Gros ralentissement sous Seven

[Domi83]

Bonjour,

 

Depuis quelques jours, je fais l'expérience de gros ralentissements sous Windows Seven quand je travaille (Texstudio, Jabref, Firefox, Acrobat ouverts, ce qui ne semble pas a priori scandaleusement gourmand). J'ai cru qu'il s'agissait d'abord d'une incompatibilité entre logiciels de sécurité (j'avais MS Security Essentials et online Armor qui tournaient en même temps). J'ai stoppé Online Armor, mais ca ne semble pas résoudre le problème: régulièrement -toutes les heures peut-être-,les fenêtres d'application gèlent et il est simplement possible de passer de l'une à l'autre (via alt+tab) sans pouvoir faire quoi que ce soit sur chacune des fenêtres. Après quelques minutes, la situation revient à la normale.

 

Un grand merci à qui pourra m'aider.

[bernard53]

Bonjour

Dans un premier temps ceci s.t.p pour voir un peu plus.

Télécharges << ZHPDiag>> (de Nicolas Coolman)

 

dezzipes le fichier sur ton bureau...

Fais un clic-droit sur l'icône ZHPDiag .exe et choisis "exécuter en tant qu'administrateur".

 

 

L'installation va créer raccourcis (ZHPDiag et ZHPFix et MBRchek) sur ton bureau

 

 

ET :

 

  Citation

Si le bouton UAC apparaît dans le panel supérieur cela signifie que votre UAC est activée. L'activation de l'UAC gène l'analyse deZHPDiag sur certains modules (O18,O23,O42,...).

Aussi pour permettre un scan complet de l'outil, vous devez au préalable cliquer sur ce bouton.

Ce qui aura pour conséquence de relancer ZHPDiag avec une désactivation temporaire de l'UAC.

A la fin de l'installation ZHPDiag va se lancer....

 

Cliques sur "Lancer le diagnostic " (image de la loupe) et patiente...

 

A la fin du scan le rapport est sauvegardé directement sur ton bureau.

  Citation

ZHPDiag.txt

 

Mets le rapport ici car il prend bien de la place.

Accueil de Cjoint.com

ou.

Envoyez et partagez vos fichiers

[Domi83]

Bonjour,

 

Merci de ta réponse. Ci joint le rapport ZHPDiag:

© CJoint.com, 2012

[bernard53]

ok ceci s.t.p

* Copie le tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C)

  Citation

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified => Infection BT (Hijacker.Application)

G0 - GCSP: Preference [user Data\Default][HomePage] Babylon Search => Infection PUP (Toolbar.Babylon)

G2 - GCE: Preference [user Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.8 (Désactivé) => Infection BT (Toolbar.Babylon)

M3 - MFPP: Plugins - [Domi] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml => Infection BT (Toolbar.Babylon)

O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (...) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll (.not file.) => Infection PUP (Adware.Yontoo)*

[MD5.00000000000000000000000000000000] [APT] [Your File Updater] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] => Infection PUP (PUP.YourFileDownloader)

O42 - Logiciel: BabylonObjectInstaller - (.Babylon Ltd.) [HKLM][64Bits] -- {E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} => Infection BT (Toolbar.Babylon)

O42 - Logiciel: Browser Manager - (...) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} => Infection PUP (Toolbar.Babylon)*

O42 - Logiciel: Yontoo 1.10.02 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*

[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*

[HKCU\Software\DataMngr_Toolbar] => Infection PUP (PUP.BearShare)*

[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)

[HKCU\Software\YourFileDownloader] => Infection PUP (PUP.YourFileDownloader)

[HKLM\Software\Wow6432Node\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Babylon] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*

[HKLM\Software\Wow6432Node\YourFileDownloader] => Infection PUP (PUP.YourFileDownloader)

O43 - CFD: 26/07/2012 - 14:54:34 - [0] ----D C:\Program Files (x86)\YourFileDownloader => Infection PUP (PUP.YourFileDownloader)

O43 - CFD: 19/03/2013 - 22:01:10 - [7,622] ----D C:\ProgramData\Browser Manager => Infection PUP (Toolbar.Babylon)*

O43 - CFD: 21/07/2012 - 22:39:57 - [0] ----D C:\Users\Domi\AppData\Roaming\YourFileDownloader => Infection PUP (PUP.YourFileDownloader)

O51 - MPSK:{2d6e1e11-783f-11e2-bf68-e0ca949f7979}\AutoRun\command. (...) -- F:\Windows\AutoRun.exe (.not file.) => Infection USB (Trojan.USB)

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110822&tt=100512_3_"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.hardId", "489de09a000000000000e0ca94a5bc2a"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.id", "489de09a000000000000e0ca94a5bc2a"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15473"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.newTab", true); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110822&tt=100512_3_&babsrc=NT_ss&mntrId=489de[...] => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:16:50"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); => Infection BT (Toolbar.Babylon)↑

O69 - SBI: prefs.js [Domi - eumlalc8.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=110822&tt=100512_3_&babsrc=KW_ss&mntrId=489de09a000000000000e0ca94a5bc2[...] => Infection BT (Toolbar.Babylon)↑

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - Babylon Search => Infection PUP (Adware.IMBooster)*

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)

[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] => Infection PUP (PUP.WhiteSmoke)

[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] => Infection PUP (PUP.WhiteSmoke)

[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\AppID\escort.dll] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\escortapp.dll] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\escorteng.dll] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\esrv.EXE] => Infection PUP (PUP.Funmoods)

[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] => Infection PUP (PUP.YourFileDownloader)

[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] => Infection PUP (PUP.YourFileDownloader)

[HKLM\Software\Classes\b] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\escort.escrtBtn.1] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] => Infection PUP (PUP.YourFileDownloader)

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] => Infection BT (Spyware.GamePlayLabs)

[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\BabylonToolbar] => Infection BT (Toolbar.Babylon)

[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*

[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] => Infection PUP (Toolbar.babylon)

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] => Infection PUP (Toolbar.babylon)

[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Prod.cap] => Infection PUP (Toolbar.Babylon)

[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] => Infection PUP (PUP.BProtector)

[HKLM\Software\Classes\AppID\secman.DLL] => Infection PUP (Toolbar.Babylon)

[HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] => Infection PUP (PUP.DealPly)

[HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] => Infection PUP (PUP.DealPly)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] => Infection PUP (PUP.DealPly)

[HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] => Infection PUP (PUP.DealPly)

[HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] => Infection PUP (PUP.DealPly)

[HKLM\Software\Classes\AppID\ESRV.EXE] => Infection PUP (PUP.Funmoods)

[HKLM\Software\Classes\YontooIEClient.Api] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Classes\YontooIEClient.Api.1] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Classes\YontooIEClient.Layers] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Classes\YontooIEClient.Layers.1] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Classes\AppID\escort.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\escortApp.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\escortEng.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\escorTlbr.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Classes\AppID\YontooIEClient.DLL] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\escort.escrtBtn.1] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] => Infection PUP (PUP.Funmoods)*

[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] => Infection PUP (Adware.Yontoo)*

C:\Program Files (x86)\yourfiledownloader => Infection PUP (PUP.YourFileDownloader)

C:\ProgramData\Browser Manager => Infection PUP (Toolbar.Babylon)*

C:\Users\Domi\AppData\Roaming\yourfiledownloader => Infection PUP (PUP.YourFileDownloader)

C:\Users\Domi\AppData\Roaming\Mozilla\Firefox\Profiles\eumlalc8.default\bprotector_extensions.sqlite => Infection PUP (PUP.BProtector)*

[HKCU\Software\5fed78de13ce510\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" => Infection FakeAlert (PUP.VideoPerformer)

[HKCU\Software\5fed78de13ce510\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11" => Infection FakeAlert (PUP.VideoPerformer)

[HKCU\Software\5fed78de13ce510\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" => Infection FakeAlert (PUP.VideoPerformer)

[HKCU\Software\5fed78de13ce510\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78" => Infection FakeAlert (PUP.VideoPerformer)

[HKCU\Software\5fed78de13ce510]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" => Infection FakeAlert (PUP.VideoPerformer)

[HKLM\Software\Wow6432Node\5fed78de13ce510]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" => Infection FakeAlert (PUP.VideoPerformer)

SS - | Disabled 2569168 | (Browser Manager) . (...) - C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe => Infection PUP (Toolbar.Babylon)*

[HKLM\Software\Tarma Installer] => Toolbar.Tarma

O43 - CFD: 13/05/2012 - 21:16:43 - [1,767] ----D C:\ProgramData\Tarma Installer => Toolbar.Tarma

[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] => Toolbar.Agent

[HKLM\Software\Tarma Installer] => Toolbar.Tarma

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] => Toolbar.Bing

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] => Toolbar.Bing

[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] => Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] => Toolbar.Conduit

[HKLM\Software\Classes\NXToolBar.NXToolBand.1] => Toolbar.Agent*

[HKLM\Software\Wow6432Node\Classes\NXToolBar.NXToolBand.1] => Toolbar.Agent*

M3 - MFPP: Plugins - [Domi] -- C:\Users\Domi\AppData\Roaming\Mozilla\Firefox\Profiles\eumlalc8.default\searchplugins\babylon.xml

O4 - HKLM\..\Wow6432Node\Run: [Olescm32] C:\windows\system32\olescm32.dll (.not file.)

O4 - HKUS\S-1-5-21-2037410489-1664746479-1769596198-1000\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (.not file.)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2037410489-1664746479-1769596198-1000Core.job [902]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2037410489-1664746479-1769596198-1000UA.job [924]

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A06\EPM.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2037410489-1664746479-1769596198-1000Core] (...) -- C:\Users\Domi\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2037410489-1664746479-1769596198-1000UA] (...) -- C:\Users\Domi\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]

 

[MD5.00000000000000000000000000000000] [APT] [{24D54E46-9CB6-4E6F-9A20-4BAF178D7CB2}] (...) -- C:\Users\Domi\AppData\Local\Temp\{A65CBED6-4405-43FD-83F7-83460693DCEF}\adobeshockwavextrabundle.exe (.not file.) [0

[MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3487240]

[MD5.36A82C214B46787385F3B0CD02ECAA88] [APT] [Refresh immunization] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [3653656]

[MD5.E4A0900CF535888DDD85B10040CA3E34] [APT] [scan the system] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [3906584]

FirewallRaz

EmptyFlash

Emptytemp

SysRestore

 

 

Puis Lance ZHPFix depuis le raccourci du bureau.

 

-> laisse travailler l'outil et ne touche à rien ...

 

Une fois terminée, un nouveau rapport s'affiche : copie/colle le contenu de ce dernier dans ta prochaine réponse ...

 

(ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ZHPFixReport.txt)

 

Important : s'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le de suite !

 

Ensuite:

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.

 

Téléchargements - Outils de Xplode - AdwCleaner

 

 

 

- Lances le en mode normal , puis cliques sur [suppression]

- Lorsque le message indiquant qu'AdwCleaner a détecté une variante spécifique d'adware s'affiche , cliquez sur [OK]

 

- L'ordinateur va redémarrer tout seul. Redémarre-le en mode normal.

- AdwCleaner s'ouvrira normalement, avec comme seul choix possible [suppression]

 

 

- Cliquez dessus, puis patientes pendant la suppression.

- Une fois la suppression effectuée, AdwCleaner vous invitera à redémarrer l'ordinateur

 

- Au redémarrage, un rapport s'ouvrira. Postes le sur le forum.

 

Ensuite: dis moi c'est toi qui as installé un proxy vers le Kenya

si cela n'est pas le cas rajoute ces lignes dans la suppression de ZhpFix.

  Citation

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC83661-CE10-4FAD-9866-55974D4B72D3}: NameServer = 196.201.217.11 209.244.0.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{6DC83661-CE10-4FAD-9866-55974D4B72D3}: NameServer = 196.201.217.11 209.244.0.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{6DC83661-CE10-4FAD-9866-55974D4B72D3}: NameServer = 196.201.217.11 209.244.0.3

[Domi83]

Merci beaucoup pour ta réponse.

 

On a donc:

-Le rapport ZHPfix:

© CJoint.com, 2012

-Le rapport AdwCleaner:

© CJoint.com, 2012

 

Pour le proxy vers le Kenya, c'est un pays où j'ai habité, il fallait passer par un modem-clé USB pour se connecter au réseau. Je n'ai fait aucune autre manip que d'installer les logiciels nécessaires à l'utilisation de ces clés. Ça explique la présence d'un proxy ?

[Domi83]

En revanche, je viens de refaire l'expérience d'un de ces ralentissements. je me demande plus largement s'il n'y a pas derrière ca un problème matériel...J'ai fait l'expérience d'un énorme plantage il y a une heure, où l'écran a gelé, la barre des tâches de Windows s'est retrouvée en haut de l'écran, qui n'était plus rafraîchi, avec un gros message d'erreur à demi masqué par une bouillie de pixels, et même les CTRL-ALT-SUPR qui ne fonctionnait plus, d'où l'obligation de redémarrer de manière barbare. Peut-être un pb de carte graphique ?

[bernard53]

OK pour le proxy, mais je préférais te demander

Télécharge Speccy Speccy - Download pour voir si un composant n'a pas une température excessive.

[Domi83]

Bon, Speccy me dit que ma carte mère et mon processeur tournent entre 69 et 71°, je viens de redémarrer le systèm, je vais voir si ca monte davantage...

[bernard53]

69 et 71° c'est pas trop top. tu as un portable ou une tour car cela change la donne.

[Domi83]

J'ai un portable. Mais effectivement ca ne semble pas excessivement anormal, je ne sais pas ce qui a part ça peut temporairement geler mes applications...