UC à 100% mais tous les processus a 0% ...
Fermé
Strat
Messages postés
61
Date d'inscription
dimanche 4 novembre 2007
Statut
Membre
Dernière intervention
18 novembre 2007
-
6 nov. 2007 à 23:13
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 - 7 nov. 2007 à 19:15
cgui33 Messages postés 1174 Date d'inscription vendredi 8 avril 2005 Statut Membre Dernière intervention 2 avril 2009 - 7 nov. 2007 à 19:15
A voir également:
- UC à 100% mais tous les processus a 0% ...
- Void(0); ✓ - Forum Javascript
- Remettre iphone a 0 - Guide
- Excel différent de 0 ✓ - Forum Excel
- Processeur utilisé a 100 en jeu ✓ - Forum Windows 10
- 100 mo en go ✓ - Forum Windows
3 réponses
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
6 nov. 2007 à 23:27
6 nov. 2007 à 23:27
essaies d'arrêter les applications une à une (msn , firefox ...)
pour vérifier que ton proccessur est toujours à 100% et qu'aucune application ne prend de ressources.
Si c'est encore le cas, c'est sûrement un processus caché.
Fais une recherche sur internet (si tu peux !) concernant ces processus.
Il y a des logiciels qui s'en chargent (destruction au redémarrage du PC par exemple)
Bonne chance
pour vérifier que ton proccessur est toujours à 100% et qu'aucune application ne prend de ressources.
Si c'est encore le cas, c'est sûrement un processus caché.
Fais une recherche sur internet (si tu peux !) concernant ces processus.
Il y a des logiciels qui s'en chargent (destruction au redémarrage du PC par exemple)
Bonne chance
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
7 nov. 2007 à 00:20
7 nov. 2007 à 00:20
Essaies de trouver : Silent Runners.vbs
et log le fichier résultat !
Tu peux tenter F-Secure BlackLight RootKit Eliminator : Fsbl.exe (en version évaluation)
Faut pas désespérer ...
et log le fichier résultat !
Tu peux tenter F-Secure BlackLight RootKit Eliminator : Fsbl.exe (en version évaluation)
Faut pas désespérer ...
Strat
Messages postés
61
Date d'inscription
dimanche 4 novembre 2007
Statut
Membre
Dernière intervention
18 novembre 2007
1
7 nov. 2007 à 00:30
7 nov. 2007 à 00:30
voilà le rapport silent runners :
edité, voir message suivant, désolé
Strat
Messages postés
61
Date d'inscription
dimanche 4 novembre 2007
Statut
Membre
Dernière intervention
18 novembre 2007
1
7 nov. 2007 à 00:40
7 nov. 2007 à 00:40
Oups ! Navré, le log etait pas complet, je viens d'avoir un autre messagebox comme quoi il est finit là :
"Silent Runners.vbs", revision 52, https://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "SystrayORAHSS" = ""C:\Program Files\Orange HSS\Systray\SystrayApp.exe"" ["France Telecom SA"] "ORAHSSSessionManager" = "C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" ["France Telecom SA"] "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {23A09ADD-59BB-4795-B9ED-BF861DA4FB52}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ssqpn.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {d03a04b8-f09c-4eea-809c-42992fdfc956}\(Default) = "{659cfdf2-9924-c908-aee4-c90f8b40a30d}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\joxqjhqg.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech" -> {HKLM...CLSID} = "Mes photos Logitech" \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{604C5810-D0CC-11D2-955F-00C04F79ED8A}" = "CIEL SA In-File System" -> {HKLM...CLSID} = "CIEL SA In-File System" \InProcServer32\(Default) = "C:\WINDOWS\system32\ifsrel.dll" ["CIEL SA"] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\WINDOWS\system32\__c00FBFB1.dat" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Loïc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll" ["France Telecom SA"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] France Telecom Routing Table Service, FTRTSVC, ""C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"" ["France Telecom SA"] NMIndexingService, NMIndexingService, ""C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon MP Language Monitor MP360\Driver = "CNMLMyd.DLL" ["CANON INC."] ---------- (launch time: 2007-11-07 00:27:18) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 704 seconds, including 19 seconds for message boxes)
cgui33
Messages postés
1174
Date d'inscription
vendredi 8 avril 2005
Statut
Membre
Dernière intervention
2 avril 2009
10
7 nov. 2007 à 19:15
7 nov. 2007 à 19:15
Cherches sur internet Virus 'ssqpn.dll'
Tu peux le supprimer
Ensuite : joxqjhqg.dll (Ce nom ne me dit vraiment rien !)
ça non plus je ne connais pas du tout (mais laisses le en place pour l'instant !)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\WINDOWS\system32\__c00FBFB1.dat" [null data]
qq pourra peut-être nous éclairer sur ce type de fichier !
Tu peux poster un log de HijackThis en + ?
Tu peux le supprimer
Ensuite : joxqjhqg.dll (Ce nom ne me dit vraiment rien !)
ça non plus je ne connais pas du tout (mais laisses le en place pour l'instant !)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\WINDOWS\system32\__c00FBFB1.dat" [null data]
qq pourra peut-être nous éclairer sur ce type de fichier !
Tu peux poster un log de HijackThis en + ?
6 nov. 2007 à 23:31
Mais un ou des processus caché(s) pourrai(en)t me bouffer 100% de mon processeur, le soir même de son reformatage Oo ?
En tout cas je vais effectuer des recherches sur ces processus cachés, merci.
7 nov. 2007 à 00:07
Une autre solution ? ^^"