Se connecter / S'enregistrer
Votre question

Service suspect, ordi un peu lent...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Juillet 2012 16:10:22

Bonjour aux helpers,

j'ai un petit soucis avec mon ordi, il devient long, et beug de plus en plus...

Ci-joints les rapports OTL si ça peut vous aider :

http://pjjoint.malekal.com/files.php?id=20120716_t15p7c...
http://pjjoint.malekal.com/files.php?id=20120716_j5f13e...

En espérant que mon problème soit corrigé grâce à vous!

Merci d'avance!

Autres pages sur : service suspect ordi lent

27 Juillet 2012 14:00:37

Bonjour,

Je me permets de remonter ce topic pour afficher mon rapport ComboFix :
Spoiler
ComboFix 12-07-27.03 - Simon 27/07/2012 13:36:38.1.8 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3237.1858 [GMT 2:00]
Lancé depuis: c:\users\Simon\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\AppData\Local\assembly\tmp
c:\users\Simon\AppData\Local\Temp\_MEI41842\_ctypes.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\_elementtree.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\_hashlib.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\_socket.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\_ssl.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\pyexpat.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\pysqlite2._sqlite.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\python26.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\pythoncom26.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\PyWinTypes26.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\select.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\unicodedata.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32api.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32com.shell.shell.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32crypt.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32event.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32file.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32inet.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32pdh.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\win32process.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\windows._cacheinvalidation.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._controls_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._core_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._gdi_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._html2.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._misc_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._windows_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wx._wizard.pyd
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxbase293u_net_vc.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxbase293u_vc.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxmsw293u_adv_vc.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxmsw293u_core_vc.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxmsw293u_html_vc.dll
c:\users\Simon\AppData\Local\Temp\_MEI41842\wxmsw293u_webview_vc.dll
c:\users\Simon\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Simon\AppData\Local\TempDIR
c:\users\Simon\AppData\Roaming\app
c:\users\Simon\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Simon\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\Downloaded Program Files\Install.inf
c:\windows\isRS-000.tmp
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-27 au 2012-07-27 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-27 11:48 . 2012-07-27 11:50 -------- d-----w- c:\users\Simon\AppData\Local\Temp
2012-07-27 11:46 . 2012-07-27 11:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 11:46 . 2012-07-27 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 11:39 . 2012-07-27 11:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E11F02C-3CB0-42D3-AD3D-C5537ED530A0}\offreg.dll
2012-07-27 06:41 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E11F02C-3CB0-42D3-AD3D-C5537ED530A0}\mpengine.dll
2012-07-25 12:34 . 2012-07-25 12:36 -------- d-----w- c:\users\Simon\AppData\Roaming\NetBeans
2012-07-25 12:34 . 2012-07-25 12:34 -------- d-----w- c:\users\Simon\AppData\Local\NetBeans
2012-07-25 11:45 . 2012-07-27 11:27 -------- d-----w- c:\program files\NetBeans 7.2
2012-07-16 13:34 . 2012-07-16 13:34 388096 ----a-r- c:\users\Simon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-12 01:02 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 09:11 . 2012-07-04 09:11 -------- d-----w- c:\users\Simon\AppData\Roaming\Avira
2012-07-03 11:52 . 2012-07-03 11:53 -------- d-----w- c:\users\Simon\AppData\Roaming\Audacity
2012-07-03 11:51 . 2012-07-03 11:52 -------- d-----w- c:\program files\Audacity
2012-07-02 15:16 . 2012-07-02 15:16 -------- d-----w- c:\users\Simon\AppData\Roaming\Songbird2
2012-07-02 15:16 . 2012-07-02 15:16 -------- d-----w- c:\users\Simon\AppData\Local\Songbird2
2012-07-02 10:26 . 2012-07-02 10:28 -------- d-----w- c:\users\Simon\Sauvegarde Téléphone
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 05:58 . 2012-05-05 20:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 05:58 . 2011-12-29 19:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-02-22 13:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 01:45 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:45 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:45 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:45 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:45 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:45 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 01:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 01:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-12-30 18:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 08:49 . 2012-05-29 08:49 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2012-05-29 07:38 . 2011-03-02 05:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-22 13:08 . 2012-06-05 08:23 91992 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 13:08 . 2012-05-22 13:08 104792 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 13:08 . 2012-06-05 08:23 158552 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 13:08 . 2012-05-22 13:08 135512 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 13:08 . 2012-05-22 13:08 116056 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-21 02:09 . 2012-05-30 14:23 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-05-30 14:23 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-04 17:29 . 2011-12-29 19:36 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29 . 2011-12-28 16:49 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 04:44 . 2012-06-13 04:58 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-24 15:40 . 2012-01-18 16:45 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
"chromium"="c:\users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Steam"="c:\program files\Steam\Steam.exe" [2012-05-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 176408]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]
path=c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
backup=c:\windows\pss\Microsoft SharePoint Workspace.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-21 22:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 05:58]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 11:40]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 11:40]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628648317-231270502-3179145311-1000Core.job
- c:\users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 23:39]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628648317-231270502-3179145311-1000UA.job
- c:\users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 23:39]
.
2012-07-27 c:\windows\Tasks\SyncBack Lapinodrome.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2012-01-20 14:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} - hxxps://flex.ikoula.com/activex/vmmctlax_i386.cab
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\yaqr1t9r.default\
FF - prefs.js: network.proxy.ftp - 206.64.92.16
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.http - 206.64.92.16
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 206.64.92.16
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 206.64.92.16
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
.
.
------- Associations de fichier -------
.
.txt=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5368)
c:\program files\Unlocker\UnlockerHook.dll
c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Cobian Backup 10\cbInterface.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2012-07-27 13:55:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-27 11:55
.
Avant-CF: 322 493 620 224 octets libres
Après-CF: 322 338 250 752 octets libres
.
- - End Of File - - 12709FD52C23147ACC0EFA790BA17017

m
0
l
a c 547 8 Sécurité
27 Juillet 2012 22:43:24

Bonsoir,

N'hésitez pas à remonter les sujet une fois par jour maximum quand vous n'obtenez pas de réponse, vous êtes nombreux, on passe parfois au travers.

C'est toi qui a installé le proxy sur ce pc ?
Citation :
FF - prefs.js..network.proxy.backup.ftp: "216.49.160.27"
FF - prefs.js..network.proxy.backup.ftp_port: 80


Comment se comporte le pc après le passage de Combofix ?

1) Désinstalle les programmes suivant dans ta liste des programmes (si présents) :

- JavaFX 2.1.1
- JavaFX 2.0.2 SDK (sauf utilité, création d'application web)
- Adobe AIR (idem)
- Java(TM) 6 Update 30 / Java(TM) SE Development Kit 6 Update 30 / Java(TM) SE Development Kit 7 Update 2 (versions obsolètes, tu possèdes une plus récente)


2) Relance OTL.exe

  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

    /!\ Attention, utilisateur d'Avast! ou d'autres antivirus, ne lancez pas OTL en mode sandbox /!\

  • Copie-colle l'ensemble du texte ci-dessous dans le cadre Personnalisation d'OTL en bas à gauche.



    :OTL
    DRV - [2012/07/16 15:38:15 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\dsekgluq.sys -- (wkhstr)
    [2011/12/30 00:39:52 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
    [2011/12/30 00:39:51 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
    FF - prefs.js..network.proxy.backup.ftp: "216.49.160.27"
    FF - prefs.js..network.proxy.backup.ftp_port: 80
    FF - prefs.js..network.proxy.backup.socks: "216.49.160.27"
    FF - prefs.js..network.proxy.backup.socks_port: 80
    FF - prefs.js..network.proxy.backup.ssl: "216.49.160.27"
    FF - prefs.js..network.proxy.backup.ssl_port: 80
    FF - prefs.js..network.proxy.ftp: "206.64.92.16"
    FF - prefs.js..network.proxy.ftp_port: 8000
    FF - prefs.js..network.proxy.http: "206.64.92.16"
    FF - prefs.js..network.proxy.http_port: 8000
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "206.64.92.16"
    FF - prefs.js..network.proxy.socks_port: 8000
    FF - prefs.js..network.proxy.ssl: "206.64.92.16"
    FF - prefs.js..network.proxy.ssl_port: 8000
    O3 - HKU\S-1-5-21-1628648317-231270502-3179145311-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

    :Files
    C:\Program Files\Babylon

    :Commands
    [emptytemp]



  • Puis clique sur le bouton Correction en haut à gauche
  • Le pc va redémarrer. (si ce n'est pas le cas, fais-le manuellement)
  • Poste le rapport de suppression s'il apparait.

    Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne. S'il n'apparait pas, il se trouve ici : C:\_OTL, sous la forme xxxxxxxx_xxxx.log où x sont la date et l'heure

    /!\ Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\
    m
    0
    l
    Contenus similaires
    27 Juillet 2012 23:07:09

    Bonsoir,

    hyunkel30 a dit :

    C'est toi qui a installé le proxy sur ce pc ?
    Citation :
    FF - prefs.js..network.proxy.backup.ftp: "216.49.160.27"
    FF - prefs.js..network.proxy.backup.ftp_port: 80


    Je n'ai installé aucun proxy il me semble... Je ne vois pas en quoi il me serait utile, et je ne reconnais pas l'IP.

    hyunkel30 a dit :
    Comment se comporte le pc après le passage de Combofix ?

    Largement plus rapide. Mais j'aimerais réelement vérifié s'il n'y a pas d'infection, j'ai été victime d'un keylogger il y a peu, via un site demandant l'execution d'un java infecté...

    Je poste le rapport OTL lundi matin car c'est sur mon PC de boulot et je ne peux plus me connecter via TeamViewer depuis le redémarrage.
    m
    0
    l
    a c 547 8 Sécurité
    28 Juillet 2012 09:24:59

    Re,

    Ok, alors j'ai modifié le script précédent pour rajouter le proxy à nettoyer ;) 
    m
    0
    l
    30 Juillet 2012 09:18:57

    Bonjour,

    Alors voici le rapport (en deux parties car j'avais lancé la procédure sans voir ta modif) :

    Spoiler
    All processes killed
    ========== OTL ==========
    Error: No service named wkhstr was found to stop!
    Service\Driver key wkhstr not found.
    File C:\Windows\System32\drivers\dsekgluq.sys not found.
    C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI moved successfully.
    C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI moved successfully.
    Registry value HKEY_USERS\S-1-5-21-1628648317-231270502-3179145311-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    ========== FILES ==========
    C:\Program Files\Babylon\Babylon-Pro\Utils folder moved successfully.
    C:\Program Files\Babylon\Babylon-Pro folder moved successfully.
    C:\Program Files\Babylon folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Simon
    ->Temp folder emptied: 25812743 bytes
    ->Temporary Internet Files folder emptied: 7702057 bytes
    ->Java cache emptied: 13914264 bytes
    ->FireFox cache emptied: 60598203 bytes
    ->Google Chrome cache emptied: 485351937 bytes
    ->Flash cache emptied: 15225238 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 856 bytes
    RecycleBin emptied: 49211 bytes

    Total Files Cleaned = 581,00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07272012_225759

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Spoiler
    All processes killed
    ========== OTL ==========
    Error: No service named wkhstr was found to stop!
    Service\Driver key wkhstr not found.
    File C:\Windows\System32\drivers\dsekgluq.sys not found.
    File C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI not found.
    File C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YAQR1T9R.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI not found.
    Prefs.js: "216.49.160.27" removed from network.proxy.backup.ftp
    Prefs.js: 80 removed from network.proxy.backup.ftp_port
    Prefs.js: "216.49.160.27" removed from network.proxy.backup.socks
    Prefs.js: 80 removed from network.proxy.backup.socks_port
    Prefs.js: "216.49.160.27" removed from network.proxy.backup.ssl
    Prefs.js: 80 removed from network.proxy.backup.ssl_port
    Prefs.js: "206.64.92.16" removed from network.proxy.ftp
    Prefs.js: 8000 removed from network.proxy.ftp_port
    Prefs.js: "206.64.92.16" removed from network.proxy.http
    Prefs.js: 8000 removed from network.proxy.http_port
    Prefs.js: true removed from network.proxy.share_proxy_settings
    Prefs.js: "206.64.92.16" removed from network.proxy.socks
    Prefs.js: 8000 removed from network.proxy.socks_port
    Prefs.js: "206.64.92.16" removed from network.proxy.ssl
    Prefs.js: 8000 removed from network.proxy.ssl_port
    Registry value HKEY_USERS\S-1-5-21-1628648317-231270502-3179145311-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    ========== FILES ==========
    File\Folder C:\Program Files\Babylon not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Simon
    ->Temp folder emptied: 25720160 bytes
    ->Temporary Internet Files folder emptied: 168574 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 10227782 bytes
    ->Flash cache emptied: 534 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7788 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 34,00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_091238

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Tu penses que c'est bon pour la partie curative ?
    m
    0
    l
    a c 547 8 Sécurité
    30 Juillet 2012 10:37:11

    Re,

    Niveau nettoyage, cela semble ok.

    Pour vérif :

    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS