Se connecter / S'enregistrer
Votre question

Pc très lent + page explorer qui s'ouvre seul

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Avril 2011 20:58:33

Bonsoir à tous,

Voilà mon problème, tout est dans le titre, mon pc est extremement lent ! (Je navigue via Mozilla) et des pages d'explorer s'ouvre parfois.

Merci d'avance pour votre aide.

Voici un scan hijack this pour vous aider :
Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:41, on 16/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Ysedia.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Younglord\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WahOO] "C:\Documents and Settings\Younglord\Local Settings\Application Data\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
O4 - HKCU\..\Run: [Vdulaz] rundll32.exe "C:\WINDOWS\sxclbdf.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1060284298-1844823847-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe
O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: ACFPoker - {b4122231-bd56-4713-96ae-c720ab3a9714} - C:\Documents and Settings\Younglord\Bureau\ACFPoker.lnk (file missing)
O9 - Extra button: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra 'Tools' menuitem: WPT Poker France - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Documents and Settings\Younglord\Bureau\WPT Poker France.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Lucky Jeux - {E5555DFC-A8BF-4c36-BD02-3DAC3D8AF94B} - C:\Documents and Settings\Younglord\Bureau\LuckyJeux Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker Xtrem - {16C77156-1AFC-46AC-9CCE-CE236C0E0577} - C:\Microgaming\Poker\PokerXtremfrMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

--
End of file - 9510 bytes

Autres pages sur : tres lent page explorer ouvre seul

16 Avril 2011 21:34:52

Merci beaucoup pour ta rapidité.

J'ai suivi le lien, et pendant le scan, mon ordi s'est mis à redémarrer seul.

J'ai donc, comme conseillé dans le tuto, télécharger et mis en route rkill (en cas d'empechement de fonction du malware) dont voici le rapport :

Citation :
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16/04/2011 at 21:29:03.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\DOCUME~1\YOUNGL~1\LOCALS~1\Temp\Ycl.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 16/04/2011 at 21:29:16.


EDIT : petite précision, pendant le scan des infections avaient trouvés avec le malware. Dois je retenter de relancer Malwarebyte ?? En mode sans échec ??
m
0
l
Contenus similaires
a c 267 8 Sécurité
a b , Internet Explorer
16 Avril 2011 22:17:22

Oui.
m
0
l
16 Avril 2011 23:05:39

Le scan s'est bien déroulé.

Voici le rapport :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6375

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/04/2011 22:58:37
mbam-log-2011-04-16 (22-58-37).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 277439
Temps écoulé: 1 heure(s), 3 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> 936 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChilipokerFR (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan.fr (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vdulaz (Trojan.Hiloti) -> Value: Vdulaz -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ESKOMO9JO (Trojan.Downloader) -> Value: 0ESKOMO9JO -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\sxclbdf.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\Ysedia.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycl.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\younglord\local settings\Temp\Ycj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yco.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Yct.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\Ycu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\local settings\Temp\ocxrsemanw.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\younglord\mes documents\téléchargements\everest poker.fr.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\chilipoker.fr\_setuppoker.exe_796e99.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Poker\Titan.fr\_setuppoker.exe_fa23ef.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\program files\microsoft games for windows - live\Client\GFWLive.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{059425a6-ed0c-47ca-95ed-8256a3756708}\RP502\A0058091.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
m
0
l
a c 267 8 Sécurité
a b , Internet Explorer
17 Avril 2011 00:26:07

  • Relance Malwarebytes' Anti-Malware, va dans Quarantaine et supprime tout.

    La situation s'est améliorée ?
    m
    0
    l
    17 Avril 2011 18:12:49

    Oui impeccable !! un grand merci à toi !

    Plus rien à faire d'autres donc?
    m
    0
    l
    a c 267 8 Sécurité
    a b , Internet Explorer
    17 Avril 2011 21:01:48

    1/

  • Télécharge et installe CCleaner.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    2/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Voici un dossier sur la prévention et sécurité sur Internet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    ;) 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS