Rapport hijack - Page 4

Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
Réponse 61 / 88
dono013 Messages postés 139 Statut Membre
 
justement sa le probleme quand je clique sur enregistrer il me le telecharge directement et me demande pas ou l enregistrer je vais essayer par IE peut être pour sa qu il me demande pas
0
Réponse 62 / 88
dono013 Messages postés 139 Statut Membre
 
c'est bon par IE il me demande ou l enregistrer ^^ je fais sa de suite
0
Réponse 63 / 88
dono013 Messages postés 139 Statut Membre
 
Voilà le rapport
le Pc n'as pas redémarrer aprés l'analyse

ComboFix 10-11-22.05 - donovan 23/11/2010 19:42:50.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.624 [GMT 1:00]
Lancé depuis: c:\documents and settings\donovan\Bureau\Utilisateurl.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ST6UNST.000
c:\windows\system32\3090302556.dat
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-23 au 2010-11-23 ))))))))))))))))))))))))))))))))))))
.

2010-11-21 01:02 . 2010-11-21 01:02 -------- d-----w- c:\documents and settings\donovan\DoctorWeb
2010-11-21 00:33 . 2010-11-22 19:00 -------- d-----w- c:\program files\ZHPDiag
2010-11-21 00:10 . 2010-11-21 00:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-21 00:09 . 2010-11-21 00:09 -------- d-----w- C:\9c10728e55baa4860066f7b606
2010-11-20 23:40 . 2008-04-13 18:31 290816 ------w- c:\windows\system32\SET10AA.tmp
2010-11-20 23:40 . 2008-04-13 18:33 24576 ----a-w- c:\windows\system32\SET104C.tmp
2010-11-20 23:40 . 2008-04-13 18:31 177152 ----a-w- c:\windows\system32\SET1028.tmp
2010-11-20 23:39 . 2008-04-13 10:36 2986496 ----a-w- c:\windows\system32\SETFFF.tmp
2010-11-20 23:39 . 2008-04-13 18:33 15872 ----a-w- c:\windows\system32\SETFF5.tmp
2010-11-20 23:39 . 2008-04-13 18:33 75776 ----a-w- c:\windows\system32\SETFFC.tmp
2010-11-20 23:39 . 2008-04-13 18:33 121856 ------w- c:\windows\system32\SETFE8.tmp
2010-11-20 23:39 . 2008-04-13 18:33 80896 ----a-w- c:\windows\system32\SETFEC.tmp
2010-11-20 23:39 . 2008-04-13 18:33 354304 ----a-w- c:\windows\system32\SETFF1.tmp
2010-11-20 23:36 . 2008-04-13 18:33 44032 ----a-w- c:\windows\system32\SET285.tmp
2010-11-20 23:35 . 2006-12-28 11:01 19569 ----a-w- c:\windows\002950_.tmp
2010-11-20 22:32 . 2006-07-14 15:51 121856 ----a-w- c:\windows\system32\xmllite(3).dll
2010-11-20 22:32 . 2006-07-14 15:51 121856 ----a-w- c:\windows\system32\xmllite(2).dll
2010-11-20 21:15 . 2010-11-20 21:17 -------- d-----w- C:\Fix-Purge
2010-11-20 15:14 . 2010-11-21 00:10 -------- d-----w- c:\documents and settings\Administrateur
2010-11-20 14:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 14:15 . 2010-11-20 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-20 14:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 19:45 . 2010-11-20 12:18 -------- d-----w- C:\Ad-Remover
2010-11-16 17:54 . 2009-06-25 12:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-11-16 16:51 . 2010-11-16 16:51 -------- d-----w- c:\program files\Adobe Media Player
2010-11-11 22:58 . 2010-11-11 23:00 -------- d-----w- c:\documents and settings\donovan\Local Settings\Application Data\Temp
2010-11-09 21:15 . 2010-11-09 21:20 -------- d-----w- C:\Temp
2010-11-06 01:30 . 2010-11-06 01:30 -------- d-----w- c:\documents and settings\donovan\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut6_206049A8CD534D8B87D5F66190F05AB3.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut5_F4EE65F1A6CD4124B059E9FA9A98EBF7.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut3_BCB4A930B9F04A2480525A437423D92B.exe
2010-10-04 13:59 . 2010-10-04 13:59 102400 ----a-r- c:\documents and settings\donovan\Application Data\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut2_B4703F8364D440ADB60E472AD5422128.exe
2010-09-15 03:50 . 2010-08-06 18:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2007-09-01 17:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-07 15:12 . 2010-09-11 00:08 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-09-11 00:08 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-09-11 00:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-09-11 00:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-09-11 00:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-09-11 00:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-09-11 00:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-09-11 00:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-09-11 00:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-11 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 11:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 10:44 249856 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 10:44 81920 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 14:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\speedtouch usb diagnostics]
2004-01-26 10:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 15:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2004-08-20 10:28 45056 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 16:29 32784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/09/2010 01:08 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/09/2010 01:08 17744]
R3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 17:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 16:06 24592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [23/02/2006 17:05 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [23/02/2006 17:05 12672]
S4 Beilipftrve;Beilipftrve; [x]
.
Contenu du dossier 'Tâches planifiées'

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152528785-4172246947-502569184-1007Core.job
- c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-11 22:58]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152528785-4172246947-502569184-1007UA.job
- c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-11 22:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_search_url = hxxp://www.google.fr
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2BEA4C43-7C91-437A-8480-4EB56EB21E23} = 195.238.2.21,195.238.2.22
FF - ProfilePath - c:\documents and settings\donovan\Application Data\Mozilla\Firefox\Profiles\9xbch0my.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\documents and settings\donovan\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-Netlog 24 - c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 19:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2010-11-23 19:50:01
ComboFix-quarantined-files.txt 2010-11-23 18:49

Avant-CF: 34 197 725 184 octets libres
Après-CF: 34 382 667 776 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - F18B941FCA473A66586D1CDDB1316AA4
0
Réponse 64 / 88
dono013 Messages postés 139 Statut Membre
 
au démarrage du pc ojd il me demander de faire l instalation du service pack 3
se que je fais la comme la derniére fois a plus de la moitier d installation il me dit
le programme d installlation ne peux pas copier le fichier beethoven.wma
si je mets annuler il m 'annule toute l installation donc je sais pas quoi faire :s
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Salut :)

ok,, peut tu faire ceci stp ..

Appui sur la touche + R ..

dans l'encadrer tape ceci :

cmd.exe

une fois arriver dans l'invite de commande
tape ceci :

echo %path%

ensuite copie le contenue de ce qui te sera afficher ..
ou fait une capture d'écran :

Pour poster une capture d'écran...
1

--> Appuie sur la touche de ton clavier impr Ecran Syst.
--> Rend toi dans l'utilitaire de modification d'image appeler paint...
--> Tu a rien a Sélectionner clique juste sur l'onglet outil et clique sur coller.
--> Rend toi dans l'onglet fichier et sélectionne enregistrer sous..
--> en dessous de nom de fichier..dans l'onglet TYPE..sélectionne le format en .jpg. et enregistre le fichier sur ton bureau..

2
--> Rend toi ici sur ce lien : https://www.cjoint.com/
--> ou il ai marquer joindre un fichier clique sur parcourir et recherche ce fichier :

Le fichier que tu aura créer sur ton bureau

--> confirme l'envoie du fichier,
--> a la fin du chargement de la page un lien va ce former copie le et colle le ici.

ENSUITE :

* Télécharge SEAF (de C_XX) sur ton Bureau.
* Lance SEAF
* Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
* Tape

Svchost.exe

dans le champs de recherche,
Puis clique sur "Lancer la recherche" et patiente.
* Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.

Dans l'attente de tous sa :)
++
0
Réponse 66 / 88
dono013 Messages postés 139 Statut Membre
 
quand je clique + R sa fais rien :s
0
Réponse 67 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
re :D

non pas + r

Les touche Windows et R

ou alors rend toi ici :

C:/Windows/system32/cmd.exe

et exécute le fichier que je t'ai nommer en gras :)
++
0
Réponse 68 / 88
dono013 Messages postés 139 Statut Membre
 
https://www.cjoint.com/?0lyrKVYpLhk

voilà le lien ^^
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Re ;)

ok ,, recommence avec Cmd.exe

mais cette fois-ci écrit ceci :
set> C:\set.txt

tu aura un fichier sous la racine de ton disque dur nommer set.txt

héberge ce fichier grâce a cijoint et poste le lien obtenue ici ..

dans l'attente de ce Lien :)
++
0
Réponse 69 / 88
dono013 Messages postés 139 Statut Membre
 
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 13:16:25 le 25/11/2010
4.
5. Valeur(s) recherchée(s):
6. svchost.exe
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\i386\svchost.exe" [ ARCHIVE | 14 Ko ]
18. TC: 01/03/2006,21:22:03 | TM: 05/08/2004,13:00:00 | DA: 20/11/2010,19:17:52
19.
20. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
21.
22. CompanyName: Microsoft Corporation
23. ProductName: Microsoft® Windows® Operating System
24. InternalName: svchost.exe
25. OriginalFileName: svchost.exe
26. LegalCopyright: © Microsoft Corporation. All rights reserved.
27. ProductVersion: 5.1.2600.2180
28. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
29.
30. =========================
31.
32.
33. "C:\WINDOWS\ERDNT\cache\svchost.exe" [ ARCHIVE | 14 Ko ]
34. TC: 23/11/2010,19:48:18 | TM: 05/08/2004,13:00:00 | DA: 23/11/2010,19:48:18
35.
36. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
37.
38. CompanyName: Microsoft Corporation
39. ProductName: Microsoft® Windows® Operating System
40. InternalName: svchost.exe
41. OriginalFileName: svchost.exe
42. LegalCopyright: © Microsoft Corporation. All rights reserved.
43. ProductVersion: 5.1.2600.2180
44. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
45.
46. =========================
47.
48.
49. "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 15 Ko ]
50. TC: 25/11/2010,13:12:17 | TM: 25/11/2010,13:12:17 | DA: 25/11/2010,13:12:17
51.
52. Hash MD5: E735D5DDBD7182E5B4CEAF45B7020A19
53.
54.
55. =========================
56.
57.
58. "C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe" [ ARCHIVE | 14 Ko ]
59. TC: 14/04/2008,03:34:23 | TM: 14/04/2008,03:34:23 | DA: 24/11/2010,13:21:22
60.
61. Hash MD5: E4BDF223CD75478BF44567B4D5C2634D
62.
63. CompanyName: Microsoft Corporation
64. ProductName: Microsoft® Windows® Operating System
65. InternalName: svchost.exe
66. OriginalFileName: svchost.exe
67. LegalCopyright: © Microsoft Corporation. All rights reserved.
68. ProductVersion: 5.1.2600.5512
69. FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
70.
71. =========================
72.
73.
74. "C:\WINDOWS\system32\svchost.exe" [ ARCHIVE | 14 Ko ]
75. TC: 20/08/2004,11:24:06 | TM: 05/08/2004,13:00:00 | DA: 25/11/2010,13:10:48
76.
77. Hash MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
78.
79. CompanyName: Microsoft Corporation
80. ProductName: Microsoft® Windows® Operating System
81. InternalName: svchost.exe
82. OriginalFileName: svchost.exe
83. LegalCopyright: © Microsoft Corporation. All rights reserved.
84. ProductVersion: 5.1.2600.2180
85. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
86.
87. =========================
88.
89.
90.
91. ====== Entrée(s) du registre ======
92.
93.
94. [HKLM\Software\Classes\CLSID\{A1E75357-881A-419E-83E2-BB16DB197C68}\LocalServer32]
95. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
96.
97. [HKLM\Software\Classes\CLSID\{A1F4E726-8CF1-11D1-BF92-0060081ED811}\LocalServer32]
98. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
99.
100. [HKLM\Software\Classes\CLSID\{E9376CC6-121A-447e-81CF-D8BCC200007C}\LocalServer32]
101. ""="C:\WINDOWS\system32\svchost.exe" (REG_SZ)
102.
103. [HKLM\System\ControlSet001\Services\Alerter]
104. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
105.
106. [HKLM\System\ControlSet001\Services\AppMgmt]
107. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
108.
109. [HKLM\System\ControlSet001\Services\AudioSrv]
110. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
111.
112. [HKLM\System\ControlSet001\Services\BITS]
113. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
114.
115. [HKLM\System\ControlSet001\Services\Browser]
116. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
117.
118. [HKLM\System\ControlSet001\Services\CryptSvc]
119. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
120.
121. [HKLM\System\ControlSet001\Services\Dhcp]
122. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
123.
124. [HKLM\System\ControlSet001\Services\dmserver]
125. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
126.
127. [HKLM\System\ControlSet001\Services\Dnscache]
128. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
129.
130. [HKLM\System\ControlSet001\Services\ERSvc]
131. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
132.
133. [HKLM\System\ControlSet001\Services\EventSystem]
134. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
135.
136. [HKLM\System\ControlSet001\Services\FastUserSwitchingCompatibility]
137. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
138.
139. [HKLM\System\ControlSet001\Services\helpsvc]
140. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
141.
142. [HKLM\System\ControlSet001\Services\HidServ]
143. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
144.
145. [HKLM\System\ControlSet001\Services\HTTPFilter]
146. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
147.
148. [HKLM\System\ControlSet001\Services\lanmanserver]
149. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
150.
151. [HKLM\System\ControlSet001\Services\lanmanworkstation]
152. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
153.
154. [HKLM\System\ControlSet001\Services\LmHosts]
155. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
156.
157. [HKLM\System\ControlSet001\Services\Messenger]
158. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
159.
160. [HKLM\System\ControlSet001\Services\Netman]
161. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
162.
163. [HKLM\System\ControlSet001\Services\Nla]
164. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
165.
166. [HKLM\System\ControlSet001\Services\NtmsSvc]
167. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
168.
169. [HKLM\System\ControlSet001\Services\RasAuto]
170. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
171.
172. [HKLM\System\ControlSet001\Services\RasMan]
173. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
174.
175. [HKLM\System\ControlSet001\Services\RemoteAccess]
176. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
177.
178. [HKLM\System\ControlSet001\Services\Schedule]
179. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
180.
181. [HKLM\System\ControlSet001\Services\seclogon]
182. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
183.
184. [HKLM\System\ControlSet001\Services\SENS]
185. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
186.
187. [HKLM\System\ControlSet001\Services\SharedAccess]
188. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
189.
190. [HKLM\System\ControlSet001\Services\ShellHWDetection]
191. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
192.
193. [HKLM\System\ControlSet001\Services\srservice]
194. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
195.
196. [HKLM\System\ControlSet001\Services\SSDPSRV]
197. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
198.
199. [HKLM\System\ControlSet001\Services\stisvc]
200. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
201.
202. [HKLM\System\ControlSet001\Services\TapiSrv]
203. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
204.
205. [HKLM\System\ControlSet001\Services\Themes]
206. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
207.
208. [HKLM\System\ControlSet001\Services\TrkWks]
209. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
210.
211. [HKLM\System\ControlSet001\Services\upnphost]
212. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
213.
214. [HKLM\System\ControlSet001\Services\w32time]
215. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
216.
217. [HKLM\System\ControlSet001\Services\WebClient]
218. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
219.
220. [HKLM\System\ControlSet001\Services\winmgmt]
221. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
222.
223. [HKLM\System\ControlSet001\Services\WmdmPmSN]
224. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
225.
226. [HKLM\System\ControlSet001\Services\wscsvc]
227. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
228.
229. [HKLM\System\ControlSet001\Services\wuauserv]
230. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
231.
232. [HKLM\System\ControlSet001\Services\WZCSVC]
233. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
234.
235. [HKLM\System\ControlSet001\Services\xmlprov]
236. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
237.
238. [HKLM\System\ControlSet002\Services\Alerter]
239. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
240.
241. [HKLM\System\ControlSet002\Services\AppMgmt]
242. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
243.
244. [HKLM\System\ControlSet002\Services\AudioSrv]
245. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
246.
247. [HKLM\System\ControlSet002\Services\BITS]
248. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
249.
250. [HKLM\System\ControlSet002\Services\Browser]
251. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
252.
253. [HKLM\System\ControlSet002\Services\CryptSvc]
254. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
255.
256. [HKLM\System\ControlSet002\Services\Dhcp]
257. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
258.
259. [HKLM\System\ControlSet002\Services\dmserver]
260. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
261.
262. [HKLM\System\ControlSet002\Services\Dnscache]
263. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
264.
265. [HKLM\System\ControlSet002\Services\ERSvc]
266. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
267.
268. [HKLM\System\ControlSet002\Services\EventSystem]
269. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
270.
271. [HKLM\System\ControlSet002\Services\FastUserSwitchingCompatibility]
272. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
273.
274. [HKLM\System\ControlSet002\Services\helpsvc]
275. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
276.
277. [HKLM\System\ControlSet002\Services\HidServ]
278. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
279.
280. [HKLM\System\ControlSet002\Services\HTTPFilter]
281. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
282.
283. [HKLM\System\ControlSet002\Services\lanmanserver]
284. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
285.
286. [HKLM\System\ControlSet002\Services\lanmanworkstation]
287. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
288.
289. [HKLM\System\ControlSet002\Services\LmHosts]
290. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
291.
292. [HKLM\System\ControlSet002\Services\Messenger]
293. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
294.
295. [HKLM\System\ControlSet002\Services\Netman]
296. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
297.
298. [HKLM\System\ControlSet002\Services\Nla]
299. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
300.
301. [HKLM\System\ControlSet002\Services\NtmsSvc]
302. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
303.
304. [HKLM\System\ControlSet002\Services\RasAuto]
305. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
306.
307. [HKLM\System\ControlSet002\Services\RasMan]
308. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
309.
310. [HKLM\System\ControlSet002\Services\RemoteAccess]
311. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
312.
313. [HKLM\System\ControlSet002\Services\Schedule]
314. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
315.
316. [HKLM\System\ControlSet002\Services\seclogon]
317. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
318.
319. [HKLM\System\ControlSet002\Services\SENS]
320. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
321.
322. [HKLM\System\ControlSet002\Services\SharedAccess]
323. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
324.
325. [HKLM\System\ControlSet002\Services\ShellHWDetection]
326. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
327.
328. [HKLM\System\ControlSet002\Services\srservice]
329. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
330.
331. [HKLM\System\ControlSet002\Services\SSDPSRV]
332. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
333.
334. [HKLM\System\ControlSet002\Services\stisvc]
335. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
336.
337. [HKLM\System\ControlSet002\Services\TapiSrv]
338. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
339.
340. [HKLM\System\ControlSet002\Services\Themes]
341. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
342.
343. [HKLM\System\ControlSet002\Services\TrkWks]
344. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
345.
346. [HKLM\System\ControlSet002\Services\upnphost]
347. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
348.
349. [HKLM\System\ControlSet002\Services\w32time]
350. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
351.
352. [HKLM\System\ControlSet002\Services\WebClient]
353. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
354.
355. [HKLM\System\ControlSet002\Services\winmgmt]
356. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
357.
358. [HKLM\System\ControlSet002\Services\WmdmPmSN]
359. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
360.
361. [HKLM\System\ControlSet002\Services\wscsvc]
362. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
363.
364. [HKLM\System\ControlSet002\Services\wuauserv]
365. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
366.
367. [HKLM\System\ControlSet002\Services\WZCSVC]
368. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
369.
370. [HKLM\System\ControlSet002\Services\xmlprov]
371. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
372.
373. [HKLM\System\ControlSet003\Services\Alerter]
374. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
375.
376. [HKLM\System\ControlSet003\Services\AppMgmt]
377. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
378.
379. [HKLM\System\ControlSet003\Services\AudioSrv]
380. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
381.
382. [HKLM\System\ControlSet003\Services\BITS]
383. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
384.
385. [HKLM\System\ControlSet003\Services\Browser]
386. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
387.
388. [HKLM\System\ControlSet003\Services\CryptSvc]
389. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
390.
391. [HKLM\System\ControlSet003\Services\Dhcp]
392. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
393.
394. [HKLM\System\ControlSet003\Services\dmserver]
395. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
396.
397. [HKLM\System\ControlSet003\Services\Dnscache]
398. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
399.
400. [HKLM\System\ControlSet003\Services\ERSvc]
401. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
402.
403. [HKLM\System\ControlSet003\Services\EventSystem]
404. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
405.
406. [HKLM\System\ControlSet003\Services\FastUserSwitchingCompatibility]
407. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
408.
409. [HKLM\System\ControlSet003\Services\helpsvc]
410. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
411.
412. [HKLM\System\ControlSet003\Services\HidServ]
413. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
414.
415. [HKLM\System\ControlSet003\Services\HTTPFilter]
416. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
417.
418. [HKLM\System\ControlSet003\Services\lanmanserver]
419. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
420.
421. [HKLM\System\ControlSet003\Services\lanmanworkstation]
422. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
423.
424. [HKLM\System\ControlSet003\Services\LmHosts]
425. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
426.
427. [HKLM\System\ControlSet003\Services\Messenger]
428. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
429.
430. [HKLM\System\ControlSet003\Services\Netman]
431. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
432.
433. [HKLM\System\ControlSet003\Services\Nla]
434. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
435.
436. [HKLM\System\ControlSet003\Services\NtmsSvc]
437. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
438.
439. [HKLM\System\ControlSet003\Services\RasAuto]
440. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
441.
442. [HKLM\System\ControlSet003\Services\RasMan]
443. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
444.
445. [HKLM\System\ControlSet003\Services\RemoteAccess]
446. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
447.
448. [HKLM\System\ControlSet003\Services\Schedule]
449. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
450.
451. [HKLM\System\ControlSet003\Services\seclogon]
452. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
453.
454. [HKLM\System\ControlSet003\Services\SENS]
455. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
456.
457. [HKLM\System\ControlSet003\Services\SharedAccess]
458. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
459.
460. [HKLM\System\ControlSet003\Services\ShellHWDetection]
461. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
462.
463. [HKLM\System\ControlSet003\Services\srservice]
464. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
465.
466. [HKLM\System\ControlSet003\Services\SSDPSRV]
467. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
468.
469. [HKLM\System\ControlSet003\Services\stisvc]
470. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
471.
472. [HKLM\System\ControlSet003\Services\TapiSrv]
473. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
474.
475. [HKLM\System\ControlSet003\Services\Themes]
476. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
477.
478. [HKLM\System\ControlSet003\Services\TrkWks]
479. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
480.
481. [HKLM\System\ControlSet003\Services\uploadmgr]
482. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
483.
484. [HKLM\System\ControlSet003\Services\upnphost]
485. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
486.
487. [HKLM\System\ControlSet003\Services\w32time]
488. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
489.
490. [HKLM\System\ControlSet003\Services\WebClient]
491. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
492.
493. [HKLM\System\ControlSet003\Services\winmgmt]
494. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
495.
496. [HKLM\System\ControlSet003\Services\WmdmPmSN]
497. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
498.
499. [HKLM\System\ControlSet003\Services\wscsvc]
500. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
501.
502. [HKLM\System\ControlSet003\Services\wuauserv]
503. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
504.
505. [HKLM\System\ControlSet003\Services\WZCSVC]
506. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
507.
508. [HKLM\System\ControlSet003\Services\xmlprov]
509. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
510.
511. [HKLM\System\ControlSet004\Services\Alerter]
512. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
513.
514. [HKLM\System\ControlSet004\Services\AppMgmt]
515. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
516.
517. [HKLM\System\ControlSet004\Services\AudioSrv]
518. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
519.
520. [HKLM\System\ControlSet004\Services\BITS]
521. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
522.
523. [HKLM\System\ControlSet004\Services\Browser]
524. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
525.
526. [HKLM\System\ControlSet004\Services\CryptSvc]
527. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
528.
529. [HKLM\System\ControlSet004\Services\Dhcp]
530. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
531.
532. [HKLM\System\ControlSet004\Services\dmserver]
533. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
534.
535. [HKLM\System\ControlSet004\Services\Dnscache]
536. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
537.
538. [HKLM\System\ControlSet004\Services\ERSvc]
539. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
540.
541. [HKLM\System\ControlSet004\Services\EventSystem]
542. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
543.
544. [HKLM\System\ControlSet004\Services\FastUserSwitchingCompatibility]
545. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
546.
547. [HKLM\System\ControlSet004\Services\helpsvc]
548. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
549.
550. [HKLM\System\ControlSet004\Services\HidServ]
551. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
552.
553. [HKLM\System\ControlSet004\Services\HTTPFilter]
554. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
555.
556. [HKLM\System\ControlSet004\Services\lanmanserver]
557. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
558.
559. [HKLM\System\ControlSet004\Services\lanmanworkstation]
560. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
561.
562. [HKLM\System\ControlSet004\Services\LmHosts]
563. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
564.
565. [HKLM\System\ControlSet004\Services\Messenger]
566. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
567.
568. [HKLM\System\ControlSet004\Services\Netman]
569. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
570.
571. [HKLM\System\ControlSet004\Services\Nla]
572. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
573.
574. [HKLM\System\ControlSet004\Services\NtmsSvc]
575. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
576.
577. [HKLM\System\ControlSet004\Services\RasAuto]
578. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
579.
580. [HKLM\System\ControlSet004\Services\RasMan]
581. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
582.
583. [HKLM\System\ControlSet004\Services\RemoteAccess]
584. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
585.
586. [HKLM\System\ControlSet004\Services\Schedule]
587. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
588.
589. [HKLM\System\ControlSet004\Services\seclogon]
590. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
591.
592. [HKLM\System\ControlSet004\Services\SENS]
593. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
594.
595. [HKLM\System\ControlSet004\Services\SharedAccess]
596. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
597.
598. [HKLM\System\ControlSet004\Services\ShellHWDetection]
599. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
600.
601. [HKLM\System\ControlSet004\Services\srservice]
602. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
603.
604. [HKLM\System\ControlSet004\Services\SSDPSRV]
605. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
606.
607. [HKLM\System\ControlSet004\Services\stisvc]
608. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
609.
610. [HKLM\System\ControlSet004\Services\TapiSrv]
611. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
612.
613. [HKLM\System\ControlSet004\Services\Themes]
614. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
615.
616. [HKLM\System\ControlSet004\Services\TrkWks]
617. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
618.
619. [HKLM\System\ControlSet004\Services\uploadmgr]
620. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
621.
622. [HKLM\System\ControlSet004\Services\upnphost]
623. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
624.
625. [HKLM\System\ControlSet004\Services\w32time]
626. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
627.
628. [HKLM\System\ControlSet004\Services\WebClient]
629. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
630.
631. [HKLM\System\ControlSet004\Services\winmgmt]
632. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
633.
634. [HKLM\System\ControlSet004\Services\WmdmPmSN]
635. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
636.
637. [HKLM\System\ControlSet004\Services\wscsvc]
638. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
639.
640. [HKLM\System\ControlSet004\Services\wuauserv]
641. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
642.
643. [HKLM\System\ControlSet004\Services\WZCSVC]
644. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
645.
646. [HKLM\System\ControlSet004\Services\xmlprov]
647. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
648.
649. [HKLM\System\CurrentControlSet\Services\Alerter]
650. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
651.
652. [HKLM\System\CurrentControlSet\Services\AppMgmt]
653. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
654.
655. [HKLM\System\CurrentControlSet\Services\AudioSrv]
656. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
657.
658. [HKLM\System\CurrentControlSet\Services\BITS]
659. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
660.
661. [HKLM\System\CurrentControlSet\Services\Browser]
662. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
663.
664. [HKLM\System\CurrentControlSet\Services\CryptSvc]
665. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
666.
667. [HKLM\System\CurrentControlSet\Services\Dhcp]
668. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
669.
670. [HKLM\System\CurrentControlSet\Services\dmserver]
671. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
672.
673. [HKLM\System\CurrentControlSet\Services\Dnscache]
674. "ImagePath"="%SystemRoot%\system32\svchost.exe -k NetworkService" (REG_EXPAND_SZ)
675.
676. [HKLM\System\CurrentControlSet\Services\ERSvc]
677. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
678.
679. [HKLM\System\CurrentControlSet\Services\EventSystem]
680. "ImagePath"="C:\WINDOWS\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
681.
682. [HKLM\System\CurrentControlSet\Services\FastUserSwitchingCompatibility]
683. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
684.
685. [HKLM\System\CurrentControlSet\Services\helpsvc]
686. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
687.
688. [HKLM\System\CurrentControlSet\Services\HidServ]
689. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
690.
691. [HKLM\System\CurrentControlSet\Services\HTTPFilter]
692. "ImagePath"="%SystemRoot%\System32\svchost.exe -k HTTPFilter" (REG_EXPAND_SZ)
693.
694. [HKLM\System\CurrentControlSet\Services\lanmanserver]
695. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
696.
697. [HKLM\System\CurrentControlSet\Services\lanmanworkstation]
698. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
699.
700. [HKLM\System\CurrentControlSet\Services\LmHosts]
701. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
702.
703. [HKLM\System\CurrentControlSet\Services\Messenger]
704. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
705.
706. [HKLM\System\CurrentControlSet\Services\Netman]
707. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
708.
709. [HKLM\System\CurrentControlSet\Services\Nla]
710. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
711.
712. [HKLM\System\CurrentControlSet\Services\NtmsSvc]
713. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
714.
715. [HKLM\System\CurrentControlSet\Services\RasAuto]
716. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
717.
718. [HKLM\System\CurrentControlSet\Services\RasMan]
719. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
720.
721. [HKLM\System\CurrentControlSet\Services\RemoteAccess]
722. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
723.
724. [HKLM\System\CurrentControlSet\Services\Schedule]
725. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
726.
727. [HKLM\System\CurrentControlSet\Services\seclogon]
728. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
729.
730. [HKLM\System\CurrentControlSet\Services\SENS]
731. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
732.
733. [HKLM\System\CurrentControlSet\Services\SharedAccess]
734. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
735.
736. [HKLM\System\CurrentControlSet\Services\ShellHWDetection]
737. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
738.
739. [HKLM\System\CurrentControlSet\Services\srservice]
740. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
741.
742. [HKLM\System\CurrentControlSet\Services\SSDPSRV]
743. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
744.
745. [HKLM\System\CurrentControlSet\Services\stisvc]
746. "ImagePath"="%SystemRoot%\system32\svchost.exe -k imgsvc" (REG_EXPAND_SZ)
747.
748. [HKLM\System\CurrentControlSet\Services\TapiSrv]
749. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
750.
751. [HKLM\System\CurrentControlSet\Services\Themes]
752. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
753.
754. [HKLM\System\CurrentControlSet\Services\TrkWks]
755. "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
756.
757. [HKLM\System\CurrentControlSet\Services\uploadmgr]
758. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
759.
760. [HKLM\System\CurrentControlSet\Services\upnphost]
761. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
762.
763. [HKLM\System\CurrentControlSet\Services\w32time]
764. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
765.
766. [HKLM\System\CurrentControlSet\Services\WebClient]
767. "ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalService" (REG_EXPAND_SZ)
768.
769. [HKLM\System\CurrentControlSet\Services\winmgmt]
770. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
771.
772. [HKLM\System\CurrentControlSet\Services\WmdmPmSN]
773. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
774.
775. [HKLM\System\CurrentControlSet\Services\wscsvc]
776. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
777.
778. [HKLM\System\CurrentControlSet\Services\wuauserv]
779. "ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
780.
781. [HKLM\System\CurrentControlSet\Services\WZCSVC]
782. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
783.
784. [HKLM\System\CurrentControlSet\Services\xmlprov]
785. "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" (REG_EXPAND_SZ)
786.
787. =========================
788.
789. Fin à: 13:28:29 le 25/11/2010
790. 403600 Éléments analysés
791.
792. =========================
793. E.O.F
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
impec :D

peut tu maintenant faire comme demander juste au dessus de ton rapport :)

++ :D
0
Réponse 70 / 88
dono013 Messages postés 139 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201011/cijI6Lg0a2.txt

voilà ^^
0
Réponse 71 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Hello :D

désoler pour cette attente .
je suis en train de demander conseil aux collègue .

je te prévient des que j'en ai une réponse ;)
++
0
Réponse 72 / 88
dono013 Messages postés 139 Statut Membre
 
ok pas de probléme merci beaucoup
0
Réponse 73 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Hello :D

Bien,, donc

tu a Malwarebyte ..

Lance le <<Met le a jour>> il devrait te demander d'installer la nouvelle Version qui a la 1.50..
Accepte .

Ensuite Lance un examen complet du pC.
supprime les menaces qu'il aura détecter puis poste moi le rapport qui te sera présenter ..

Dans l'attente de celui-ci ;)
++
0
Réponse 74 / 88
dono013 Messages postés 139 Statut Membre
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 5214

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

04/12/2010 21:51:40
mbam-log-2010-12-04 (21-51-40).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 246752
Temps écoulé: 1 heure(s), 6 minute(s), 17 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\ADNIW\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\cadmanager\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\EXPRESS\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\donovan\mes documents\copierrrrrrrrrrr\autocad_2004 (d)\BIN\ACADFEUI\SUPPORT\NLM\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
0
Réponse 75 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Helo :D

Avait tu déjà ces fichiers avant la mise a jour de Malwarebyte ??

on va vérifier tous cela en ligne :

Rend toi sur ce lien :
https://www.eset.com/

--> clique sur le carrer vert "online scanner",
--> Il recherchera ton navigateur pour voir si il et compatible, une fois fait tu devra accepter les terme du contrat de licence, Accepte les,
--> Une fois accepter tu pourra alors cliquer sur start, Il risque de te demander d'installer un contrôle Activ X...Accepte le,
--> Tu aura alors la page de paramètre d'analyse de l'ordinateur.Voici les paramètres a effectuer :

-> Laisse cocher "Supprimer les menaces détectées"
-> Coche la case "Analyser les archives"

--> Clique sur le lien en bleu " Paramètre Avancés",

--> Si il ne sont pas cocher, coche ces cases :

-> "Rechercher les applications potentiellement indésirables"
-> "Rechercher les applications potentiellement dangereuses"
-> "Activer la technologie Anti-Stealth (Anti-furtivité)"

--> décoche cette cases :

-> utilisez des paramètres proxy manuel...

--> une fois terminer, colle le rapport qui et stoker a cette emplacement :
C:\Program Files\EsetOnlineScanner\log.txt

/!\ Il se peut que le Scan soit très longt /!\

=> Aide et Tuto

@ ++ ;)
0
Réponse 76 / 88
dono013 Messages postés 139 Statut Membre
 
derniére fois avec malwarebyte on avait tout éffacer donc je comprends pas d ou viennent ces nouvelle infection surtout que je fais que allez sur fb et msn :s j'ai plus rien télécharger depuis :s
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
hello,,

pas de soucis.. c'est la mise a jour du programme qui a une meilleurs détection, ;)

tu peux passer a Eset :)
++
0
Réponse 77 / 88
dono013 Messages postés 139 Statut Membre
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3acf173aaff615408c6b1e8fd06c6b88
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-05 12:33:30
# local_time=2010-12-05 01:33:30 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 6547865 6547865 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3781 3781 0 0
# compatibility_mode=9217 16777214 0 9 48082767 59838480 0 0
# scanned=106653
# found=1
# cleaned=1
# scan_time=5673
C:\Documents and Settings\donovan\Mes documents\Téléchargements\MsgPlusLive-490.exe
0
Réponse 78 / 88
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Re, ;)

ok,

Rend toi ici :

MEnu demarrer >> panneau de configuration >> ajout suppression de programme <

Désinstalle ZHPdiag,,

Puis installe la nouvelle Version ici en bas de page:

http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ENSUITE :

Relance un diagnostic avec ZHPdiag,, comme tu la fait précédemment STp°
N'oublie pas d'héberger le rapport Via Cijoint

Dans l'attente de ton lien :D
++
ce n'est pas en cherchant que l'on trouve.. Mais bel et bien en trouvant que l'on cherche ;).....
0
Réponse 79 / 88
dono013 Messages postés 139 Statut Membre
 
lol ok je vais devenir fou moi je fais quoi pour msn plus qui est infecter
0
mcvivien2 Messages postés 2716 Statut Contributeur sécurité 256
 
Tinquiete pas pour sa...

le programme d'installation propose dans ces supplément une toolbar et ou le sponcor qui et piéger..

Eset la trouver comme infectieux a cause de ceci,
mais il ne s'agit pas de messenger plus la,,
il s'agit d'après ce que je voie du programme d'installation..
donc rien de grave ;)
++
0
Réponse 80 / 88
dono013 Messages postés 139 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201012/cijuelMgKm.txt
dit moi si c est bien ca :p
0
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses