Nombreuses alertes (svchost.exe etc)

mlusine Messages postés 2 Statut Membre -  
 gen-hackman -
Bonjour,

voila mon problème depuis quelques jours mon ordi "plante" souvent, le démarrage est long des fois je n'ai plus d'icônes, plusieurs messages d'erreurs apparaissent rundll , et surtout mon antivirus avast me signale tout le temps svchost;exe comme une menace détecté a chaque connexion a internet.

j'ai regarder sur votre forum des conseils mais étant novice je ne comprends pas trop et ai peur de faire une mauvais mannip .

j'ai fait un scan avec hijackthis : voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:16, on 02/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilie\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Kserevurijanoxoz] rundll32.exe "C:\WINDOWS\mswmsl.dll",Startup
O4 - HKCU\..\Run: [4E3E0230F5B9F1D3] C:\ishigo.exe\ishigo.exe.exe
O4 - HKCU\..\Run: [svsh0st] C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8390 bytes

3 réponses

  1. gen-hackman
     
    salut

    desactive tes protections puis enregistre ceci sur ton bureau

    Pre_Scan

    Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

    une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.

    si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr
    0
  2. mlusine Messages postés 2 Statut Membre
     
    salut

    merci tout d'abord de ta réponse, dsl de ne pas avoir répondu plus tot , mais je suis débordé de travail actuellement.

    voici ce que dit prescan

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

    Mis à jour le 21/05/2011 | 03.45 par g3n-h@ckm@n
    Utilisateur : Emilie (Administrateurs)
    Ordinateur : YOUR-01199F19B2

    Système d'exploitation : Microsoft Windows XP (32 bits)
    Internet Explorer : 8.0.6001.18702
    Mozilla Firefox : 3.6.17 (fr)

    Scan : 10:54:47 | 21/05/2011

    ¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

    624 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
    680 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 624
    708 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 624
    760 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 708
    772 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 708
    964 | C:\WINDOWS\system32\Ati2evxx.exe - SYSTEM - Normal - C:\WINDOWS\system32\Ati2evxx.exe - 760
    984 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 760
    1084 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 760
    1148 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 760
    1212 | C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" - 760
    1300 | C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" - 760
    1472 | C:\WINDOWS\system32\svchost.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
    1704 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 760
    1340 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 760
    552 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
    776 | C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - SYSTEM - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" - 760
    1580 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 760
    1640 | C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" - 760
    1936 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 760
    1984 | C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe - SYSTEM - Normal - "C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe" - 760
    2044 | C:\WINDOWS\system32\wdfmgr.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\wdfmgr.exe - 760
    2296 | C:\WINDOWS\system32\wbem\wmiapsrv.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiapsrv.exe - 760
    2480 | C:\WINDOWS\System32\alg.exe - SERVICE LOCAL - Normal - C:\WINDOWS\System32\alg.exe - 760
    4060 | C:\WINDOWS\system32\Ati2evxx.exe - Emilie - Normal - Ati2evxx.exe -Client - 708
    2248 | C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe - Emilie - Normal - "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui - 1516
    1788 | C:\Program Files\TOSHIBA\Tvs\TvsTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" - 1516
    2404 | C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe - Emilie - Normal - "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" - 1516
    924 | C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe" - 1516
    3712 | C:\WINDOWS\system32\TDispVol.exe - Emilie - Normal - "C:\WINDOWS\system32\TDispVol.exe" - 1516
    3700 | C:\WINDOWS\system32\TPSBattM.exe - Emilie - Normal - "C:\WINDOWS\system32\TPSBattM.exe" - 3896
    3368 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" - 1516
    1440 | C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" - 1516
    3048 | C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" - 1516
    2792 | C:\Program Files\Synaptics\SynTP\Toshiba.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\Toshiba" /RegPlugIn - 3368
    2772 | C:\Program Files\ltmoh\Ltmoh.exe - Emilie - Normal - "C:\Program Files\ltmoh\Ltmoh.exe" - 1516
    2868 | C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" - 1516
    2864 | C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless - 1516
    2988 | C:\WINDOWS\System32\DLA\DLACTRLW.EXE - Emilie - Normal - "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" - 1516
    2100 | C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" -NoClient - 1516
    3068 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay - 1516
    2928 | C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe - Emilie - Normal - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" - 1516
    1896 | C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe - Emilie - Normal - C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding - 984
    3268 | C:\WINDOWS\system32\ctfmon.exe - Emilie - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 1516
    2068 | C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" - 1516
    4052 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard - 3068
    3352 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray - 3068
    720 | C:\Program Files\Windows Live\Contacts\wlcomm.exe - Emilie - Normal - "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding - 984
    656 | C:\WINDOWS\system32\wscntfy.exe - Emilie - Normal - C:\WINDOWS\system32\wscntfy.exe - 1148
    3044 | C:\WINDOWS\system32\wuauclt.exe - SYSTEM - Normal - "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[47c]SUSDS54df6aa63495d84fb96c55122f93a4c3 - 1148
    2012 | C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe - Emilie - High - "C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe" - 232
    3780 | C:\WINDOWS\system32\cmd.exe - Emilie - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2012
    2304 | C:\WINDOWS\explorer.exe - Emilie - Normal - C:\WINDOWS\explorer.exe - 708
    3964 | C:\Kill'em\Pv.exe - Emilie - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3780

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKLM | Winlogon] | Shell : Explorer.exe
    [HKLM | Winlogon] | AutoRestartShell : 1
    [HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe,
    [HKLM | Winlogon] | PowerDownAfterShutdown : 0 -> 1
    [HKLM | Winlogon] | System :

    ¤¤¤¤¤¤¤¤¤¤ Associations

    [.exe] : exefile
    [exefile | command] : "%1" %*
    [.com] : comfile
    [comfile | command] : "%1" %*
    [.reg] : regfile
    [regfile | command] : regedit.exe "%1"
    [.scr] : scrfile
    [scrfile | command] : "%1" /S
    [.bat] : batfile
    [batfile | command] : "%1" %*
    [.cmd] : cmdfile
    [cmdfile | command] : "%1" %*
    [.pif] : piffile
    [piffile | command] : "%1" %*
    [.url] : InternetShortcut
    [InternetShortcut | command] : "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
    [Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
    [Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
    [Folder | command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe

    ¤

    [Firefox | Command] | @ : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
    [Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
    [IE | Command] | @ : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
    [Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
    [Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

    ¤¤¤¤¤¤¤¤¤¤ Divers

    [HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
    [HKCU | Desktop] | Wallpaper : C:\Documents and Settings\Emilie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    [HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
    [HKLM | policies\Explorer] | HonorAutoRunSetting : 1
    Supprimé : [HKU\.DEFAULT | Internet Explorer | FEATURE_BROWSER_EMULATION] -> svchost.exe

    ¤¤¤¤¤¤¤¤¤¤ Services

    [Ndisuio] | Start : 3
    [lmhosts] | Start : 2 : Actif
    [LanmanWorkstation] | Start : 2 : Actif
    [LanmanServer] | Start : 2 : Actif
    [Audiosrv] | Start : 2 : Actif
    [ERSvc] | Start : 2 : Actif
    [Bits] | Start : 2 : Actif
    [CryptSvc] | Start : 2 : Actif
    [EapHost] | Start : 3 -> 2 : Redémarré
    [SharedAccess] | Start : 2 : Actif
    [wuauserv] | Start : 2 : Actif
    [wscsvc] | Start : 2 : Actif
    [wzcsvc] | Start : 2 : Actif

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer

    [HKCU | Main] | Start Page : https://www.facebook.com -> https://www.google.com/?gws_rd=ssl
    [HKCU | Main] | Local Page : C:\WINDOWS\system32\blank.htm
    [HKCU | Main] | Search Page : https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Local Page : C:\WINDOWS\system32\blank.htm
    [HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Processus

    C:\WINDOWS\agrsmmsg.exe -> Processus stoppé
    C:\WINDOWS\RTHDCPL.exe -> Processus stoppé
    C:\Documents and Settings\Emilie\Bureau\OpenOffice.org 3.2 (fr) Installation Files\setup.exe -> Processus stoppé

    ¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

    Mise en quarantaine : C:\Firefox Setup 3.6.exe
    Mise en quarantaine : C:\ishigo.exe
    Erreur de suppression : C:\ishigo.exe
    Mise en quarantaine : C:\OOo_3.2.0_Win32Intel_install_wJRE_fr.exe
    Mise en quarantaine : C:\DOCUME~1\Emilie\LOCALS~1\Temp\flaA6.tmp
    Mise en quarantaine : C:\WINDOWS\Temp\xuag\setup.exe

    ¤¤¤¤¤¤¤¤¤¤ IFEO

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2

    Supprimé : [{6ef887a3-23ad-11df-b5d9-00a0d14940b3} | Autorun\command] -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

    ¤¤¤¤¤¤¤¤¤¤ Listing %AppData%

    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Adobe
    [22/03/2010 | 18:03:58] | C:\Documents and Settings\Emilie\Application Data\AdobeUM
    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\ATI
    [23/06/2010 | 14:10:50] | C:\Documents and Settings\Emilie\Application Data\DAEMON Tools Lite
    [27/02/2010 | 16:30:46] | C:\Documents and Settings\Emilie\Application Data\desktop.ini
    [02/03/2010 | 15:35:52] | C:\Documents and Settings\Emilie\Application Data\dvdcss
    [10/05/2010 | 08:37:35] | C:\Documents and Settings\Emilie\Application Data\Hotbar
    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Identities
    [27/02/2010 | 16:32:39] | C:\Documents and Settings\Emilie\Application Data\Intel
    [09/04/2010 | 13:06:41] | C:\Documents and Settings\Emilie\Application Data\InterVideo
    [27/02/2010 | 17:24:04] | C:\Documents and Settings\Emilie\Application Data\Macromedia
    [28/02/2010 | 22:29:00] | C:\Documents and Settings\Emilie\Application Data\Malwarebytes
    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Microsoft
    [28/02/2010 | 21:10:26] | C:\Documents and Settings\Emilie\Application Data\Mozilla
    [27/02/2010 | 18:52:39] | C:\Documents and Settings\Emilie\Application Data\OpenOffice.org
    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Sonic
    [27/02/2010 | 18:43:57] | C:\Documents and Settings\Emilie\Application Data\Sun
    [25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Supaop
    [27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\toshiba
    [25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Vayzsu
    [02/03/2010 | 15:35:56] | C:\Documents and Settings\Emilie\Application Data\vlc
    [10/05/2010 | 08:37:38] | C:\Documents and Settings\Emilie\Application Data\WeatherDPA
    [01/06/2010 | 14:33:12] | C:\Documents and Settings\Emilie\Application Data\WinRAR

    ¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%

    [10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [25/04/2011 | 21:04:59] | C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat
    [29/09/2010 | 17:50:58] | C:\Documents and Settings\All Users\Application Data\Adobe
    [27/02/2010 | 17:52:52] | C:\Documents and Settings\All Users\Application Data\Alwil Software
    [23/06/2010 | 14:10:33] | C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [16/01/2006 | 19:29:53] | C:\Documents and Settings\All Users\Application Data\desktop.ini
    [10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\HotbarSA
    [27/02/2010 | 16:32:50] | C:\Documents and Settings\All Users\Application Data\Intel
    [28/02/2010 | 22:28:55] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee
    [28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [16/01/2006 | 19:29:36] | C:\Documents and Settings\All Users\Application Data\Microsoft
    [16/01/2006 | 18:42:40] | C:\Documents and Settings\All Users\Application Data\SBSI
    [27/02/2010 | 18:44:42] | C:\Documents and Settings\All Users\Application Data\Sun
    [17/01/2006 | 15:47:31] | C:\Documents and Settings\All Users\Application Data\Symantec

    ¤¤¤¤¤¤¤¤¤¤ Listing %LocalAppData%

    [26/06/2010 | 12:58:02] | \043e7f690788684efb8a3d5c7f
    [03/08/2010 | 18:57:14] | \4e0daae221c1d3716b1598e16c024f
    [16/01/2006 | 18:37:23] | \AUTOEXEC.BAT
    [16/01/2006 | 18:23:59] | \boot.ini
    [16/01/2006 | 18:23:28] | \Bootfont.bin
    [21/05/2011 | 10:52:11] | \cfg.ini
    [16/01/2006 | 18:37:23] | \CONFIG.SYS
    [16/01/2006 | 19:29:21] | \Documents and Settings
    [26/06/2010 | 12:57:46] | \f8ff1f9c182ef725f4
    [28/11/2010 | 16:55:33] | \FA-123
    [26/06/2010 | 13:07:45] | \fbde452df21bd9a6315a7ff6
    [28/02/2010 | 22:49:23] | \hiberfil.sys
    [16/01/2006 | 18:11:27] | \I386
    [16/01/2006 | 18:37:23] | \IO.SYS
    [16/01/2006 | 18:23:05] | \ishigo.exe
    [21/05/2011 | 10:54:47] | \Kill'em
    [16/01/2006 | 18:37:23] | \MSDOS.SYS
    [17/01/2006 | 15:45:25] | \MSOCache
    [16/01/2006 | 18:23:30] | \NTDETECT.COM
    [16/01/2006 | 18:23:30] | \ntldr
    [27/02/2010 | 16:25:08] | \pagefile.sys
    [21/05/2011 | 10:54:47] | \Pre_Scan.txt
    [16/01/2006 | 19:30:09] | \Program Files
    [27/02/2010 | 17:09:44] | \RECYCLER
    [16/01/2006 | 19:28:44] | \SUPPORT
    [18/01/2006 | 00:15:11] | \SWSTAMP.TXT
    [16/01/2006 | 19:29:21] | \System Volume Information
    [17/01/2006 | 16:47:50] | \TOOLSCD
    [21/05/2011 | 10:54:46] | \txt
    [16/01/2006 | 19:28:47] | \VALUEADD
    [16/01/2006 | 19:24:52] | \WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Listing Tasks

    ¤¤¤¤¤¤¤¤¤¤ Security

    [HKLM | Security Center] | FirstRunDisabled : 1
    [HKLM | Security Center] | AntiVirusDisableNotify : 0
    [HKLM | Security Center] | AntiVirusOverride : 0
    [HKLM | Security Center] | FirewallDisableNotify : 0
    [HKLM | Security Center] | FirewallOverride : 0
    [HKLM | Security Center] | UpdatesDisableNotify : 0

    ¤¤¤

    Fin : 10:55:48

    ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
    0
  3. gen-hackman
     
    selectionne ce texte sans les lignes :
    ___________________________________________________


    file::
    C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat

    folder::
    C:\Documents and Settings\Emilie\Application Data\Hotbar
    C:\Documents and Settings\Emilie\Application Data\Supaop
    C:\Documents and Settings\Emilie\Application Data\Vayzsu
    C:\Documents and Settings\Emilie\Application Data\WeatherDPA
    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    C:\Documents and Settings\All Users\Application Data\HotbarSA

    ___________________________________________________

    copie-le (ctrl+c) puis lance Pre_Script qui est sur ton bureau

    poste Pre_Script.txt qui apparaitra à coté de l'executable en fin de travail
    G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
    0