utilisation constante de l'UC à 100% Fermé

Question

Bonjour, je viens de rentrer de voyage et j'ai remarqué que mon UC est à 100 % alors qu'avant elle ne dépassait même pas les 10 % sans aucun programmes ouverts. J'ai fait des analyses avec Malware byte et j'ai trouvé 74 virus malgré ça toujours le même problème si vous avez quelques solutions miracle, je suis preneur.





Configuration: Windows XP / Firefox 3.6.3

jacques.gache · Answer

bonjour, il aurait été bein ne nous mettre le rapport de malwarebytes , si tu pouvais le poster , merci 


. double-cliques sur l'icône de malwarebytes pour l'ouvrir 
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

tikii · Answer

Merci d'avoir répondu rapidement, alors voila le compte rendu :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

13/06/2010 22:09:49
mbam-log-2010-06-13 (22-09-49).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 297285
Temps écoulé: 5 heure(s), 28 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{816ccf14-713e-44b0-9b5a-9c12c5f458cf} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{816ccf14-713e-44b0-9b5a-9c12c5f458cf} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90469648-36a7-4e65-b202-548e50b81560} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayeresources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\wyjihu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\wyjihu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\wyjihu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\zgbgtotf_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\zgbgtotf_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\zgbgtotf.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\Program Files\P2P_Torrent	bP2P0.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Bureau\Bureau\NFSU 2\Crack\crack\EA Keygen.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayeresources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
vs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	askkill.com (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	asklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	racert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

tikii · Answer

Merci de ta réponse, je vais faire ça tout de suite!^^

tikii · Answer

Voici le lien info:
http://www.cijoint.fr/cjlink.php?file=cj201006/cijM9YXB9h.txt

tikii · Answer

Et voilà le lien log: 
http://www.cijoint.fr/cjlink.php?file=cj201006/cij7nw69v0.txt

Merci encore pour ton aide!^^

tikii · Answer

Ok merci beaucoup et bonne nuit alors.

tikii · Answer

Euh non désolé, ça doit être lié à internet je pense.^^

tikii · Answer

Voilà le rapport Ad-remover >>>>>

======= RAPPORT D'AD-REMOVER 2.0.0.1,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 13/06/10 à 20:40
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 00:09:21 le 14/06/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
HP_Propriétaire, SPLINTER ( ) 
 
============== ACTION(S) ==============


0,Fichier supprimé: C:\Program Files\Mozilla FireFox\plugins\NPAskSBr.dll
0,Fichier supprimé: C:\Program Files\Mozilla FireFoxegxpcom.exe
0,Dossier supprimé: C:\Program Files\AskSBar
0,Dossier supprimé: C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Conduit
0,Dossier supprimé: C:\Program Files\Conduit
0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\GamesBar
0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar
0,Dossier supprimé: C:\Program Files\GamesBar
0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox
0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
3,Fichier supprimé: C:\WINDOWS\Installer\2f8b74.msi  

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
1,Clé supprimée: HKLM\Software\Classes\Interface\{2E194B1B-87C9-59A8-0CF4-3AE44A06DA1F}
1,Clé supprimée: HKLM\Software\Classes\Interface\{8EE8D862-C866-C104-4964-8CD062B2A7F5}
1,Clé supprimée: HKLM\Software\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
1,Clé supprimée: HKLM\Software\Classes\Interface\{C8C038A1-9D2C-40AC-6D03-9ED96B02AF42}
1,Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
0,Clé supprimée: HKLM\Software\Conduit
0,Clé supprimée: HKLM\Software\GamesBar
0,Clé supprimée: HKLM\Software\GamesBarSetup
0,Clé supprimée: HKCU\Software\Conduit
0,Clé supprimée: HKCU\Software\GamesBar
0,Clé supprimée: HKCU\Software\Lanconfig
0,Clé supprimée: HKCU\Software\WebMediaPlayer
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gamesbar
0,Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
0,Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
0,Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OBget.exe

0,Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.3 (fr)] **

-- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\0fyqvomh.default\User.js --
keyword.URL, hxxp://redirecterror.sfr.fr/?q=

-- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\0fyqvomh.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\HP_Propriétaire\Bureau
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://redirecterror.sfr.fr/?q=
privacy.popups.showBrowserMessage, false

-- C:\Documents and Settings\Invité\Application Data\Mozilla\FireFox\Profiles\l7rfu7iu.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.0.5

========================================

** Internet Explorer Version [7.0.5730.11] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 1499 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 5717 Octet(s)

Fin à: 00:27:59, 14/06/2010 
 
============== E.O.F ==============

tikii · Answer

Bonjour, alors j'ai laissé tourné l'ordi toute la nuit et voilà le rapport -->

http://www.cijoint.fr/cjlink.php?file=cj201006/cij1Gf498n.txt

tikii · Answer

Voilà le compte rendu Kill'em :

http://www.cijoint.fr/cjlink.php?file=cj201006/cijUUKUMmg.txt

tikii · Answer

Bonjour, je vais faire tout de suite ce que tu m'as dit et merci encore!^^

tikii · Answer

Le rapport USB fix :

############################## | Usbfix 7.009 | [Suppression]

Utilisateur: HP_Propriétaire (Administrateur) # SPLINTER [ ]
Mis à jour le 12/06/10 par El Desaparecido / C_XX
Lancé à 18:52:24 | 14/06/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Turion(tm) 64 Mobile Technology MT-32
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.11

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated]
Firewall: Norton Internet Worm Protection 2006 [(!) Disabled]
RAM -> 958 Mo 
C:\ (%systemdrive%) -> Disque fixe # 181 Go (28 Go libre(s) - 15%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 6 Go (653 Mo libre(s) - 11%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
M:\ -> Disque amovible # 10 Mo (7 Mo libre(s) - 69%) [] # FAT

################## | Éléments infectieux |

Supprimé! C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~1E.tmp
Supprimé! D:\Autorun.inf
Supprimé! C:\Recycler\S-1-5-21-1645522239-764733703-725345543-1003
Supprimé! C:\Recycler\S-1-5-21-2016511917-3123864877-326539889-1008
Supprimé! C:\Recycler\S-1-5-21-2016511917-3123864877-326539889-501

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{a3f1a2ea-a50c-11de-8da6-0015f2f0959e}

################## | Listing |

[15/08/2009 - 01:37:30 | D ] 	C:\5c654c441985526d4e3a993586
[15/03/2009 - 01:14:10 | D ] 	C:\8bad312a751a3a4afe133371
[19/11/2006 - 01:15:43 | D ] 	C:\95e5d8360acec6dac59588234b92
[14/06/2010 - 00:28:00 | A | 5943] 	C:\Ad-Report-CLEAN[1].txt
[14/06/2010 - 09:33:05 | A | 4] 	C:\AUTOEXEC.BAT
[22/04/2009 - 19:29:11 | RSH | 310] 	C:\boot.ini
[04/08/2004 - 23:00:00 | RASH | 4952] 	C:\Bootfont.bin
[20/06/2006 - 19:19:46 | RSHD ] 	C:\cmdcons
[04/08/2004 - 23:00:00 | RSH | 263488] 	C:\cmldr
[12/02/2010 - 15:34:25 | A | 186] 	C:\common.ini
[14/06/2010 - 14:37:08 | HD ] 	C:\Config.Msi
[23/11/2004 - 09:21:48 | A | 0] 	C:\CONFIG.SYS
[29/08/2009 - 17:45:07 | D ] 	C:\Dev-Cpp
[15/02/2010 - 02:29:40 | D ] 	C:\Documents and Settings
[01/04/2010 - 22:57:40 | D ] 	C:\Downloads
[03/06/2008 - 19:54:31 | D ] 	C:\enable Encore
[21/05/2010 - 23:33:53 | D ] 	C:\gPotato.eu
[14/06/2010 - 14:17:19 | ASH | 1005113344] 	C:\hiberfil.sys
[22/07/2007 - 14:18:36 | AHD ] 	C:\hp
[27/02/2006 - 23:08:22 | D ] 	C:\i386
[23/11/2004 - 09:21:48 | RASH | 0] 	C:\IO.SYS
[01/07/2006 - 16:56:08 | AH | 636] 	C:\IPH.PH
[14/06/2010 - 09:16:08 | D ] 	C:\Kill'em
[01/12/2007 - 12:00:37 | D ] 	C:\Lexmark
[14/06/2010 - 08:11:23 | A | 33647] 	C:\List'em.txt
[14/05/2008 - 20:42:32 | D ] 	C:\Logs
[11/03/2010 - 04:03:47 | A | 156] 	C:\lxcr.log
[07/06/2010 - 18:48:36 | A | 15792] 	C:\lxcrscan.log
[29/12/2009 - 16:03:45 | D ] 	C:\MFT 14870
[25/04/2008 - 18:27:11 | D ] 	C:\MMFusion
[23/11/2004 - 09:21:48 | RASH | 0] 	C:\MSDOS.SYS
[23/09/2006 - 18:53:53 | D ] 	C:\NFSMWDemo
[06/05/1999 - 12:59:00 | A | 220172] 	C:
sh15B.tmp
[04/08/2004 - 23:00:00 | RASH | 47564] 	C:\NTDETECT.COM
[17/05/2009 - 17:38:37 | RASH | 252240] 	C:
tldr
[14/06/2010 - 14:17:16 | ASH | 1509949440] 	C:\pagefile.sys
[14/06/2010 - 17:19:55 | D ] 	C:\Program Files
[27/02/2006 - 22:59:45 | HD ] 	C:\Python22
[14/06/2010 - 19:10:45 | SHD ] 	C:\RECYCLER
[17/04/2010 - 10:24:17 | D ] 	C:\Remote Programs
[13/06/2010 - 23:43:07 | D ] 	C:sit
[14/06/2010 - 14:25:43 | D ] 	C:\Softendo
[08/09/2009 - 12:44:57 | AH | 268] 	C:\sqmdata00.sqm
[09/09/2009 - 12:02:57 | AH | 268] 	C:\sqmdata01.sqm
[10/09/2009 - 13:07:41 | AH | 268] 	C:\sqmdata02.sqm
[11/09/2009 - 11:55:12 | AH | 268] 	C:\sqmdata03.sqm
[12/09/2009 - 12:15:19 | AH | 268] 	C:\sqmdata04.sqm
[13/09/2009 - 09:14:08 | AH | 268] 	C:\sqmdata05.sqm
[14/09/2009 - 00:54:18 | AH | 268] 	C:\sqmdata06.sqm
[14/09/2009 - 10:33:50 | AH | 268] 	C:\sqmdata07.sqm
[15/09/2009 - 13:07:09 | AH | 268] 	C:\sqmdata08.sqm
[16/09/2009 - 10:59:31 | AH | 268] 	C:\sqmdata09.sqm
[17/09/2009 - 10:39:14 | AH | 268] 	C:\sqmdata10.sqm
[18/09/2009 - 11:25:49 | AH | 268] 	C:\sqmdata11.sqm
[19/09/2009 - 11:25:38 | AH | 268] 	C:\sqmdata12.sqm
[03/09/2009 - 13:28:14 | AH | 268] 	C:\sqmdata13.sqm
[04/09/2009 - 12:48:15 | AH | 268] 	C:\sqmdata14.sqm
[05/09/2009 - 12:49:03 | AH | 268] 	C:\sqmdata15.sqm
[05/09/2009 - 23:56:16 | AH | 268] 	C:\sqmdata16.sqm
[06/09/2009 - 14:16:28 | AH | 268] 	C:\sqmdata17.sqm
[06/09/2009 - 15:16:12 | AH | 268] 	C:\sqmdata18.sqm
[07/09/2009 - 12:00:33 | AH | 268] 	C:\sqmdata19.sqm
[08/09/2009 - 12:44:57 | AH | 244] 	C:\sqmnoopt00.sqm
[09/09/2009 - 12:02:57 | AH | 244] 	C:\sqmnoopt01.sqm
[10/09/2009 - 13:07:41 | AH | 244] 	C:\sqmnoopt02.sqm
[11/09/2009 - 11:55:12 | AH | 244] 	C:\sqmnoopt03.sqm
[12/09/2009 - 12:15:19 | AH | 244] 	C:\sqmnoopt04.sqm
[13/09/2009 - 09:14:08 | AH | 244] 	C:\sqmnoopt05.sqm
[14/09/2009 - 00:54:17 | AH | 244] 	C:\sqmnoopt06.sqm
[14/09/2009 - 10:33:50 | AH | 244] 	C:\sqmnoopt07.sqm
[15/09/2009 - 13:07:09 | AH | 244] 	C:\sqmnoopt08.sqm
[16/09/2009 - 10:59:31 | AH | 244] 	C:\sqmnoopt09.sqm
[17/09/2009 - 10:39:14 | AH | 244] 	C:\sqmnoopt10.sqm
[18/09/2009 - 11:25:49 | AH | 244] 	C:\sqmnoopt11.sqm
[19/09/2009 - 11:25:38 | AH | 244] 	C:\sqmnoopt12.sqm
[03/09/2009 - 13:28:14 | AH | 244] 	C:\sqmnoopt13.sqm
[04/09/2009 - 12:48:15 | AH | 244] 	C:\sqmnoopt14.sqm
[05/09/2009 - 12:49:03 | AH | 244] 	C:\sqmnoopt15.sqm
[05/09/2009 - 23:56:16 | AH | 244] 	C:\sqmnoopt16.sqm
[06/09/2009 - 14:16:28 | AH | 244] 	C:\sqmnoopt17.sqm
[06/09/2009 - 15:16:12 | AH | 244] 	C:\sqmnoopt18.sqm
[07/09/2009 - 12:00:33 | AH | 244] 	C:\sqmnoopt19.sqm
[16/06/2008 - 17:53:41 | SHD ] 	C:\System Volume Information
[27/02/2006 - 22:59:21 | HD ] 	C:\system.sav
[29/08/2009 - 17:55:42 | D ] 	C:\Temp
[14/06/2010 - 19:10:46 | D ] 	C:\UsbFix
[14/06/2010 - 19:10:46 | A | 1271] 	C:\Usbfix.txt
[14/06/2010 - 18:51:48 | AD ] 	C:\WINDOWS
[27/07/2001 - 15:07:38 | SH | 0] 	D:\AUTOEXEC.BAT
[09/01/2002 - 18:52:30 | SH | 244] 	D:\BOOT.INI
[10/12/2005 - 03:00:14 | SHD ] 	D:\cmdcons
[16/08/2001 - 18:26:26 | SH | 237728] 	D:\CMLDR
[28/07/2001 - 06:07:38 | SH | 0] 	D:\CONFIG.SYS
[25/05/2005 - 03:48:26 | SH | 102] 	D:\Desktop.ini
[10/09/2002 - 09:21:08 | SH | 7850] 	D:\Folder.htt
[17/06/2001 - 16:31:08 | SH | 0] 	D:\GRAPH
[25/01/2002 - 09:21:24 | SH | 0] 	D:\GRAPH16
[30/11/2004 - 04:01:50 | SH | 73728] 	D:\Info.exe
[28/07/2001 - 06:07:38 | SH | 0] 	D:\IO.SYS
[19/01/2006 - 08:06:14 | ASHD ] 	D:\MiniNT
[28/07/2001 - 06:07:38 | SH | 0] 	D:\MSDOS.SYS
[25/07/2001 - 22:00:00 | SH | 45124] 	D:\NTDETECT.COM
[25/07/2001 - 22:00:00 | SH | 222880] 	D:\NTLDR
[10/12/2005 - 06:02:48 | SHD ] 	D:\PRELOAD
[10/09/2002 - 06:58:12 | SH | 181616] 	D:\protect.ed
[27/02/2006 - 23:05:30 | SH | 36] 	D:\SAVEFILE.DIR
[08/02/2002 - 08:44:24 | SH | 88038] 	D:\Warning.bmp
[27/02/2006 - 23:06:12 | SHD ] 	D:\I386
[27/02/2006 - 23:09:30 | SHD ] 	D:\HP
[27/02/2006 - 23:10:44 | SHD ] 	D:\TOOLS
[15/07/2006 - 14:48:18 | SH | 1328] 	D:\MASTER.LOG
[17/08/2001 - 07:32:24 | SH | 0] 	D:\NTFS
[23/05/2001 - 20:19:06 | SH | 0] 	D:\SVGA
[18/08/2001 - 07:00:00 | SH | 10] 	D:\WIN51
[22/01/2001 - 06:00:00 | SH | 11] 	D:\WIN51.B2
[25/07/2001 - 07:00:00 | SH | 11] 	D:\WIN51.RC1
[25/07/2001 - 12:47:04 | SH | 11] 	D:\WIN51.RC2
[18/08/2001 - 07:00:00 | SH | 10] 	D:\WIN51IC
[20/03/2001 - 06:00:00 | SH | 11] 	D:\WIN51IC.B2
[25/07/2001 - 07:00:00 | SH | 11] 	D:\WIN51IC.RC1
[25/07/2001 - 07:00:00 | SH | 11] 	D:\WIN51IC.RC2
[17/08/2001 - 07:00:00 | SH | 10] 	D:\WIN51IP
[22/01/2001 - 06:00:00 | SH | 11] 	D:\WIN51IP.B2
[25/07/2001 - 12:47:04 | SH | 11] 	D:\WIN51IP.RC2
[17/08/2001 - 05:17:02 | SH | 184] 	D:\WINBOM.INI
[27/02/2006 - 23:31:30 | SH | 6] 	D:\BLOCK.RIN
[27/02/2006 - 23:34:58 | SH | 0] 	D:\USER
[27/02/2006 - 23:35:00 | RD ] 	D:\Réinstallation Système
[03/09/2007 - 23:56:20 | D ] 	D:\Remote Programs
[20/06/2006 - 18:37:48 | SHD ] 	D:\System Volume Information
[20/06/2006 - 20:16:08 | SHD ] 	D:\Recycled
[15/07/2006 - 14:48:30 | RSH | 26] 	D:\RCBoot.sys
[02/01/2007 - 07:16:38 | D ] 	M:\Audios
[01/01/2007 - 00:00:12 | D ] 	M:\Images
[01/01/2007 - 00:00:12 | D ] 	M:\Videos
[01/01/2007 - 00:00:14 | D ] 	M:\Creation
[01/01/2007 - 00:00:14 | D ] 	M:\Received
[01/01/2007 - 00:00:14 | RASHD ] 	M:\Java
[01/01/2007 - 00:00:38 | HD ] 	M:\email
[01/01/2007 - 00:00:38 | D ] 	M:\Imps
[01/01/2007 - 00:01:04 | HD ] 	M:\mms
[01/01/2007 - 00:01:18 | HD ] 	M:\SMSArch
[22/01/2007 - 23:16:40 | HD ] 	M:\brs
[22/01/2007 - 23:18:10 | HD ] 	M:\download

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
M:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_SPLINTER.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

tikii · Answer

Et voilà le rapport Smitfraudfix :

SmitFraudFix v2.424

Rapport fait à 19:33:53,06, 14/06/2010
Executé à partir de C:\Program Files\RocketDock\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri'taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri'taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\Userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: D-Link Wireless G DWA-510 Desktop Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: D-Link Wireless G DWA-510 Desktop Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E56885A-3172-46CB-8126-0283C892503B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{636A7A43-026D-4C1D-BAA3-F2BB5E6B5B67}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E56885A-3172-46CB-8126-0283C892503B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{636A7A43-026D-4C1D-BAA3-F2BB5E6B5B67}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1E56885A-3172-46CB-8126-0283C892503B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{636A7A43-026D-4C1D-BAA3-F2BB5E6B5B67}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D846CF15-235B-4640-8045-CD8956045F76}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisation constante de l'UC à 100%

13 réponses

Discussions similaires