Pc lent et qui se bloque puis repart -bis
Fermé
tomus
-
15 mars 2009 à 05:09
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 21 mars 2009 à 13:26
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 21 mars 2009 à 13:26
A voir également:
- Pc lent et qui se bloque puis repart -bis
- Pc lent - Guide
- Benchmark pc - Guide
- Mon pc est trop lent et se bloque - Guide
- Reinitialiser pc - Guide
- Whatsapp pc - Télécharger - Messagerie
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mars 2009 à 09:08
15 mars 2009 à 09:08
slt colle le ra&pport RSIT
as tu mis un nouveau materiel ou logiciel dans ton pc?
as tu mis un nouveau materiel ou logiciel dans ton pc?
Merci pour le coup de main.
Non, pas de nouveau matériel ou logiciel si ce n'est des mises à jour antivir, windows et skipe.
J'ai voulu restaurer le système mais la liste des points de restauration est vide pour les dates qui précèdent le début de mes soucis.
Voici les rapports RSIT:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Thomas Admin at 2009-03-14 23:30:29
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 45 GB (45%) free of 100 GB
Total RAM: 1982 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:41, on 14/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tom\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Thomas Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Tom')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Tom')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Tom')
O4 - S-1-5-21-1957374373-3722442341-343211795-1000 Startup: OUTLOOK.EXE - Raccourci.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (User 'Tom')
O4 - S-1-5-21-1957374373-3722442341-343211795-1000 User Startup: OUTLOOK.EXE - Raccourci.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (User 'Tom')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Non, pas de nouveau matériel ou logiciel si ce n'est des mises à jour antivir, windows et skipe.
J'ai voulu restaurer le système mais la liste des points de restauration est vide pour les dates qui précèdent le début de mes soucis.
Voici les rapports RSIT:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Thomas Admin at 2009-03-14 23:30:29
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 45 GB (45%) free of 100 GB
Total RAM: 1982 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:41, on 14/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tom\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Thomas Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Tom')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Tom')
O4 - HKUS\S-1-5-21-1957374373-3722442341-343211795-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Tom')
O4 - S-1-5-21-1957374373-3722442341-343211795-1000 Startup: OUTLOOK.EXE - Raccourci.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (User 'Tom')
O4 - S-1-5-21-1957374373-3722442341-343211795-1000 User Startup: OUTLOOK.EXE - Raccourci.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (User 'Tom')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mars 2009 à 17:15
16 mars 2009 à 17:15
vire la tache plannifiée de norton que tu as viré: en suivant le lien
C:\Windows\tasks\Norton Internet Security - Analyse système complète - Tom.job
__________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
colle un rapport avec antivir que tu as
C:\Windows\tasks\Norton Internet Security - Analyse système complète - Tom.job
__________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
colle un rapport avec antivir que tu as
Merci pour ton aide jlpjp.
Voilà les news:
Avant de recevoir tes recommandations, j'avais commencé une tentative d'utilisation de Combofix: j'ai désactivé momentanément toute protection, j'ai débranché le réseau et je l'ai fait tourner: première fois: rien si ce n'est la barre d'install pendant qqs secondes ; deuxième fois idem mais pendant plus longtemps (1min) ; troisième fois: après la barre d'install, apparition d'une invite de commande avec description des actions en cours mais au bout d'une min eniron, plantage (crash dump memory). Re démarrage de windows. Deux répertoires créés dans C:\: ComboFix et Qoobox. Abandon (temporaire ?) de ComboFix, remise en place des sécurité et suivi de tes recommandations.
Tache Norton: virée
CCleaner: 3 fois sur windows et applis puis 3 fois sur le registre.
1 malware détecté et placé en quarantaine par Antivir Guard pendant les manips pour insataller Malware Byte (Virus or unwanted program 'WORM/Mabezat.B.91 [worm]' detected in file 'C:\Program Files\Microsoft Works\WkDStore.exe. Action performed: Move file to quarantine)
Malware Byte en mode sans échec: Aucun Malware détecté par le scan.
Antivir: 1 malware détecté et placé en quarantaine (The file 'C:\SwSetup\MSWorks\FR\PFiles\MSWorks\WkDStore.exe' contained a virus or unwanted program 'WORM/Mabezat.B.91' [worm]
Action(s) taken: The file was moved to '4a03c1a3.qua'!)
Malgré cela, le problème persiste même si par moment on pourrait croire qu'il est réglé. ex: après scan antivir, le pc ne bloquait plus mais après avoir redémarré le problème est réapparu.
Ci dessous, dernier rapport de scan Antivir (4h30 de scan !! visiblement rallenti par cette sal##!!&&).
Avira AntiVir Personal
Report file date: 2009-03-17 10:41
Scanning for 1303192 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HP-TX-1240
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-27 15:00:55
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-07-23 21:16:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-07-23 21:16:40
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-07-23 21:16:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 14:33:42
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 15:38:40
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-03-11 23:06:56
ANTIVIR3.VDF : 7.1.2.177 153088 Bytes 2009-03-16 15:53:57
Engineversion : 8.2.0.116
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-01-30 16:53:41
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 2009-03-13 23:07:08
AESCN.DLL : 8.1.1.8 127346 Bytes 2009-03-08 18:52:19
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-08 18:36:28
AEPACK.DLL : 8.1.3.10 397686 Bytes 2009-03-05 06:01:45
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2009-03-01 18:02:36
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 2009-03-08 18:52:17
AEHELP.DLL : 8.1.2.2 119158 Bytes 2009-03-01 18:02:30
AEGEN.DLL : 8.1.1.29 336245 Bytes 2009-03-16 15:54:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-16 07:13:25
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-18 17:13:57
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-16 07:13:22
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-23 21:16:40
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-07-23 21:16:40
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-02 23:32:19
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-07-23 21:16:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-26 08:34:31
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-07-23 21:16:40
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-26 08:34:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-07-23 21:16:41
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-26 08:34:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-23 21:16:35
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-07-23 21:16:35
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2009-03-17 10:41
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'asghost.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
78 processes with 78 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '51' files ).
Starting the file scan:
Begin scan in 'C:\' <TRAVAIL>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\SwSetup\MSWorks\FR\PFiles\MSWorks\WkDStore.exe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.91 worm
[NOTE] The file was moved to '4a03c1a3.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'F:\' <ARCHIVES>
End of the scan: 2009-03-17 15:09
Used time: 4:28:40 Hour(s)
The scan has been done completely.
22221 Scanning directories
673815 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
673812 Files not concerned
8527 Archives were scanned
2 Warnings
1 Notes
Voilà les news:
Avant de recevoir tes recommandations, j'avais commencé une tentative d'utilisation de Combofix: j'ai désactivé momentanément toute protection, j'ai débranché le réseau et je l'ai fait tourner: première fois: rien si ce n'est la barre d'install pendant qqs secondes ; deuxième fois idem mais pendant plus longtemps (1min) ; troisième fois: après la barre d'install, apparition d'une invite de commande avec description des actions en cours mais au bout d'une min eniron, plantage (crash dump memory). Re démarrage de windows. Deux répertoires créés dans C:\: ComboFix et Qoobox. Abandon (temporaire ?) de ComboFix, remise en place des sécurité et suivi de tes recommandations.
Tache Norton: virée
CCleaner: 3 fois sur windows et applis puis 3 fois sur le registre.
1 malware détecté et placé en quarantaine par Antivir Guard pendant les manips pour insataller Malware Byte (Virus or unwanted program 'WORM/Mabezat.B.91 [worm]' detected in file 'C:\Program Files\Microsoft Works\WkDStore.exe. Action performed: Move file to quarantine)
Malware Byte en mode sans échec: Aucun Malware détecté par le scan.
Antivir: 1 malware détecté et placé en quarantaine (The file 'C:\SwSetup\MSWorks\FR\PFiles\MSWorks\WkDStore.exe' contained a virus or unwanted program 'WORM/Mabezat.B.91' [worm]
Action(s) taken: The file was moved to '4a03c1a3.qua'!)
Malgré cela, le problème persiste même si par moment on pourrait croire qu'il est réglé. ex: après scan antivir, le pc ne bloquait plus mais après avoir redémarré le problème est réapparu.
Ci dessous, dernier rapport de scan Antivir (4h30 de scan !! visiblement rallenti par cette sal##!!&&).
Avira AntiVir Personal
Report file date: 2009-03-17 10:41
Scanning for 1303192 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HP-TX-1240
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-27 15:00:55
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-07-23 21:16:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-07-23 21:16:40
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-07-23 21:16:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 14:33:42
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 15:38:40
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-03-11 23:06:56
ANTIVIR3.VDF : 7.1.2.177 153088 Bytes 2009-03-16 15:53:57
Engineversion : 8.2.0.116
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-01-30 16:53:41
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 2009-03-13 23:07:08
AESCN.DLL : 8.1.1.8 127346 Bytes 2009-03-08 18:52:19
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-08 18:36:28
AEPACK.DLL : 8.1.3.10 397686 Bytes 2009-03-05 06:01:45
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2009-03-01 18:02:36
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 2009-03-08 18:52:17
AEHELP.DLL : 8.1.2.2 119158 Bytes 2009-03-01 18:02:30
AEGEN.DLL : 8.1.1.29 336245 Bytes 2009-03-16 15:54:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-16 07:13:25
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-18 17:13:57
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-16 07:13:22
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-23 21:16:40
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-07-23 21:16:40
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-02 23:32:19
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-07-23 21:16:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-26 08:34:31
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-07-23 21:16:40
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-26 08:34:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-07-23 21:16:41
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-26 08:34:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-23 21:16:35
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-07-23 21:16:35
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2009-03-17 10:41
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'asghost.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'wisptis.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
78 processes with 78 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '51' files ).
Starting the file scan:
Begin scan in 'C:\' <TRAVAIL>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\SwSetup\MSWorks\FR\PFiles\MSWorks\WkDStore.exe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.91 worm
[NOTE] The file was moved to '4a03c1a3.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'F:\' <ARCHIVES>
End of the scan: 2009-03-17 15:09
Used time: 4:28:40 Hour(s)
The scan has been done completely.
22221 Scanning directories
673815 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
673812 Files not concerned
8527 Archives were scanned
2 Warnings
1 Notes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 mars 2009 à 11:26
18 mars 2009 à 11:26
mets a jour antivir et colle un rapport du scan de ce fichier si infecté: sMSWork
C:\SwSetup\MSWorks\FR\PFiles\sMSWork
C:\SwSetup\MSWorks\FR\PFiles\sMSWork
Antivir mis à jour,
Scan système complet avec Antivir: 0 détection,
Scan C:\SwSetup\MSWorks\FR\PFiles\MSWorks avec Antivir: 0 détection
MalwareByte mis à jour,
Scan C:\SwSetup\MSWorks\FR\PFiles\MSWorks avec MalwareByte: 0 détection
Le problème persiste voire s'aggrave (blocages systématiques dés l'ouverture d'une session windows et à chaque ouverture de fichier, répertoire ou menu contextuel, durée du blocage 10sec à qqs minutes).
What next ?
Scan système complet avec Antivir: 0 détection,
Scan C:\SwSetup\MSWorks\FR\PFiles\MSWorks avec Antivir: 0 détection
MalwareByte mis à jour,
Scan C:\SwSetup\MSWorks\FR\PFiles\MSWorks avec MalwareByte: 0 détection
Le problème persiste voire s'aggrave (blocages systématiques dés l'ouverture d'une session windows et à chaque ouverture de fichier, répertoire ou menu contextuel, durée du blocage 10sec à qqs minutes).
What next ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 mars 2009 à 09:56
20 mars 2009 à 09:56
lance ceci pour finir de virer les traces de norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
_________________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
_________________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
OK voilà les news:
Suppression des traces Norton avec l'outil Norton: fait
Mise à jour de MBAM: fait
Full scan avec MBAM en mode normal: fait: 0 détection, rapport ci-dessous.
Le problème persiste. Pour info, après une longue période sans activité, le PC ne bloque pas pendant les premières minutes. Ce n'est qu'une fois qu'une ou deux fenêtres sont ouvertes ou que l'ont commence à taper du texte qu'il se bloque régulièrement. De plus les blocages arrivent "par rafales"; exemple: plusieurs heures après le scan MBAM, j'ai ré-activé mon wifi, ouvert internet, ouvert la page de cette discussion et commencé à écrire ce post sans problème. Puis, il a bloqué une première fois au premier "MBAM", puis quasiment toutes les 2 ou 3 lettres jusqu'à "rapport" (qqs dizaines de secondes à chaque fois, le soft en cours, Firefox ici, indiquant "ne répond pas"), puis plus aucun blocage jusqu'à maintenant... Je ne sais pas si ça t'éclaire mais bon, c'est au cas où.
Merci encore pour tes conseils. J'attends les prochains.
---------------
Malwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 6.0.6000
20/03/2009 23:15:14
mbam-log-2009-03-20 (23-15-14).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 246950
Time elapsed: 1 hour(s), 36 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Suppression des traces Norton avec l'outil Norton: fait
Mise à jour de MBAM: fait
Full scan avec MBAM en mode normal: fait: 0 détection, rapport ci-dessous.
Le problème persiste. Pour info, après une longue période sans activité, le PC ne bloque pas pendant les premières minutes. Ce n'est qu'une fois qu'une ou deux fenêtres sont ouvertes ou que l'ont commence à taper du texte qu'il se bloque régulièrement. De plus les blocages arrivent "par rafales"; exemple: plusieurs heures après le scan MBAM, j'ai ré-activé mon wifi, ouvert internet, ouvert la page de cette discussion et commencé à écrire ce post sans problème. Puis, il a bloqué une première fois au premier "MBAM", puis quasiment toutes les 2 ou 3 lettres jusqu'à "rapport" (qqs dizaines de secondes à chaque fois, le soft en cours, Firefox ici, indiquant "ne répond pas"), puis plus aucun blocage jusqu'à maintenant... Je ne sais pas si ça t'éclaire mais bon, c'est au cas où.
Merci encore pour tes conseils. J'attends les prochains.
---------------
Malwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 6.0.6000
20/03/2009 23:15:14
mbam-log-2009-03-20 (23-15-14).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 246950
Time elapsed: 1 hour(s), 36 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
JE CROIS QUE J'AI UNE PISTE.
J'ai fait un test:
- avec Antivir Guard actif: trois plombes pour ouvrir un pauvre .doc avec le fameux "MSWord ne répond pas"
- sans Antivir Guard actif: mon PC retrouve la forme olympique de sa première jeunesse ! (Ouverture de fenêtres quasi instantanées, plusieurs à la fois sans problème...).
Le truc étrange: j'ai ensuite remis Antivir Guard actif et le problème NE RÉAPPARAIT PAS !!
J'ai fait ce test car j'avais le sentiment qu'au démarrage d'une session, le pc commencait à ramer lorsqu'Antivir se mettait en marche (au bout de 5 à 10 secondes environ).
Qu'en pense tu ? ré-installation d'Antivir ? en attendant, je peux toujours désactiver - réactiver Antivir Guard. Je vais déjà vérifier que cette solution n'est pas que temporaire.
A+
J'ai fait un test:
- avec Antivir Guard actif: trois plombes pour ouvrir un pauvre .doc avec le fameux "MSWord ne répond pas"
- sans Antivir Guard actif: mon PC retrouve la forme olympique de sa première jeunesse ! (Ouverture de fenêtres quasi instantanées, plusieurs à la fois sans problème...).
Le truc étrange: j'ai ensuite remis Antivir Guard actif et le problème NE RÉAPPARAIT PAS !!
J'ai fait ce test car j'avais le sentiment qu'au démarrage d'une session, le pc commencait à ramer lorsqu'Antivir se mettait en marche (au bout de 5 à 10 secondes environ).
Qu'en pense tu ? ré-installation d'Antivir ? en attendant, je peux toujours désactiver - réactiver Antivir Guard. Je vais déjà vérifier que cette solution n'est pas que temporaire.
A+
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 mars 2009 à 13:26
21 mars 2009 à 13:26
essaye de mettre a jour antivir pour voir si cela persiste ou reinstalle le
et dis si tes soucis persistent
et dis si tes soucis persistent
