J'ai des lignes en rouges sur OTL Extra pour imesh.exe, ...

[Grompf]

Bonsoir,

Une amie avait 2 ou 3 cochoneries sur son PC portable, sous Windows 7.
J'ai enlevé les barres d'outils parasites (merci AdwCleaner) et j'ai scanner avec 2 antivirus, l'un après l'autre (DrWeb CureIt puis ESET en ligne). Outre les barres d'outils il a avait des chevaux de Troie. Apparemment, l'ordinateur est maintenant propre.

Par acquis de conscience, j'ai utilisé OTL, pour soumettre le scan sur pjjoint. La première partie du scan (OTL.Txt) n'a rien donné de spécial. En revanche le complément (Extras.Txt) met des lignes rouges, mais pas en gras. On m'explique qu'il s'agit de détections génériques. Que sont les détections génériques ?
Ces lignes correspondent toutes au programme imesh.exe.

Y'a-t-il un souci ?

J'ai mis ci-dessous le rapport de pjjpoint sur le rapport "Extras.Txt"

L'ordi semble fonctionner normalement.

Je fais des mises à jour, je mets un antivirus et j'espère que la personne n'aura plus de soucis... Pour autant que l'ordi soit maintenant propre.

Meilleures salutations

Grompf


OTL Extras logfile created on: 30/07/2015 20:17:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ITIMAD\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1,50 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 29,50% Memory free [Attention - Mémoire libre insuffisante - désinstaller les programmes inutiles]
3,00 Gb Paging File | 1,94 Gb Available in Paging File | 64,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 7,02 Gb Free Space | 18,83% Space Free | Partition Type: NTFS

Computer Name: PERSONAL | User Name: ITIMAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

<FONT COLOR=E56717]>========== Extra Registry (SafeList) ==========</FONT>


<FONT COLOR=E56717]>========== File Associations ==========</FONT>

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\extension]

[HKEY_USERS\S-1-5-21-1805810137-2098606172-4268268705-1000\SOFTWARE\Classes\extension]

<FONT COLOR=E56717]>========== Shell Spawning ==========</FONT>

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\key\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

<FONT COLOR=E56717]>========== Security Center Settings ==========</FONT>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = Reg Error: Unknown registry data type -- File not found
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

<FONT COLOR=E56717]>========== Firewall Settings ==========</FONT>

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
DisableNotifications = 0
EnableFirewall = 1

<FONT COLOR=E56717]>========== Authorized Applications List ==========</FONT>


<FONT COLOR=E56717]>========== Vista Active Open Ports Exception List ==========</FONT>

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{155D1534-9E8A-4F78-A50F-84A264C6DC90} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{238FF698-D59C-4475-92E6-F649D03DDB18} = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{3930DA6F-92DB-4B93-8810-D2E75C6BBF27} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{445E0C75-BFFF-412D-B47D-8ADBC3AF1FDA} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{515C2100-58FE-436A-8BA1-D6E93B567F2E} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{5A031BED-0239-44F2-B84F-EA000D37D1A7} = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{6F6F977E-9B93-4F83-A304-91C3F65DF765} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{74694CA8-35B5-41DB-B58D-A7C3FD1181C5} = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
{7AC15502-432E-4321-84A3-1E971EB8F339} = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
{7FC85C37-B668-4066-B5E5-50DB7831B039} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{8F6171FD-FB24-4969-9546-A11641B734ED} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{8F6BFB77-4897-4C4D-9287-8DCF18D0F831} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{9444BD35-CF8A-4236-9B6D-621EEE9B2C4D} = lport=10243 | protocol=6 | dir=in | app=system |
{B896C34D-547C-4BB2-B65C-350D66BE56BC} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{BA0BCCAA-D8BA-44AE-8423-D1F21C83674C} = lport=2869 | protocol=6 | dir=in | app=system |
{BE0F5946-D0C1-4F22-A27B-BEA59F066733} = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{D2C8CE6A-3B1E-476E-B769-FA92959B0F64} = rport=10243 | protocol=6 | dir=out | app=system |
{DA5A78EE-5D85-4C4A-924D-365D919DC11A} = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
{DB5A2BA4-117B-4384-A3EB-17C044CCA3F4} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{FD5581B1-A909-439A-9FB3-BC5CD26F0CD9} = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

<FONT COLOR=E56717]>========== Vista Active Application Exception List ==========</FONT>

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{02B16C23-C9AC-4373-85A9-7CC0C715F39C} = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{0E15F413-542E-4258-B9B0-46B679D07665} = protocol=17 | dir=in | app=c:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe |
{137A30A9-9882-42D0-8043-930745B15383} = protocol=17 | dir=in | app=c:\users\itimad\desktop\lausanne\vuze\azureus.exe |
{1B2A266A-783E-465D-AF67-E71E01C39051} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{1BD10F19-7903-4420-BEC4-C0BBFC97A972} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{2172B2F7-2549-4B20-B36F-E79B8F7A9499} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{2996E199-82D3-4708-8762-C5121C1F10D4} = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
{36703EFC-8628-44A0-8F93-3F1FAAE23EDD} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{3B0CE501-5E3E-4247-8CFA-73BF878439ED} = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{43115E7A-5C88-4FF3-A35E-FFB675CA88B8} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{52E688EE-BD59-4427-B652-CC5B76B8FE58} = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
{5A1A7D9A-2A05-4888-B0DB-662E223208A4} = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{6F0D225C-6249-4076-AABE-F7E1E309821B} = protocol=6 | dir=in | app=c:\users\itimad\desktop\lausanne\vuze\azureus.exe |
{70EC5638-1A80-40E9-80A5-67BE4907E033} = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{8073848D-49B0-4B75-A7A2-0DC11D0C45C4} = protocol=17 | dir=in | app=c:\users\itimad\desktop\lausanne\vuze\azureus.exe |
{89189392-D63E-42CC-8B1C-333AC368A3F6} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{8F260A0B-52C1-48D1-8AA9-4E2AAEA023F2} = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{937395F6-0583-42C1-A2CD-52DCA7B2ECFA} = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{97CCA776-76EF-4A7C-8896-3DD3499264DD} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{A203CEF0-F413-44FB-A5F6-0E8827206D4F} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{AAD2C48A-24D4-497F-A7B1-B0B6A10596A0} = protocol=6 | dir=in | app=c:\users\itimad\desktop\lausanne\vuze\azureus.exe |
{AF8CDF77-BD71-4798-B5A3-9EC3F61645CB} = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
{B5F40499-AF18-479A-99E0-2DD22A78DE3F} = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
{BBF0A481-7B6B-4B1D-92E4-8DCC106C9A61} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{D2C3139E-B3F0-4054-B1ED-FE1BBF13187C} = protocol=6 | dir=in | app=c:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe |
{DBEABEDD-D632-490C-8E0D-1DEECA972235} = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{DCD89F25-A6CB-4D8E-8D6F-80676B8FF98E} = protocol=6 | dir=out | app=system |
{E2EEC3E7-86AC-4F97-90EA-505B0BF5A604} = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
{E3C1629D-3E58-4DCB-851D-BF58519C3491} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{F1E6B5CF-A0B6-4E79-91BE-D7DDB8D974BA} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{F9592C83-80AF-4048-A51C-43BA787B81BF} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{649D2763-7E6F-4055-A4A3-37E1E69EA9D8}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
TCP Query User{CBCE4034-F61A-4D6A-9403-DD73B6212C0C}C:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe = protocol=6 | dir=in | app=c:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe |
UDP Query User{32949A30-075A-4C98-AF56-2453F2B0742A}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
UDP Query User{B3F80C20-AB71-48D2-8590-0DA4D4C6928E}C:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe = protocol=17 | dir=in | app=c:\users\itimad\desktop\lausanne\archivos itunes\itunes.exe |

<FONT COLOR=E56717]>========== HKEY_LOCAL_MACHINE Uninstall List ==========</FONT>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{90120000-00B2-0C0A-0000-0000000FF1CE} = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
{95140000-007A-0C0A-0000-0000000FF1CE} = Microsoft Office Outlook Connector
{AC76BA86-0804-1033-1959-001824147215} = Adobe Refresh Manager
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ESN Language Pack = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
Mozilla Firefox 39.0 (x86 es-ES) = Mozilla Firefox 39.0 (x86 es-ES)
MozillaMaintenanceService = Mozilla Maintenance Service
Power Management Driver = ThinkPad Power Management Driver
STANDARD = Microsoft Office Standard 2007
VLC media player = VLC media player 1.0.2
WinLiveSuite = Windows Live Essentials

<FONT COLOR=E56717]>========== Last 20 Event Log Errors ==========</FONT>

[ Application Events ]
Error - 30/03/2013 8:39:13 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3605

Error - 30/03/2013 8:39:15 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2013 8:39:15 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5257

Error - 30/03/2013 8:39:15 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5257

Error - 02/04/2013 16:03:45 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/04/2013 16:03:45 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1803

Error - 02/04/2013 16:03:45 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1803

Error - 02/04/2013 16:03:47 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 02/04/2013 16:03:47 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3365

Error - 02/04/2013 16:03:47 | Computer Name = PERSONAL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3365

[ System Events ]
Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = El servicio Adobe Acrobat Update Service se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = El servicio Servicio Bonjour se terminó de manera inesperada. Esto
ha sucedido 1 veces.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = El servicio Machine Debug Manager se terminó de manera inesperada.
Esto ha sucedido 1 veces.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7031
Description = El servicio Protección de software terminó inesperadamente. Esto se
ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos:
Reiniciar el servicio.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7031
Description = El servicio Windows Live ID Sign-in Assistant terminó inesperadamente.
Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000
milisegundos: Reiniciar el servicio.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7031
Description = El servicio Servicio de uso compartido de red del Reproductor de Windows
Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente
acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error - 29/07/2015 14:12:16 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7031
Description = El servicio Windows Search terminó inesperadamente. Esto se ha repetido
1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar
el servicio.

Error - 29/07/2015 14:12:27 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7031
Description = El servicio Windows Search terminó inesperadamente. Esto se ha repetido
2 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar
el servicio.

Error - 29/07/2015 14:12:57 | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7032
Description = El Administrador de control de servicios intentó realizar una acción
correctora (Reiniciar el servicio) después de la terminación inesperada del servicio
Windows Search, pero ocurrió el siguiente error: %%1056

Error - 30/07/2015 1:25:50 | Computer Name = PERSONAL | Source = volsnap | ID = 393252
Description = Se anularon las instantáneas del volumen C: porque el almacenamiento
de instantáneas no pudo crecer debido a un límite impuesto por el usuario.


< End of report >
Procé

[Malekal_morte]

Salut,

OTL est dépassé et en plus tu n's mis qu'un rapport.


Suis le tutoriel FRST.
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à  ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.