâches)
0
Utilisateur anonyme
11 oct. 2009 à 21:37
ok merci xaton jvai essayer
MERCI
0
Réponse 15 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
11 oct. 2009 à 23:55
---> ALTINTOP20009 : Si tu veux de l'aide fait toi un topic, désolé :)

Voilà le log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Real at 2009-10-11 17:53:10
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 853 MB (4%) free of 20 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:33, on 2009-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
E:\Avira\AntiVir Desktop\avgnt.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Real\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
E:\MapleStory\npkcmsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\RSIT.exe
E:\Real.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] E:\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Real\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [gasiuqq] "c:\documents and settings\real\local settings\application data\gasiuqq.exe" gasiuqq
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.miniclip.com/games/jet-ski-racing/en/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9f5e055f9e57c) (gupdate1c9f5e055f9e57c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - E:\MapleStory\npkcmsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 16 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
12 oct. 2009 à 18:54
Fait ceci


~~~~~~~~~~~~~~~~> Combofix <~~~~~~~~~~~~~~~~~~~

Télécharge Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tuto en image , a consulter avant d'agir :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

• Renomme le pour l’enregistrer sur ton bureau en xaton
• Double clique combofix.exe qui est devenu xaton.exe

Note
Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours avant de lancer le scan
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares

/!\ Installe bien la console de récupération /!\

• Tape sur la touche 1 (Yes) pour démarrer le scan
• Lorsque ComboFix a fini son examen, il annoncera qu'il est en train de préparer le compte rendu


Note :
Ceci peut durer un certain temps, donc surtout sois patient. Si si le Bureau Windows disparaît, ne pas s'inquiéter pas

• En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
• Un log s'ouvrira, celui ci sera sauvegarder dans C:/ Combofix

/!\ Réactiver la protection en temps réel /!\

• Copie / Colle moi le rapport présent dans C:/ Combofix
0
Réponse 17 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
12 oct. 2009 à 19:43
Ok merci, je posterai le rapport demain, je vais faire le combofix avant d'aller dormir car comme tu dis il peut être long et on est plusieurs à utilisé l'ordinateur.
0
Réponse 18 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
23 oct. 2009 à 01:41
Ok petite question à propos de XaTon.exe alias Combofix.exe, tu me dis de me déconnecter d'internet, mais dans le tutoriel il dit qu'il va se déconnecter tout seul, je fais quoi ?
0
Réponse 19 / 24
Ozland Messages postés 30 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 24 septembre 2010
23 oct. 2009 à 14:34
Voilà le rapport ComboFix:

ComboFix 09-10-21.02 - Real 2009-10-23 0:04.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.245 [GMT -4:00]
Lancé depuis: c:\documents and settings\Real\Bureau\XaTon.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Real\Application Data\inst.exe
c:\recycler\S-1-5-21-436374069-299502267-725345543-1009
c:\windows\Fonts\acrsec.fon
c:\windows\pack.epk
c:\windows\system32\clrviddc.dll
c:\windows\system32\NTSVc.ocx
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-23 au 2009-10-23 ))))))))))))))))))))))))))))))))))))
.

2009-10-22 22:58 . 2009-10-23 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 22:27 . 2009-10-22 22:28 -------- d-----w- c:\windows\4761EB82E8BD45A4B19B586FA9D1D7E6.TMP
2009-10-19 22:51 . 2009-10-19 22:51 -------- d-----w- c:\program files\SBaGen
2009-10-19 22:11 . 2009-10-19 22:11 -------- d-----w- c:\documents and settings\Real\Application Data\SharePod
2009-10-14 06:00 . 2009-08-04 17:27 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-14 06:00 . 2009-08-04 17:27 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-14 06:00 . 2009-08-04 17:28 2068096 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-13 16:41 . 2009-10-13 16:41 -------- d-sh--w- c:\documents and settings\Real\IECompatCache
2009-10-13 16:03 . 2009-10-14 17:04 -------- d-----w- c:\windows\ie8updates
2009-10-13 10:39 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-13 10:39 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 22:12 . 2009-10-12 22:12 -------- d-sh--w- c:\documents and settings\Real\PrivacIE
2009-10-12 22:01 . 2009-10-12 22:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 21:56 . 2009-10-12 21:56 -------- d-sh--w- c:\documents and settings\Real\IETldCache
2009-10-12 20:52 . 2009-10-12 20:52 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-12 20:44 . 2009-10-12 20:52 -------- dc-h--w- c:\windows\ie8
2009-10-11 21:53 . 2009-10-11 21:53 -------- d-----w- C:\rsit
2009-10-11 03:15 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-11 03:15 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-11 03:15 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-11 03:15 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-11 03:14 . 2009-10-11 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-09 22:43 . 2009-10-09 22:44 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 04:55 . 2008-10-11 22:53 -------- d-----w- c:\program files\DNA
2009-10-23 04:55 . 2008-10-11 22:53 -------- d-----w- c:\documents and settings\Real\Application Data\DNA
2009-10-22 22:37 . 2009-02-10 02:42 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-10-22 22:30 . 2009-02-27 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-10-19 22:49 . 2007-04-15 19:48 -------- d-----w- c:\documents and settings\Real\Application Data\utorrent
2009-10-17 17:59 . 2009-01-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-10-15 23:40 . 2008-04-21 23:43 -------- d-----w- c:\documents and settings\Real\Application Data\FileZilla
2009-10-14 17:19 . 2003-04-24 12:00 85354 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-14 17:19 . 2003-04-24 12:00 511248 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-14 16:28 . 2008-04-10 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-10 22:50 . 2009-02-03 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 16:44 . 2009-07-15 20:49 -------- d-----w- c:\documents and settings\Real\Application Data\Skype
2009-10-10 16:07 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\Real\Application Data\skypePM
2009-10-05 12:35 . 2009-09-03 23:47 -------- d-----w- c:\documents and settings\Real\Application Data\FrostWire
2009-09-27 19:04 . 2007-12-12 20:31 -------- d-----w- c:\documents and settings\Real\Application Data\AdobeUM
2009-09-19 22:09 . 2009-09-19 22:09 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 22:09 . 2009-09-19 22:09 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 22:08 . 2009-09-19 22:08 -------- d-----w- c:\documents and settings\Real\Application Data\TuneUp Software
2009-09-19 22:07 . 2009-09-19 22:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-19 22:06 . 2009-09-19 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-19 22:03 . 2009-09-19 22:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-11 14:18 . 2003-04-24 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-02-03 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-03 20:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 16:26 . 2008-04-09 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 21:19 . 2004-12-06 21:44 -------- d-----w- c:\program files\Google
2009-09-07 16:30 . 2009-09-07 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-04 21:04 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2004-07-07 22:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2003-04-24 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 22:48 . 2007-02-01 00:12 15440 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-08 22:37 . 2004-09-24 10:39 280352 ----a-w- c:\documents and settings\Real\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:00 . 2004-07-24 19:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:58 . 2003-04-24 12:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2002-08-29 11:42 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-04-06 19:36 . 2004-12-06 21:44 104 --sh--r- c:\windows\system32\548975A7D3.sys
2006-07-11 21:08 . 2006-07-11 21:08 8 --sh--r- c:\windows\system32\D426C53B9E.sys
2006-07-11 21:13 . 2004-12-06 21:44 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Google Update"="c:\documents and settings\Real\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-29 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 692224]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-17 2920632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-25 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SetDefPrt"="e:\brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Real\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-20 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="e:\itunes\iTunesHelper.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64801:TCP"= 64801:TCP:*:Disabled:SolidNetworkManager
"64801:UDP"= 64801:UDP:*:Disabled:SolidNetworkManager
"44405:TCP"= 44405:TCP:MU
"55901:TCP"= 55901:TCP:Mu
"58253:TCP"= 58253:TCP:Pando Media Booster
"58253:UDP"= 58253:UDP:Pando Media Booster
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"57728:TCP"= 57728:TCP:Pando Media Booster
"57728:UDP"= 57728:UDP:Pando Media Booster
"23530:TCP"= 23530:TCP:*:Disabled:SolidNetworkManager
"23530:UDP"= 23530:UDP:*:Disabled:SolidNetworkManager
"56987:TCP"= 56987:TCP:Pando Media Booster
"56987:UDP"= 56987:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\avira\AntiVir Desktop\sched.exe [2009-10-10 108289]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-07-16 1051136]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-09-19 604488]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [2003-04-24 14336]
S2 gupdate1c9f5e055f9e57c;Google Update Service (gupdate1c9f5e055f9e57c);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S3 cheetah1;cheetah1;\??\c:\documents and settings\Real\Mes documents\Marco\OK_hack_pack\Cheetah Engine\cheetah.sys --> c:\documents and settings\Real\Mes documents\Marco\OK_hack_pack\Cheetah Engine\cheetah.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 geebers12;geebers12;\??\c:\documents and settings\Real\Mes documents\Marco\Hack\nvid888.sys --> c:\documents and settings\Real\Mes documents\Marco\Hack\nvid888.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-21 27904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revolution1;Revolution1;\??\c:\documents and settings\Real\Bureau\Jeu Marco\GBhacks\SHAK3.sys --> c:\documents and settings\Real\Bureau\Jeu Marco\GBhacks\SHAK3.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\Real\Mes documents\Marco\AkumaEngine33\sejt.sys --> c:\documents and settings\Real\Mes documents\Marco\AkumaEngine33\sejt.sys [?]
S3 XDva008;XDva008;\??\c:\windows\system32\XDva008.sys --> c:\windows\system32\XDva008.sys [?]
S3 XDva009;XDva009;\??\c:\windows\system32\XDva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva042;XDva042;\??\c:\windows\system32\XDva042.sys --> c:\windows\system32\XDva042.sys [?]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva072;XDva072;\??\c:\windows\system32\XDva072.sys --> c:\windows\system32\XDva072.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
wmcmgc
wmcmgc
.
Contenu du dossier 'Tâches planifiées'

2009-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-28 16:28]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 22:00]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 22:00]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-1004Core.job
- c:\documents and settings\Real\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 05:30]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-1004UA.job
- c:\documents and settings\Real\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 05:30]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xporter vers Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
Trusted Zone: wolfteam.net
FF - ProfilePath - c:\documents and settings\Real\Application Data\Mozilla\Firefox\Profiles\7p7x44ml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.shinysearch.com/randomlogo.php?ltext=Marco<ext=Marco
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Real\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\np32asw.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npaudio.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npavi32.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPBeatSP.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npdrmv2.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npdsplay.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJava11.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJava12.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJava13.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJava14.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJava32.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPJPI142.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npnul32.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPOJI610.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\nppl3260.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\nprfxins.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\nprjplug.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\nprpjplug.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\NPSVG3.dll
FF - plugin: c:\progra~1\SYMPAT~1\COMMUN~1\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssn.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - plugin: e:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\opera\program\plugins\npdsplay.dll
FF - plugin: e:\opera\program\plugins\NPSWF32.dll
FF - plugin: e:\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19);user_pref(general.useragent.extra.zencast, .
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.CPL
AddRemove-HijackThis - E:\HijackThis.exe
AddRemove-SolidStateIONMozilla - c:\windows\system32\SolidStateNetworks\SolidStateION\soliduninstall
AddRemove-SWF & FLV Toolbox_is1 - e:\swf & flv toolbox\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 00:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-436374069-299502267-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:4f,bb,a2,a7,72,68,de,d8,3f,c3,7d,b8,1c,be,f5,1d,cb,e9,d0,07,56,
cc,7a,88,23,d9,67,80,62,dc,5b,67,fd,13,78,c4,41,d8,a9,07,c2,ef,d4,9a,f6,3b,\
"rkeysecu"=hex:ea,7f,a3,81,37,8f,c8,4c,67,90,51,4d,d0,51,61,6b
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(704)
E:\tmpIadHide3.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
e:\avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\xaton\CF5138.exe
e:\maplestory\npkcmsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\documents and settings\Real\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\xaton\PEV.cfxxe
.
**************************************************************************
.
Heure de fin: 2009-10-23 1:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-23 05:14

Avant-CF: 1 203 994 624 octets libres
Après-CF: 405 651 456 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptOut

- - End Of File - - A6370AD084659D918185D72C249544E5
0
Réponse 20 / 24
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
23 oct. 2009 à 19:54
Bien !

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

Telecharger Hijack

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Une fois Hijack installer, exécuter le :
• Cliquer sur "Do a system scan and save a logfile"

• Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
• Faire édition / sélectionner tout
• Clic droit / copier

• Poste moi le rapport entier
0

Discussions similaires

j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses
Comment taper l'arobase sur un pc hp ?
kadem -
Tatopoulosse -

5 réponses