Machine infectée, lente, virus non localisé

[f4czx]

Bonsoir,

 

désolé pour le mauvais rapport, le mauvais copié était resté dans la pile ....

 

 

********************************************************************************

*****

Analyse en ligne de CO2saver.exe :

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.09.23 -

AhnLab-V3 5.0.0.2 2009.09.23 -

AntiVir 7.9.1.23 2009.09.23 -

Antiy-AVL 2.0.3.7 2009.09.23 -

Authentium 5.1.2.4 2009.09.23 -

Avast 4.8.1351.0 2009.09.23 -

AVG 8.5.0.412 2009.09.23 -

BitDefender 7.2 2009.09.23 -

CAT-QuickHeal 10.00 2009.09.23 -

ClamAV 0.94.1 2009.09.23 -

Comodo 2416 2009.09.23 -

DrWeb 5.0.0.12182 2009.09.23 -

eSafe 7.0.17.0 2009.09.23 Suspicious File

eTrust-Vet 31.6.6757 2009.09.23 -

F-Prot 4.5.1.85 2009.09.23 -

F-Secure 8.0.14470.0 2009.09.23 -

Fortinet 3.120.0.0 2009.09.23 -

GData 19 2009.09.23 -

Ikarus T3.1.1.72.0 2009.09.23 -

Jiangmin 11.0.800 2009.09.23 -

K7AntiVirus 7.10.852 2009.09.23 -

Kaspersky 7.0.0.125 2009.09.23 -

McAfee 5750 2009.09.23 -

McAfee+Artemis 5750 2009.09.23 -

McAfee-GW-Edition 6.8.5 2009.09.23 -

Microsoft 1.5005 2009.09.23 -

NOD32 4451 2009.09.23 -

Norman 6.01.09 2009.09.23 -

nProtect 2009.1.8.0 2009.09.23 -

Panda 10.0.2.2 2009.09.23 -

PCTools 4.4.2.0 2009.09.23 -

Prevx 3.0 2009.09.23 -

Rising 21.48.24.00 2009.09.23 -

Sophos 4.45.0 2009.09.23 -

Sunbelt 3.2.1858.2 2009.09.23 -

Symantec 1.4.4.12 2009.09.23 -

TheHacker 6.5.0.2.015 2009.09.22 -

TrendMicro 8.950.0.1094 2009.09.23 -

VBA32 3.12.10.10 2009.09.23 -

ViRobot 2009.9.23.1950 2009.09.23 -

VirusBuster 4.6.5.0 2009.09.23 -

Information additionnelle

File size: 229448 bytes

MD5...: 67fdf4cc56763a4def8c1b6399def7e8

SHA1..: eae42f81b00bce258fb197ada7ff0ac42e7428a0

SHA256: e9fdc75a962688363cb63cdb0e2df42b840e64ec7a0d0631e3577923dd0ff6d7

ssdeep: 6144:zT6xyZH8QBdifPOCM4wocF4RZODcs43IyzoH:zT6xuBdvCMhocGl73IoG

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x86f10

timedatestamp.....: 0x469fd5fa (Thu Jul 19 21:22:02 2007)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x56000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x57000 0x31000 0x30200 7.94 263f6aed7da284a210f06f1bc95f165b

.rsrc 0x88000 0x7000 0x6400 5.30 7b0c73cfe0552c581c4f7c306535f27d

 

( 16 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess

> COMCTL32.dll: -

> comdlg32.dll: GetFileTitleA

> GDI32.dll: SaveDC

> imagehlp.dll: ImageGetCertificateData

> MSIMG32.dll: AlphaBlend

> ole32.dll: CoInitialize

> OLEAUT32.dll: -

> oledlg.dll: -

> OLEPRO32.DLL: -

> POWRPROF.dll: EnumPwrSchemes

> SHELL32.dll: ShellExecuteA

> USER32.dll: GetDC

> WININET.dll: InternetOpenA

> WINMM.dll: timeGetTime

> WINSPOOL.DRV: ClosePrinter

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (33.8%)

Win32 EXE Yoda's Crypter (29.4%)

Windows Screen Saver (14.5%)

Win32 Executable Generic (9.4%)

Win32 Dynamic Link Library (generic) (8.3%)

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=67fdf4cc56763a4def8c1b6399def7e8' target='_blank'>http://www.threatexpert.com/report.aspx?md5=67fdf4cc56763a4def8c1b6399def7e8</a>

packers (Kaspersky): UPX

sigcheck:

publisher....: Snap Technologies, Inc.

copyright....: Copyright © 2007, Snap Technologies, Inc.

product......: CO2 Saver Application

description..: CO2 Saver

original name: CO2Saver.exe

internal name: CO2 Saver

file version.: 1, 0, 0, 16

comments.....:

signers......: Perfect Market Technologies, Inc

Thawte Code Signing CA

Thawte Premium Server CA

signing date.: 11:22 PM 7/19/2007

verified.....: -

packers (F-Prot): UPX

 

 

 

********************************************************************************

**************

 

Rapport de OTM :

 

All processes killed

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Classes\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

 

User: All Users

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 1065572 bytes

->FireFox cache emptied: 41951375 bytes

 

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Damien

->Temp folder emptied: 190984 bytes

File delete failed. D:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 186405 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 38323095 bytes

->Apple Safari cache emptied: 9121929 bytes

 

User: Nounours

->Temp folder emptied: 49152 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 2552682 bytes

 

User: ADRASEC

->Temp folder emptied: 49152 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 35652961 bytes

->Apple Safari cache emptied: 876861 bytes

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1099861 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 299433 bytes

 

Total Files Cleaned = 125,49 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09232009_214445

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

 

******************************************************************************

 

Rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:55:41, on 23/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\CO2 Saver\CO2Saver.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab

O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

 

--

End of file - 5333 bytes

 

 

merci, a+

Modifié le 23 septembre 2009 par f4czx

[pear]

Bonjour,

 

Il semble que vous ayez omis ceci:

 

Dans Hijackthis, cochez puis clic sur Fix checked:

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

 

et ce n'est toujours pas le rapport Rsit !

[f4czx]

Bonsoir,

 

ok pour les 2 fix, c'est fait.

 

Rapport RSIT :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Damien at 2009-09-24 19:11:11

Microsoft Windows XP Professionnel Service Pack 2

System drive D: has 28 GB (40%) free of 68 GB

Total RAM: 1279 MB (66% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:11:49, on 24/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\CO2 Saver\CO2Saver.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Documents and Settings\Damien\Bureau\pb virus\RSIT.exe

C:\HijackThis\Damien.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab

O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

 

--

End of file - 5256 bytes

 

======Scheduled tasks folder======

 

D:\WINDOWS\tasks\Symantec NetDetect.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SmcService"=D:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]

"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskIcon]

D:\Program Files\USB MEMORY BAR\diskicon.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

D:\Program Files\Google\Google Talk\googletalk.exe /autostart []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

D:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

D:\WINDOWS\system32\NeroCheck.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nForce APU1 Utilities]

D:\WINDOWS\system32\NVATray.exe [2002-01-18 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

D:\Program Files\QuickTime\qttask.exe [2007-08-13 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sacam]

d:\documents and settings\damien\local settings\application data\sacam.exe sacam []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-10-06 185784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

D:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

D:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

D:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2

"usnjsvc"=3

"MDM"=2

"LogMeIn"=2

"LMIMaint"=2

 

D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

CO2 Saver.lnk - D:\Program Files\CO2 Saver\CO2Saver.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

D:\WINDOWS\system32\LMIinit.dll [2007-11-15 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=FFFFFFFF

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoFolderOptions"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"D:\WINDOWS\System32\P2P Networking\P2P Networking.exe"="D:\WINDOWS\System32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"

"D:\Program Files\Kazaa\kazaa.exe"="D:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop"

"D:\Program Files\Real\RealPlayer\realplay.exe"="D:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"D:\cygwin\usr\X11R6\bin\XWin.exe"="D:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin"

"D:\Program Files\Shareaza\Shareaza.exe"="D:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"

"D:\Program Files\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3"

"D:\Program Files\K1RFD\EchoLink\EchoLink.exe"="D:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink"

"D:\Program Files\FileZilla\FileZilla.exe"="D:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"

"D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur"

"D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3"

"D:\Program Files\Freeplayer\vlc\vlc.exe"="D:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

"D:\Program Files\Mozilla Firefox\FIREFOX.EXE"="D:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"

"D:\Program Files\emulev0.47\eMule\emule.exe"="D:\Program Files\emulev0.47\eMule\emule.exe:*:Enabled:eMule"

"D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"D:\Program Files\M6 Video\M6video.exe"="D:\Program Files\M6 Video\M6video.exe:*:Disabled:OneClick"

"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\Temp\Agw2005\AGW Packet Engine.exe"="C:\Temp\Agw2005\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur"

"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur"

"D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"D:\Program Files\Free Music Zilla\FMZilla.exe"="D:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"

"D:\Documents and Settings\Damien\Bureau\freezer.exe"="D:\Documents and Settings\Damien\Bureau\freezer.exe:*:Enabled:freezer"

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Program Files\HomePlayer\HomePlayer.exe"="D:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"

"D:\Program Files\HomePlayer\VLC\vlc.exe"="D:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-09-10 19:13:39 ----RASHD---- D:\autorun.inf

2009-09-10 18:53:46 ----D---- D:\_OTM

2009-09-06 17:45:08 ----D---- D:\Program Files\Navilog1

2009-09-06 17:31:28 ----D---- D:\rsit

2009-09-06 17:20:59 ----D---- D:\WINDOWS\WBEM

2009-09-06 17:19:20 ----HD---- D:\WINDOWS\ie8

2009-09-06 17:19:20 ----D---- D:\WINDOWS\system32\fr-FR

2009-09-06 14:22:46 ----A---- D:\WINDOWS\SchedLgU.Txt

2009-08-28 19:42:56 ----D---- D:\Documents and Settings\Damien\Application Data\fdrtools.com

 

======List of files/folders modified in the last 1 months======

 

2009-09-08 19:06:30 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI

2009-09-06 14:37:34 ----A---- D:\WINDOWS\win.ini

2009-09-06 14:37:34 ----A---- D:\WINDOWS\system.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320]

R1 kbdhid;Pilote HID de clavier; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]

R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 wpsdrvnt;wpsdrvnt; \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-24 55656]

R2 CommSB96;CommSB96; D:\WINDOWS\system32\drivers\CommSB96.sys [2002-05-16 24776]

R2 CommSBEP;CommSBEP; D:\WINDOWS\system32\drivers\CommSBEP.sys [2002-05-16 24476]

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R2 wg3n;SyGate for NT, wg3n; D:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]

R2 wg4n;SyGate for NT, wg4n; D:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]

R2 wg5n;SyGate for NT, wg5n; D:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]

R2 wg6n;SyGate for NT, wg6n; D:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-10-16 947884]

R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 lmimirr;lmimirr; D:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]

R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x86\RaInfo.sys []

S2 zntport;ioctrl driver ; \??\D:\WINDOWS\system32\zntport.sys []

S3 bfastfao;bfastfao; \??\D:\DOCUME~1\ADRASEC\LOCALS~1\Temp\bfastfao.sys []

S3 catchme;catchme; \??\D:\DOCUME~1\Damien\LOCALS~1\Temp\catchme.sys []

S3 fbxusb;FreeBox USB Network Adapter; D:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-01 47360]

S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Usbscan; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 wceusbsh;Windows CE USB Serial Host Driver; D:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-03-09 37768]

S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; D:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

S4 vsdatant;vsdatant; D:\WINDOWS\system32\drivers\vsdatant.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-24 185089]

R2 SmcService;Sygate Personal Firewall; D:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]

R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S4 MDM;Machine Debug Manager; D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

 

-----------------EOF-----------------

[pear]

Votre rapport est presque parfait .

 

Il reste des traces de Symantec:

Norton a créé un utilitaire pour désinstaller automatiquement les produits suivants

Attention: Si vous utilisez ACT! ou WinFAX, sauvegardez vos données avant de lancer la désinstallation!

 

* Norton AntiSpam 2004 - 2005

* Norton Antivirus 2003 - 2007.2

* Norton Ghost 2003, 9.0, and 10.0

* Norton GoBack 3.1 - 4.2

* Norton Internet Security 2003 - 2007.2

* Norton Password Manager

* Norton Personal Firewall 2003 - 2006

* Norton SystemWorks 2003 - 2007

* Norton Confidential Online 2007

* Norton Internet Security 2007 Add-on Pack

* Norton Save and Restore 1.0 - 2.0

* Norton 360

 

Téléchargez l'outil de désinstallation Norton pour votre version de Windows.

Suivez les instructions à l’écran.

L'ordinateur pourra être redémarré plusieurs fois et vous serez peut-être invité à répéter certaines étapes après le redémarrage.

Supprimez sur votre machine tout fichier Symantec et Norton(dans Program files et Program files\Fichiers communs)

 

http://speedweb1.free.fr/frames2.php?page=divers3

 

mais , magré cela , il reste probablement des traces dans le régistre:

Rechercher et supprimer toutes les occurences Norton et Symantec

 

ou utilisez:http://ca.huji.ac.il/bf/mcafee/NoNav.exe

 

 

 

Java n'est pas à jour,donc vulnérable.

Téléchargez Javara

ou là:

Javara

clic sur Download Windows binary.zip vers le bureau.

Dézippez.

Décocher la barre Yahoo

lancez Javara.exe

clic sur mise à jour via jucheck

clic sur installer

 

Revenez dans JavaRa

 

Cliquez Effacer les anciennes versions

Puis..... Autres Options ->Cocher Effacer les fichiers JRE Inutiles ->Exécuter

[f4czx]

Bonjour,

 

j'ai fait tout cela, le système à l'air de bien tourner.

 

Deux choses +/- génantes :

 

1 - la conso en ressource de update.exe au démarrage (vraissemblablement MAJ Avira)

2 - la lenteur à l'extinction du PC

 

En tout cas merci bcp, car ça va nettement mieux maintenant.

 

Cordialement,

 

Damien

[pear]

la conso en ressource de update.exe au démarrage (vraissemblablement MAJ Avira)

 

Je ne crois pas, c'est plutôt Windows.

Vous devriez désinstaller Mise à Jour Automatique quitte à la réinstaller le 13 de chaque mois si vous n'envisagez pas de faire les mises à jour à votre gré.

 

la lenteur à l'extinction du PC

 

Essayez ceci:

 

Copiez /collez les lignes suivantes dans le bloc notes, sans ligne blanche au début,

enregistrez, sur le bureau, sous regit.reg et fusionnez(clic droit sur fichier)

Acceptez la modification du régistre.

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

"ClearPageFileAtShutdown"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Nt\CurrentVersion\Winlogon]

"PowerdownAfterShutdown"="1"

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Control]

"WaitToKillServiceTimeout"="10000"

[HKEY_CURRENT_USER\Control Panel\Desktop]

"MenuShowDelay"="0"

[HKEY_CURRENT_USER\Control Panel\Desktop]

""AutoEndTask""="1"

[HKEY_CURRENT_USER\Control Panel\Desktop]

"WaitToKillAppTimeout"="1000"

[HKEY_CURRENT_USER\Control Panel\Desktop]

"HungAppTimeout"="1000"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

"WaitToKillAppTimeout"="1000"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

"HungAppTimeout"="1000"

et

Un raccourci sur le bureau:

%windir%\system32\shutdown.exe -s -f -t 00

[f4czx]

Re,

 

les mises à jours windows sont pourtant désactivées....

 

a+

[Mark]

Bonjour à vous deux

 

Par expérience, ayant AntiVir sur 3-4 machines ici, je pense que ce update.exe est bien de lui. La version gratuite passe par des serveurs souvent surchargés et les MAJ peuvent mettre plusieurs minutes à compléter, d'où la consommation. AntiVir peut ouvrir une vingtaine de connexions en simultané via update.exe (vu via mon pare-feu l'autre jour...), donc ça consomme. Pour contourner ça : passer à la version Premium qui bénéficie de serveurs plus rapides (c'est normal après tout).

 

Voilà...

 

@+

[f4czx]

Bonsoir,

 

merci pour l'info.

 

Il me semble bien que c'est Antivir effectivement.

 

J'ai fait la manip' avec le registre.

 

Pour le shutdown, c'est quoi ?

 

merci, a+

[pear]

C'est un raccourci pour arrêter plus rapidement.

 

je l'utilise depuis des années.

Modifié le 29 septembre 2009 par pear