Sujet Précédent Sujet Suivant

Rapport hijack

dono013 Messages postés 139 Statut Membre -  
dono013 Messages postés 139 Statut Membre -
Bonjour,

Voila depuis 2 heures mon lecteur windows s ouvre seul,et ma souris monte de qlq centimetre toutes seul de temps en temps,j ai fais une analyse avast spybot et malwerebyte et rien de suspect , donc je vous fais un rapport hijack si quequ un trouve quelque chose de suspect sa serais sympa de m aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:11, on 19/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\ResultBar\resultbar113.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ResultBar\resultbar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BEA4C43-7C91-437A-8480-4EB56EB21E23}: NameServer = 195.238.2.21,195.238.2.22
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Internet Security (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ResultBar Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ResultBar\resultbar113.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
A voir également:

88 réponses

Précédent
Réponse 61 / 88
dono013 Messages postés 139 Statut Membre
 
justement sa le probleme quand je clique sur enregistrer il me le telecharge directement et me demande pas ou l enregistrer je vais essayer par IE peut être pour sa qu il me demande pas
0
Réponse 62 / 88
dono013 Messages postés 139 Statut Membre
 
c'est bon par IE il me demande ou l enregistrer ^^ je fais sa de suite
0
Réponse 63 / 88
dono013 Messages postés 139 Statut Membre
 
Voilà le rapport
le Pc n'as pas redémarrer aprés l'analyse

ComboFix 10-11-22.05 - donovan 23/11/2010 19:42:50.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.624 [GMT 1:00]
Lancé depuis: c:\documents and settings\donovan\Bureau\Utilisateurl.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ST6UNST.000
c:\windows\system32\3090302556.dat
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-23 au 2010-11-23 ))))))))))))))))))))))))))))))))))))
.

2010-11-21 01:02 . 2010-11-21 01:02 -------- d-----w- c:\documents and settings\donovan\DoctorWeb
2010-11-21 00:33 . 2010-11-22 19:00 -------- d-----w- c:\program files\ZHPDiag
2010-11-21 00:10 . 2010-11-21 00:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-21 00:09 . 2010-11-21 00:09 -------- d-----w- C:\9c10728e55baa4860066f7b606
2010-11-20 23:40 . 2008-04-13 18:31 290816 ------w- c:\windows\system32\SET10AA.tmp
2010-11-20 23:40 . 2008-04-13 18:33 24576 ----a-w- c:\windows\system32\SET104C.tmp
2010-11-20 23:40 . 2008-04-13 18:31 177152 ----a-w- c:\windows\system32\SET1028.tmp
2010-11-20 23:39 . 2008-04-13 10:36 2986496 ----a-w- c:\windows\system32\SETFFF.tmp
2010-11-20 23:39 . 2008-04-13 18:33 15872 ----a-w- c:\windows\system32\SETFF5.tmp
2010-11-20 23:39 . 2008-04-13 18:33 75776 ----a-w- c:\windows\system32\SETFFC.tmp
2010-11-20 23:39 . 2008-04-13 18:33 121856 ------w- c:\windows\system32\SETFE8.tmp
2010-11-20 23:39 . 2008-04-13 18:33 80896 ----a-w- c:\windows\system32\SETFEC.tmp
2010-11-20 23:39 . 2008-04-13 18:33 354304 ----a-w- c:\windows\system32\SETFF1.tmp
2010-11-20 23:36 . 2008-04-13 18:33 44032 ----a-w- c:\windows\system32\SET285.tmp
2010-11-20 23:35 . 2006-12-28 11:01 19569 ----a-w- c:\windows\002950_.tmp
2010-11-20 22:32 . 2006-07-14 15:51 121856 ----a-w- c:\windows\system32\xmllite(3).dll
2010-11-20 22:32 . 2006-07-14 15:51 121856 ----a-w- c:\windows\system32\xmllite(2).dll
2010-11-20 21:15 . 2010-11-20 21:17 -------- d-----w- C:\Fix-Purge
2010-11-20 15:14 . 2010-11-21 00:10 -------- d-----w- c:\documents and settings\Administrateur
2010-11-20 14:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 14:15 . 2010-11-20 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-20 14:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 19:45 . 2010-11-20 12:18 -------- d-----w- C:\Ad-Remover
2010-11-16 17:54 . 2009-06-25 12:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-11-16 16:51 . 2010-11-16 16:51 -------- d-----w- c:\program files\Adobe Media Player
2010-11-11 22:58 . 2010-11-11 23:00 -------- d-----w- c:\documents and settings\donovan\Local Settings\Application Data\Temp
2010-11-09 21:15 . 2010-11-09 21:20 -------- d-----w- C:\Temp
2010-11-06 01:30 . 2010-11-06 01:30 -------- d-----w- c:\documents and settings\donovan\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut6_206049A8CD534D8B87D5F66190F05AB3.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut5_F4EE65F1A6CD4124B059E9FA9A98EBF7.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut3_BCB4A930B9F04A2480525A437423D92B.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut2_B4703F8364D440ADB60E472AD5422128.exe
2010-09-15 03:50 . 2010-08-06 18:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2007-09-01 17:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-07 15:12 . 2010-09-11 00:08 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-09-11 00:08 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-09-11 00:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-09-11 00:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-09-11 00:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-09-11 00:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-09-11 00:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-09-11 00:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-09-11 00:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-11 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 11:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 10:44 249856 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 10:44 81920 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 14:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\speedtouch usb diagnostics]
2004-01-26 10:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 15:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2004-08-20 10:28 45056 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 32784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/09/2010 01:08 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/09/2010 01:08 17744]
R3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 17:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 16:06 24592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [23/02/2006 17:05 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [23/02/2006 17:05 12672]
S4 Beilipftrve;Beilipftrve; [x]
.
Contenu du dossier 'Tâches planifiées'

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152528785-4172246947-502569184-1007Core.job
- c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-11 22:58]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152528785-4172246947-502569184-1007UA.job
- c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-11 22:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_search_url = hxxp://www.google.fr
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2BEA4C43-7C91-437A-8480-4EB56EB21E23} = 195.238.2.21,195.238.2.22
FF - ProfilePath - c:\documents and settings\donovan\Application Data\Mozilla\Firefox\Profiles\9xbch0my.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-Netlog 24 - c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 19:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2010-11-23 19:50:01
ComboFix-quarantined-files.txt 2010-11-23 18:49

Avant-CF: 34 197 725 184 octets libres
Après-CF: 34 382 667 776 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - F18B941FCA473A66586D1CDDB1316AA4
0
Réponse 64 / 88
dono013 Messages postés 139 Statut Membre
 
au démarrage du pc ojd il me demander de faire l instalation du service pack 3
se que je fais la comme la derniére fois a plus de la moitier d installation il me dit
le programme d installlation ne peux pas copier le fichier beethoven.wma
si je mets annuler il m 'annule toute l installation donc je sais pas quoi faire :s
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Salut :)

ok,, peut tu faire ceci stp ..

Appui sur la touche + R ..

dans l'encadrer tape ceci :

cmd.exe

une fois arriver dans l'invite de commande
tape ceci :

echo %path%

ensuite copie le contenue de ce qui te sera afficher ..
ou fait une capture d'écran :

Pour poster une capture d'écran...
1

--> Appuie sur la touche de ton clavier impr Ecran Syst.
--> Rend toi dans l'utilitaire de modification d'image appeler paint...
--> Tu a rien a Sélectionner clique juste sur l'onglet outil et clique sur coller.
--> Rend toi dans l'onglet fichier et sélectionne enregistrer sous..
--> en dessous de nom de fichier..dans l'onglet TYPE..sélectionne le format en .jpg. et enregistre le fichier sur ton bureau..

2
--> Rend toi ici sur ce lien : https://www.cjoint.com/
--> ou il ai marquer joindre un fichier clique sur parcourir et recherche ce fichier :

Le fichier que tu aura créer sur ton bureau

--> confirme l'envoie du fichier,
--> a la fin du chargement de la page un lien va ce former copie le et colle le ici.

ENSUITE :

* Télécharge SEAF (de C_XX) sur ton Bureau.
* Lance SEAF
* Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
* Tape

Svchost.exe

dans le champs de recherche,
Puis clique sur "Lancer la recherche" et patiente.
* Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.

Dans l'attente de tous sa :)
++
0
Réponse 66 / 88
dono013 Messages postés 139 Statut Membre
 
quand je clique + R sa fais rien :s
0
Réponse 67 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
re :D

non pas + r

Les touche Windows et R

ou alors rend toi ici :

C:/Windows/system32/cmd.exe

et exécute le fichier que je t'ai nommer en gras :)
++
0
Réponse 68 / 88
dono013 Messages postés 139 Statut Membre
 
https://www.cjoint.com/?0lyrKVYpLhk

voilà le lien ^^
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Re ;)

ok ,, recommence avec Cmd.exe

mais cette fois-ci écrit ceci :
set> C:\set.txt

tu aura un fichier sous la racine de ton disque dur nommer set.txt

héberge ce fichier grâce a cijoint et poste le lien obtenue ici ..

dans l'attente de ce Lien :)
++
0
Réponse 69 / 88
dono013 Messages postés 139 Statut Membre
 
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 13:16:25 le 25/11/2010
4.
5. Valeur(s) recherchée(s):
6. svchost.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\i386\svchost.exe" [ ARCHIVE | 14 Ko ]
18. TC: 01/03/2006,21:22:03 | TM: 05/08/2004,13:00:00 | DA: 20/11/2010,19:17:52
19.
20. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
21.
22. CompanyName: Microsoft Corporation
23. ProductName: Microsoft® Windows® Operating System
24. InternalName: svchost.exe
25. OriginalFileName: svchost.exe
26. LegalCopyright: © Microsoft Corporation. All rights reserved.
27. ProductVersion: 5.1.2600.2180
28. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
29.
30. =========================
31.
32.
33. "C:\WINDOWS\ERDNT\cache\svchost.exe" [ ARCHIVE | 14 Ko ]
34. TC: 23/11/2010,19:48:18 | TM: 05/08/2004,13:00:00 | DA: 23/11/2010,19:48:18
35.
36. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
37.
38. CompanyName: Microsoft Corporation
39. ProductName: Microsoft® Windows® Operating System
40. InternalName: svchost.exe
41. OriginalFileName: svchost.exe
42. LegalCopyright: © Microsoft Corporation. All rights reserved.
43. ProductVersion: 5.1.2600.2180
44. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
45.
46. =========================
47.
48.
49. "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 15 Ko ]
50. TC: 25/11/2010,13:12:17 | TM: 25/11/2010,13:12:17 | DA: 25/11/2010,13:12:17
51.
52. Hash MD5: E735D5DDBD7182E5B4CEAF45B7020A19
53.
54.
55. =========================
56.
57.
58. "C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe" [ ARCHIVE | 14 Ko ]
59. TC: 14/04/2008,03:34:23 | TM: 14/04/2008,03:34:23 | DA: 24/11/2010,13:21:22
60.
61. Hash MD5: E4BDF223CD75478BF44567B4D5C2634D
62.
63. CompanyName: Microsoft Corporation
64. ProductName: Microsoft® Windows® Operating System
65. InternalName: svchost.exe
66. OriginalFileName: svchost.exe
67. LegalCopyright: © Microsoft Corporation. All rights reserved.
68. ProductVersion: 5.1.2600.5512
69. FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
70.
71. =========================
72.
73.
74. "C:\WINDOWS\system32\svchost.exe" [ ARCHIVE | 14 Ko ]
75. TC: 20/08/2004,11:24:06 | TM: 05/08/2004,13:00:00 | DA: 25/11/2010,13:10:48
76.
77. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
78.
79. CompanyName: Microsoft Corporation
80. ProductName: Microsoft® Windows® Operating System
81. InternalName: svchost.exe
82. OriginalFileName: svchost.exe
83. LegalCopyright: © Microsoft Corporation. All rights reserved.
84. ProductVersion: 5.1.2600.2180
85. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
86.
87. =========================
88.
89.
90.
91. ====== Entrée(s) du registre ======
92.
93.
94. [HKLM\Software\Classes\CLSID\{A1E75357-881A-419E-83E2-BB16DB197C68}\LocalServer32]
95. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
96.
97. [HKLM\Software\Classes\CLSID\{A1F4E726-8CF1-11D1-BF92-0060081ED811}\LocalServer32]
98. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
99.
100. [HKLM\Software\Classes\CLSID\{E9376CC6-121A-447e-81CF-D8BCC200007C}\LocalServer32]
101. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
102.
103. [HKLM\System\ControlSet001\Services\Alerter]
104. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
105.
106. [HKLM\System\ControlSet001\Services\AppMgmt]
107. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
108.
109. [HKLM\System\ControlSet001\Services\AudioSrv]
110. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
111.
112. [HKLM\System\ControlSet001\Services\BITS]
113. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
114.
115. [HKLM\System\ControlSet001\Services\Browser]
116. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
117.
118. [HKLM\System\ControlSet001\Services\CryptSvc]
119. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
120.
121. [HKLM\System\ControlSet001\Services\Dhcp]
122. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
123.
124. [HKLM\System\ControlSet001\Services\dmserver]
125. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
126.
127. [HKLM\System\ControlSet001\Services\Dnscache]
128. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
129.
130. [HKLM\System\ControlSet001\Services\ERSvc]
131. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
132.
133. [HKLM\System\ControlSet001\Services\EventSystem]
134. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
135.
136. [HKLM\System\ControlSet001\Services\FastUserSwitchingCompatibility]
137. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
138.
139. [HKLM\System\ControlSet001\Services\helpsvc]
140. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
141.
142. [HKLM\System\ControlSet001\Services\HidServ]
143. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
144.
145. [HKLM\System\ControlSet001\Services\HTTPFilter]
146. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
147.
148. [HKLM\System\ControlSet001\Services\lanmanserver]
149. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
150.
151. [HKLM\System\ControlSet001\Services\lanmanworkstation]
152. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
153.
154. [HKLM\System\ControlSet001\Services\LmHosts]
155. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
156.
157. [HKLM\System\ControlSet001\Services\Messenger]
158. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
159.
160. [HKLM\System\ControlSet001\Services\Netman]
161. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
162.
163. [HKLM\System\ControlSet001\Services\Nla]
164. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
165.
166. [HKLM\System\ControlSet001\Services\NtmsSvc]
167. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
168.
169. [HKLM\System\ControlSet001\Services\RasAuto]
170. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
171.
172. [HKLM\System\ControlSet001\Services\RasMan]
173. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
174.
175. [HKLM\System\ControlSet001\Services\RemoteAccess]
176. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
177.
178. [HKLM\System\ControlSet001\Services\Schedule]
179. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
180.
181. [HKLM\System\ControlSet001\Services\seclogon]
182. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
183.
184. [HKLM\System\ControlSet001\Services\SENS]
185. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
186.
187. [HKLM\System\ControlSet001\Services\SharedAccess]
188. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
189.
190. [HKLM\System\ControlSet001\Services\ShellHWDetection]
191. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
192.
193. [HKLM\System\ControlSet001\Services\srservice]
194. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
195.
196. [HKLM\System\ControlSet001\Services\SSDPSRV]
197. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
198.
199. [HKLM\System\ControlSet001\Services\stisvc]
200. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
201.
202. [HKLM\System\ControlSet001\Services\TapiSrv]
203. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
204.
205. [HKLM\System\ControlSet001\Services\Themes]
206. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
207.
208. [HKLM\System\ControlSet001\Services\TrkWks]
209. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
210.
211. [HKLM\System\ControlSet001\Services\upnphost]
212. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
213.
214. [HKLM\System\ControlSet001\Services\w32time]
215. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
216.
217. [HKLM\System\ControlSet001\Services\WebClient]
218. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
219.
220. [HKLM\System\ControlSet001\Services\winmgmt]
221. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
222.
223. [HKLM\System\ControlSet001\Services\WmdmPmSN]
224. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
225.
226. [HKLM\System\ControlSet001\Services\wscsvc]
227. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
228.
229. [HKLM\System\ControlSet001\Services\wuauserv]
230. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
231.
232. [HKLM\System\ControlSet001\Services\WZCSVC]
233. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
234.
235. [HKLM\System\ControlSet001\Services\xmlprov]
236. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
237.
238. [HKLM\System\ControlSet002\Services\Alerter]
239. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
240.
241. [HKLM\System\ControlSet002\Services\AppMgmt]
242. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
243.
244. [HKLM\System\ControlSet002\Services\AudioSrv]
245. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
246.
247. [HKLM\System\ControlSet002\Services\BITS]
248. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
249.
250. [HKLM\System\ControlSet002\Services\Browser]
251. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
252.
253. [HKLM\System\ControlSet002\Services\CryptSvc]
254. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
255.
256. [HKLM\System\ControlSet002\Services\Dhcp]
257. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
258.
259. [HKLM\System\ControlSet002\Services\dmserver]
260. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
261.
262. [HKLM\System\ControlSet002\Services\Dnscache]
263. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
264.
265. [HKLM\System\ControlSet002\Services\ERSvc]
266. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
267.
268. [HKLM\System\ControlSet002\Services\EventSystem]
269. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
270.
271. [HKLM\System\ControlSet002\Services\FastUserSwitchingCompatibility]
272. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
273.
274. [HKLM\System\ControlSet002\Services\helpsvc]
275. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
276.
277. [HKLM\System\ControlSet002\Services\HidServ]
278. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
279.
280. [HKLM\System\ControlSet002\Services\HTTPFilter]
281. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
282.
283. [HKLM\System\ControlSet002\Services\lanmanserver]
284. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
285.
286. [HKLM\System\ControlSet002\Services\lanmanworkstation]
287. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
288.
289. [HKLM\System\ControlSet002\Services\LmHosts]
290. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
291.
292. [HKLM\System\ControlSet002\Services\Messenger]
293. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
294.
295. [HKLM\System\ControlSet002\Services\Netman]
296. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
297.
298. [HKLM\System\ControlSet002\Services\Nla]
299. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
300.
301. [HKLM\System\ControlSet002\Services\NtmsSvc]
302. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
303.
304. [HKLM\System\ControlSet002\Services\RasAuto]
305. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
306.
307. [HKLM\System\ControlSet002\Services\RasMan]
308. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
309.
310. [HKLM\System\ControlSet002\Services\RemoteAccess]
311. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
312.
313. [HKLM\System\ControlSet002\Services\Schedule]
314. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
315.
316. [HKLM\System\ControlSet002\Services\seclogon]
317. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
318.
319. [HKLM\System\ControlSet002\Services\SENS]
320. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
321.
322. [HKLM\System\ControlSet002\Services\SharedAccess]
323. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
324.
325. [HKLM\System\ControlSet002\Services\ShellHWDetection]
326. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
327.
328. [HKLM\System\ControlSet002\Services\srservice]
329. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
330.
331. [HKLM\System\ControlSet002\Services\SSDPSRV]
332. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
333.
334. [HKLM\System\ControlSet002\Services\stisvc]
335. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
336.
337. [HKLM\System\ControlSet002\Services\TapiSrv]
338. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
339.
340. [HKLM\System\ControlSet002\Services\Themes]
341. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
342.
343. [HKLM\System\ControlSet002\Services\TrkWks]
344. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
345.
346. [HKLM\System\ControlSet002\Services\upnphost]
347. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
348.
349. [HKLM\System\ControlSet002\Services\w32time]
350. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
351.
352. [HKLM\System\ControlSet002\Services\WebClient]
353. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
354.
355. [HKLM\System\ControlSet002\Services\winmgmt]
356. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
357.
358. [HKLM\System\ControlSet002\Services\WmdmPmSN]
359. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
360.
361. [HKLM\System\ControlSet002\Services\wscsvc]
362. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
363.
364. [HKLM\System\ControlSet002\Services\wuauserv]
365. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
366.
367. [HKLM\System\ControlSet002\Services\WZCSVC]
368. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
369.
370. [HKLM\System\ControlSet002\Services\xmlprov]
371. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
372.
373. [HKLM\System\ControlSet003\Services\Alerter]
374. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
375.
376. [HKLM\System\ControlSet003\Services\AppMgmt]
377. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
378.
379. [HKLM\System\ControlSet003\Services\AudioSrv]
380. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
381.
382. [HKLM\System\ControlSet003\Services\BITS]
383. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
384.
385. [HKLM\System\ControlSet003\Services\Browser]
386. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
387.
388. [HKLM\System\ControlSet003\Services\CryptSvc]
389. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
390.
391. [HKLM\System\ControlSet003\Services\Dhcp]
392. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
393.
394. [HKLM\System\ControlSet003\Services\dmserver]
395. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
396.
397. [HKLM\System\ControlSet003\Services\Dnscache]
398. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
399.
400. [HKLM\System\ControlSet003\Services\ERSvc]
401. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
402.
403. [HKLM\System\ControlSet003\Services\EventSystem]
404. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
405.
406. [HKLM\System\ControlSet003\Services\FastUserSwitchingCompatibility]
407. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
408.
409. [HKLM\System\ControlSet003\Services\helpsvc]
410. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
411.
412. [HKLM\System\ControlSet003\Services\HidServ]
413. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
414.
415. [HKLM\System\ControlSet003\Services\HTTPFilter]
416. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
417.
418. [HKLM\System\ControlSet003\Services\lanmanserver]
419. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
420.
421. [HKLM\System\ControlSet003\Services\lanmanworkstation]
422. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
423.
424. [HKLM\System\ControlSet003\Services\LmHosts]
425. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
426.
427. [HKLM\System\ControlSet003\Services\Messenger]
428. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
429.
430. [HKLM\System\ControlSet003\Services\Netman]
431. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
432.
433. [HKLM\System\ControlSet003\Services\Nla]
434. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
435.
436. [HKLM\System\ControlSet003\Services\NtmsSvc]
437. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
438.
439. [HKLM\System\ControlSet003\Services\RasAuto]
440. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
441.
442. [HKLM\System\ControlSet003\Services\RasMan]
443. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
444.
445. [HKLM\System\ControlSet003\Services\RemoteAccess]
446. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
447.
448. [HKLM\System\ControlSet003\Services\Schedule]
449. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
450.
451. [HKLM\System\ControlSet003\Services\seclogon]
452. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
453.
454. [HKLM\System\ControlSet003\Services\SENS]
455. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
456.
457. [HKLM\System\ControlSet003\Services\SharedAccess]
458. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
459.
460. [HKLM\System\ControlSet003\Services\ShellHWDetection]
461. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
462.
463. [HKLM\System\ControlSet003\Services\srservice]
464. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
465.
466. [HKLM\System\ControlSet003\Services\SSDPSRV]
467. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
468.
469. [HKLM\System\ControlSet003\Services\stisvc]
470. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
471.
472. [HKLM\System\ControlSet003\Services\TapiSrv]
473. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
474.
475. [HKLM\System\ControlSet003\Services\Themes]
476. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
477.
478. [HKLM\System\ControlSet003\Services\TrkWks]
479. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
480.
481. [HKLM\System\ControlSet003\Services\uploadmgr]
482. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
483.
484. [HKLM\System\ControlSet003\Services\upnphost]
485. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
486.
487. [HKLM\System\ControlSet003\Services\w32time]
488. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
489.
490. [HKLM\System\ControlSet003\Services\WebClient]
491. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
492.
493. [HKLM\System\ControlSet003\Services\winmgmt]
494. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
495.
496. [HKLM\System\ControlSet003\Services\WmdmPmSN]
497. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
498.
499. [HKLM\System\ControlSet003\Services\wscsvc]
500. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
501.
502. [HKLM\System\ControlSet003\Services\wuauserv]
503. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
504.
505. [HKLM\System\ControlSet003\Services\WZCSVC]
506. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
507.
508. [HKLM\System\ControlSet003\Services\xmlprov]
509. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
510.
511. [HKLM\System\ControlSet004\Services\Alerter]
512. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
513.
514. [HKLM\System\ControlSet004\Services\AppMgmt]
515. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
516.
517. [HKLM\System\ControlSet004\Services\AudioSrv]
518. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
519.
520. [HKLM\System\ControlSet004\Services\BITS]
521. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
522.
523. [HKLM\System\ControlSet004\Services\Browser]
524. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
525.
526. [HKLM\System\ControlSet004\Services\CryptSvc]
527. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
528.
529. [HKLM\System\ControlSet004\Services\Dhcp]
530. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
531.
532. [HKLM\System\ControlSet004\Services\dmserver]
533. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
534.
535. [HKLM\System\ControlSet004\Services\Dnscache]
536. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
537.
538. [HKLM\System\ControlSet004\Services\ERSvc]
539. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
540.
541. [HKLM\System\ControlSet004\Services\EventSystem]
542. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
543.
544. [HKLM\System\ControlSet004\Services\FastUserSwitchingCompatibility]
545. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
546.
547. [HKLM\System\ControlSet004\Services\helpsvc]
548. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
549.
550. [HKLM\System\ControlSet004\Services\HidServ]
551. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
552.
553. [HKLM\System\ControlSet004\Services\HTTPFilter]
554. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
555.
556. [HKLM\System\ControlSet004\Services\lanmanserver]
557. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
558.
559. [HKLM\System\ControlSet004\Services\lanmanworkstation]
560. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
561.
562. [HKLM\System\ControlSet004\Services\LmHosts]
563. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
564.
565. [HKLM\System\ControlSet004\Services\Messenger]
566. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
567.
568. [HKLM\System\ControlSet004\Services\Netman]
569. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
570.
571. [HKLM\System\ControlSet004\Services\Nla]
572. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
573.
574. [HKLM\System\ControlSet004\Services\NtmsSvc]
575. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
576.
577. [HKLM\System\ControlSet004\Services\RasAuto]
578. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
579.
580. [HKLM\System\ControlSet004\Services\RasMan]
581. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
582.
583. [HKLM\System\ControlSet004\Services\RemoteAccess]
584. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
585.
586. [HKLM\System\ControlSet004\Services\Schedule]
587. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
588.
589. [HKLM\System\ControlSet004\Services\seclogon]
590. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
591.
592. [HKLM\System\ControlSet004\Services\SENS]
593. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
594.
595. [HKLM\System\ControlSet004\Services\SharedAccess]
596. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
597.
598. [HKLM\System\ControlSet004\Services\ShellHWDetection]
599. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
600.
601. [HKLM\System\ControlSet004\Services\srservice]
602. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
603.
604. [HKLM\System\ControlSet004\Services\SSDPSRV]
605. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
606.
607. [HKLM\System\ControlSet004\Services\stisvc]
608. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
609.
610. [HKLM\System\ControlSet004\Services\TapiSrv]
611. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
612.
613. [HKLM\System\ControlSet004\Services\Themes]
614. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
615.
616. [HKLM\System\ControlSet004\Services\TrkWks]
617. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
618.
619. [HKLM\System\ControlSet004\Services\uploadmgr]
620. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
621.
622. [HKLM\System\ControlSet004\Services\upnphost]
623. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
624.
625. [HKLM\System\ControlSet004\Services\w32time]
626. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
627.
628. [HKLM\System\ControlSet004\Services\WebClient]
629. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
630.
631. [HKLM\System\ControlSet004\Services\winmgmt]
632. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
633.
634. [HKLM\System\ControlSet004\Services\WmdmPmSN]
635. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
636.
637. [HKLM\System\ControlSet004\Services\wscsvc]
638. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
639.
640. [HKLM\System\ControlSet004\Services\wuauserv]
641. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
642.
643. [HKLM\System\ControlSet004\Services\WZCSVC]
644. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
645.
646. [HKLM\System\ControlSet004\Services\xmlprov]
647. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
648.
649. [HKLM\System\CurrentControlSet\Services\Alerter]
650. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
651.
652. [HKLM\System\CurrentControlSet\Services\AppMgmt]
653. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
654.
655. [HKLM\System\CurrentControlSet\Services\AudioSrv]
656. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
657.
658. [HKLM\System\CurrentControlSet\Services\BITS]
659. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
660.
661. [HKLM\System\CurrentControlSet\Services\Browser]
662. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
663.
664. [HKLM\System\CurrentControlSet\Services\CryptSvc]
665. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
666.
667. [HKLM\System\CurrentControlSet\Services\Dhcp]
668. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
669.
670. [HKLM\System\CurrentControlSet\Services\dmserver]
671. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
672.
673. [HKLM\System\CurrentControlSet\Services\Dnscache]
674. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
675.
676. [HKLM\System\CurrentControlSet\Services\ERSvc]
677. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
678.
679. [HKLM\System\CurrentControlSet\Services\EventSystem]
680. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
681.
682. [HKLM\System\CurrentControlSet\Services\FastUserSwitchingCompatibility]
683. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
684.
685. [HKLM\System\CurrentControlSet\Services\helpsvc]
686. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
687.
688. [HKLM\System\CurrentControlSet\Services\HidServ]
689. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
690.
691. [HKLM\System\CurrentControlSet\Services\HTTPFilter]
692. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
693.
694. [HKLM\System\CurrentControlSet\Services\lanmanserver]
695. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
696.
697. [HKLM\System\CurrentControlSet\Services\lanmanworkstation]
698. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
699.
700. [HKLM\System\CurrentControlSet\Services\LmHosts]
701. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
702.
703. [HKLM\System\CurrentControlSet\Services\Messenger]
704. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
705.
706. [HKLM\System\CurrentControlSet\Services\Netman]
707. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
708.
709. [HKLM\System\CurrentControlSet\Services\Nla]
710. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
711.
712. [HKLM\System\CurrentControlSet\Services\NtmsSvc]
713. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
714.
715. [HKLM\System\CurrentControlSet\Services\RasAuto]
716. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
717.
718. [HKLM\System\CurrentControlSet\Services\RasMan]
719. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
720.
721. [HKLM\System\CurrentControlSet\Services\RemoteAccess]
722. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
723.
724. [HKLM\System\CurrentControlSet\Services\Schedule]
725. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
726.
727. [HKLM\System\CurrentControlSet\Services\seclogon]
728. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
729.
730. [HKLM\System\CurrentControlSet\Services\SENS]
731. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
732.
733. [HKLM\System\CurrentControlSet\Services\SharedAccess]
734. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
735.
736. [HKLM\System\CurrentControlSet\Services\ShellHWDetection]
737. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
738.
739. [HKLM\System\CurrentControlSet\Services\srservice]
740. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
741.
742. [HKLM\System\CurrentControlSet\Services\SSDPSRV]
743. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
744.
745. [HKLM\System\CurrentControlSet\Services\stisvc]
746. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
747.
748. [HKLM\System\CurrentControlSet\Services\TapiSrv]
749. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
750.
751. [HKLM\System\CurrentControlSet\Services\Themes]
752. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
753.
754. [HKLM\System\CurrentControlSet\Services\TrkWks]
755. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
756.
757. [HKLM\System\CurrentControlSet\Services\uploadmgr]
758. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
759.
760. [HKLM\System\CurrentControlSet\Services\upnphost]
761. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
762.
763. [HKLM\System\CurrentControlSet\Services\w32time]
764. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
765.
766. [HKLM\System\CurrentControlSet\Services\WebClient]
767. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
768.
769. [HKLM\System\CurrentControlSet\Services\winmgmt]
770. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
771.
772. [HKLM\System\CurrentControlSet\Services\WmdmPmSN]
773. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
774.
775. [HKLM\System\CurrentControlSet\Services\wscsvc]
776. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
777.
778. [HKLM\System\CurrentControlSet\Services\wuauserv]
779. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
780.
781. [HKLM\System\CurrentControlSet\Services\WZCSVC]
782. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
783.
784. [HKLM\System\CurrentControlSet\Services\xmlprov]
785. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
786.
787. =========================
788.
789. Fin à: 13:28:29 le 25/11/2010
790. 403600 Éléments analysés
791.
792. =========================
793. E.O.F
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
impec :D

peut tu maintenant faire comme demander juste au dessus de ton rapport :)

++ :D
0
Réponse 70 / 88
dono013 Messages postés 139 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201011/cijI6Lg0a2.txt

voilà ^^
0
Réponse 71 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Hello :D

désoler pour cette attente .
je suis en train de demander conseil aux collègue .

je te prévient des que j'en ai une réponse ;)
++
0
Réponse 72 / 88
dono013 Messages postés 139 Statut Membre
 
ok pas de probléme merci beaucoup
0
Réponse 73 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Hello :D

Bien,, donc

tu a Malwarebyte ..

Lance le <<Met le a jour>> il devrait te demander d'installer la nouvelle Version qui a la 1.50..
Accepte .

Ensuite Lance un examen complet du pC.
supprime les menaces qu'il aura détecter puis poste moi le rapport qui te sera présenter ..

Dans l'attente de celui-ci ;)
++
0
Réponse 74 / 88
dono013 Messages postés 139 Statut Membre
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 5214

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/12/2010 21:51:40
mbam-log-2010-12-04 (21-51-40).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 246752
Temps écoulé: 1 heure(s), 6 minute(s), 17 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\ADNIW\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\cadmanager\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\EXPRESS\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\NLM\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
0
Réponse 75 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Helo :D

Avait tu déjà ces fichiers avant la mise a jour de Malwarebyte ??

on va vérifier tous cela en ligne :

Rend toi sur ce lien :
https://www.eset.com/

--> clique sur le carrer vert "online scanner",
--> Il recherchera ton navigateur pour voir si il et compatible, une fois fait tu devra accepter les terme du contrat de licence, Accepte les,
--> Une fois accepter tu pourra alors cliquer sur start, Il risque de te demander d'installer un contrôle Activ X...Accepte le,
--> Tu aura alors la page de paramètre d'analyse de l'ordinateur.Voici les paramètres a effectuer :

-> Laisse cocher "Supprimer les menaces détectées"
-> Coche la case "Analyser les archives"

--> Clique sur le lien en bleu " Paramètre Avancés",

--> Si il ne sont pas cocher, coche ces cases :

-> "Rechercher les applications potentiellement indésirables"
-> "Rechercher les applications potentiellement dangereuses"
-> "Activer la technologie Anti-Stealth (Anti-furtivité)"

--> décoche cette cases :

-> utilisez des paramètres proxy manuel...

--> une fois terminer, colle le rapport qui et stoker a cette emplacement :
C:\Program Files\EsetOnlineScanner\log.txt

/!\ Il se peut que le Scan soit très longt /!\

=> Aide et Tuto

@ ++ ;)
0
Réponse 76 / 88
dono013 Messages postés 139 Statut Membre
 
derniére fois avec malwarebyte on avait tout éffacer donc je comprends pas d ou viennent ces nouvelle infection surtout que je fais que allez sur fb et msn :s j'ai plus rien télécharger depuis :s
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
hello,,

pas de soucis.. c'est la mise a jour du programme qui a une meilleurs détection, ;)

tu peux passer a Eset :)
++
0
Réponse 77 / 88
dono013 Messages postés 139 Statut Membre
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3acf173aaff615408c6b1e8fd06c6b88
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-05 12:33:30
# local_time=2010-12-05 01:33:30 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 6547865 6547865 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3781 3781 0 0
# compatibility_mode=9217 16777214 0 9 48082767 59838480 0 0
# scanned=106653
# found=1
# cleaned=1
# scan_time=5673
C:\Documents and Settings\donovan\Mes documents\Téléchargements\MsgPlusLive-490.exe
0
Réponse 78 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Re, ;)

ok,

Rend toi ici :

MEnu demarrer >> panneau de configuration >> ajout suppression de programme <

Désinstalle ZHPdiag,,

Puis installe la nouvelle Version ici en bas de page:

http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ENSUITE :

Relance un diagnostic avec ZHPdiag,, comme tu la fait précédemment STp°
N'oublie pas d'héberger le rapport Via Cijoint

Dans l'attente de ton lien :D
++
ce n'est pas en cherchant que l'on trouve.. Mais bel et bien en trouvant que l'on cherche ;).....
0
Réponse 79 / 88
dono013 Messages postés 139 Statut Membre
 
lol ok je vais devenir fou moi je fais quoi pour msn plus qui est infecter
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Tinquiete pas pour sa...

le programme d'installation propose dans ces supplément une toolbar et ou le sponcor qui et piéger..

Eset la trouver comme infectieux a cause de ceci,
mais il ne s'agit pas de messenger plus la,,
il s'agit d'après ce que je voie du programme d'installation..
donc rien de grave ;)
++
0
Réponse 80 / 88
dono013 Messages postés 139 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201012/cijuelMgKm.txt
dit moi si c est bien ca :p
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses