Nombreuses alertes (svchost.exe etc)
mlusine
Messages postés
2
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
voila mon problème depuis quelques jours mon ordi "plante" souvent, le démarrage est long des fois je n'ai plus d'icônes, plusieurs messages d'erreurs apparaissent rundll , et surtout mon antivirus avast me signale tout le temps svchost;exe comme une menace détecté a chaque connexion a internet.
j'ai regarder sur votre forum des conseils mais étant novice je ne comprends pas trop et ai peur de faire une mauvais mannip .
j'ai fait un scan avec hijackthis : voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:16, on 02/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilie\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Kserevurijanoxoz] rundll32.exe "C:\WINDOWS\mswmsl.dll",Startup
O4 - HKCU\..\Run: [4E3E0230F5B9F1D3] C:\ishigo.exe\ishigo.exe.exe
O4 - HKCU\..\Run: [svsh0st] C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
voila mon problème depuis quelques jours mon ordi "plante" souvent, le démarrage est long des fois je n'ai plus d'icônes, plusieurs messages d'erreurs apparaissent rundll , et surtout mon antivirus avast me signale tout le temps svchost;exe comme une menace détecté a chaque connexion a internet.
j'ai regarder sur votre forum des conseils mais étant novice je ne comprends pas trop et ai peur de faire une mauvais mannip .
j'ai fait un scan avec hijackthis : voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:16, on 02/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilie\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Kserevurijanoxoz] rundll32.exe "C:\WINDOWS\mswmsl.dll",Startup
O4 - HKCU\..\Run: [4E3E0230F5B9F1D3] C:\ishigo.exe\ishigo.exe.exe
O4 - HKCU\..\Run: [svsh0st] C:\Documents and Settings\Emilie\Application Data\svsh0sted.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
A voir également:
- Nombreuses alertes (svchost.exe etc)
- Svchost.exe - Guide
- Masquer les alertes sms - Guide
- Www.facebook.com vous a redirigé à de trop nombreuses reprises - Forum Facebook
- Compte facebook inaccessible redirection vers facebook business ✓ - Forum Facebook
- Vous avez utilisé ce numéro de téléphone à de trop nombreuses reprises ✓ - Forum Gmail
3 réponses
salut
desactive tes protections puis enregistre ceci sur ton bureau
Pre_Scan
Avertissement: Il y aura une extinction courte du bureau --> pas de panique.
une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr
desactive tes protections puis enregistre ceci sur ton bureau
Pre_Scan
Avertissement: Il y aura une extinction courte du bureau --> pas de panique.
une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr
salut
merci tout d'abord de ta réponse, dsl de ne pas avoir répondu plus tot , mais je suis débordé de travail actuellement.
voici ce que dit prescan
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour le 21/05/2011 | 03.45 par g3n-h@ckm@n
Utilisateur : Emilie (Administrateurs)
Ordinateur : YOUR-01199F19B2
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.6.17 (fr)
Scan : 10:54:47 | 21/05/2011
¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
624 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
680 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 624
708 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 624
760 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 708
772 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 708
964 | C:\WINDOWS\system32\Ati2evxx.exe - SYSTEM - Normal - C:\WINDOWS\system32\Ati2evxx.exe - 760
984 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 760
1084 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 760
1148 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 760
1212 | C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" - 760
1300 | C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" - 760
1472 | C:\WINDOWS\system32\svchost.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
1704 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 760
1340 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 760
552 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
776 | C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - SYSTEM - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" - 760
1580 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 760
1640 | C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" - 760
1936 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 760
1984 | C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe - SYSTEM - Normal - "C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe" - 760
2044 | C:\WINDOWS\system32\wdfmgr.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\wdfmgr.exe - 760
2296 | C:\WINDOWS\system32\wbem\wmiapsrv.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiapsrv.exe - 760
2480 | C:\WINDOWS\System32\alg.exe - SERVICE LOCAL - Normal - C:\WINDOWS\System32\alg.exe - 760
4060 | C:\WINDOWS\system32\Ati2evxx.exe - Emilie - Normal - Ati2evxx.exe -Client - 708
2248 | C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe - Emilie - Normal - "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui - 1516
1788 | C:\Program Files\TOSHIBA\Tvs\TvsTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" - 1516
2404 | C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe - Emilie - Normal - "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" - 1516
924 | C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe" - 1516
3712 | C:\WINDOWS\system32\TDispVol.exe - Emilie - Normal - "C:\WINDOWS\system32\TDispVol.exe" - 1516
3700 | C:\WINDOWS\system32\TPSBattM.exe - Emilie - Normal - "C:\WINDOWS\system32\TPSBattM.exe" - 3896
3368 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" - 1516
1440 | C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" - 1516
3048 | C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" - 1516
2792 | C:\Program Files\Synaptics\SynTP\Toshiba.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\Toshiba" /RegPlugIn - 3368
2772 | C:\Program Files\ltmoh\Ltmoh.exe - Emilie - Normal - "C:\Program Files\ltmoh\Ltmoh.exe" - 1516
2868 | C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" - 1516
2864 | C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless - 1516
2988 | C:\WINDOWS\System32\DLA\DLACTRLW.EXE - Emilie - Normal - "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" - 1516
2100 | C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" -NoClient - 1516
3068 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay - 1516
2928 | C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe - Emilie - Normal - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" - 1516
1896 | C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe - Emilie - Normal - C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding - 984
3268 | C:\WINDOWS\system32\ctfmon.exe - Emilie - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 1516
2068 | C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" - 1516
4052 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard - 3068
3352 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray - 3068
720 | C:\Program Files\Windows Live\Contacts\wlcomm.exe - Emilie - Normal - "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding - 984
656 | C:\WINDOWS\system32\wscntfy.exe - Emilie - Normal - C:\WINDOWS\system32\wscntfy.exe - 1148
3044 | C:\WINDOWS\system32\wuauclt.exe - SYSTEM - Normal - "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[47c]SUSDS54df6aa63495d84fb96c55122f93a4c3 - 1148
2012 | C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe - Emilie - High - "C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe" - 232
3780 | C:\WINDOWS\system32\cmd.exe - Emilie - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2012
2304 | C:\WINDOWS\explorer.exe - Emilie - Normal - C:\WINDOWS\explorer.exe - 708
3964 | C:\Kill'em\Pv.exe - Emilie - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3780
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 0 -> 1
[HKLM | Winlogon] | System :
¤¤¤¤¤¤¤¤¤¤ Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe
¤
[Firefox | Command] | @ : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ Divers
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKCU | Desktop] | Wallpaper : C:\Documents and Settings\Emilie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | HonorAutoRunSetting : 1
Supprimé : [HKU\.DEFAULT | Internet Explorer | FEATURE_BROWSER_EMULATION] -> svchost.exe
¤¤¤¤¤¤¤¤¤¤ Services
[Ndisuio] | Start : 3
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[ERSvc] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 3 -> 2 : Redémarré
[SharedAccess] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
[wzcsvc] | Start : 2 : Actif
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKCU | Main] | Start Page : https://www.facebook.com -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\WINDOWS\system32\blank.htm
[HKCU | Main] | Search Page : https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\WINDOWS\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processus
C:\WINDOWS\agrsmmsg.exe -> Processus stoppé
C:\WINDOWS\RTHDCPL.exe -> Processus stoppé
C:\Documents and Settings\Emilie\Bureau\OpenOffice.org 3.2 (fr) Installation Files\setup.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre
Mise en quarantaine : C:\Firefox Setup 3.6.exe
Mise en quarantaine : C:\ishigo.exe
Erreur de suppression : C:\ishigo.exe
Mise en quarantaine : C:\OOo_3.2.0_Win32Intel_install_wJRE_fr.exe
Mise en quarantaine : C:\DOCUME~1\Emilie\LOCALS~1\Temp\flaA6.tmp
Mise en quarantaine : C:\WINDOWS\Temp\xuag\setup.exe
¤¤¤¤¤¤¤¤¤¤ IFEO
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
Supprimé : [{6ef887a3-23ad-11df-b5d9-00a0d14940b3} | Autorun\command] -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
¤¤¤¤¤¤¤¤¤¤ Listing %AppData%
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Adobe
[22/03/2010 | 18:03:58] | C:\Documents and Settings\Emilie\Application Data\AdobeUM
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\ATI
[23/06/2010 | 14:10:50] | C:\Documents and Settings\Emilie\Application Data\DAEMON Tools Lite
[27/02/2010 | 16:30:46] | C:\Documents and Settings\Emilie\Application Data\desktop.ini
[02/03/2010 | 15:35:52] | C:\Documents and Settings\Emilie\Application Data\dvdcss
[10/05/2010 | 08:37:35] | C:\Documents and Settings\Emilie\Application Data\Hotbar
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Identities
[27/02/2010 | 16:32:39] | C:\Documents and Settings\Emilie\Application Data\Intel
[09/04/2010 | 13:06:41] | C:\Documents and Settings\Emilie\Application Data\InterVideo
[27/02/2010 | 17:24:04] | C:\Documents and Settings\Emilie\Application Data\Macromedia
[28/02/2010 | 22:29:00] | C:\Documents and Settings\Emilie\Application Data\Malwarebytes
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Microsoft
[28/02/2010 | 21:10:26] | C:\Documents and Settings\Emilie\Application Data\Mozilla
[27/02/2010 | 18:52:39] | C:\Documents and Settings\Emilie\Application Data\OpenOffice.org
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Sonic
[27/02/2010 | 18:43:57] | C:\Documents and Settings\Emilie\Application Data\Sun
[25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Supaop
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\toshiba
[25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Vayzsu
[02/03/2010 | 15:35:56] | C:\Documents and Settings\Emilie\Application Data\vlc
[10/05/2010 | 08:37:38] | C:\Documents and Settings\Emilie\Application Data\WeatherDPA
[01/06/2010 | 14:33:12] | C:\Documents and Settings\Emilie\Application Data\WinRAR
¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%
[10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[25/04/2011 | 21:04:59] | C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat
[29/09/2010 | 17:50:58] | C:\Documents and Settings\All Users\Application Data\Adobe
[27/02/2010 | 17:52:52] | C:\Documents and Settings\All Users\Application Data\Alwil Software
[23/06/2010 | 14:10:33] | C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[16/01/2006 | 19:29:53] | C:\Documents and Settings\All Users\Application Data\desktop.ini
[10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\HotbarSA
[27/02/2010 | 16:32:50] | C:\Documents and Settings\All Users\Application Data\Intel
[28/02/2010 | 22:28:55] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
[28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee
[28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[16/01/2006 | 19:29:36] | C:\Documents and Settings\All Users\Application Data\Microsoft
[16/01/2006 | 18:42:40] | C:\Documents and Settings\All Users\Application Data\SBSI
[27/02/2010 | 18:44:42] | C:\Documents and Settings\All Users\Application Data\Sun
[17/01/2006 | 15:47:31] | C:\Documents and Settings\All Users\Application Data\Symantec
¤¤¤¤¤¤¤¤¤¤ Listing %LocalAppData%
[26/06/2010 | 12:58:02] | \043e7f690788684efb8a3d5c7f
[03/08/2010 | 18:57:14] | \4e0daae221c1d3716b1598e16c024f
[16/01/2006 | 18:37:23] | \AUTOEXEC.BAT
[16/01/2006 | 18:23:59] | \boot.ini
[16/01/2006 | 18:23:28] | \Bootfont.bin
[21/05/2011 | 10:52:11] | \cfg.ini
[16/01/2006 | 18:37:23] | \CONFIG.SYS
[16/01/2006 | 19:29:21] | \Documents and Settings
[26/06/2010 | 12:57:46] | \f8ff1f9c182ef725f4
[28/11/2010 | 16:55:33] | \FA-123
[26/06/2010 | 13:07:45] | \fbde452df21bd9a6315a7ff6
[28/02/2010 | 22:49:23] | \hiberfil.sys
[16/01/2006 | 18:11:27] | \I386
[16/01/2006 | 18:37:23] | \IO.SYS
[16/01/2006 | 18:23:05] | \ishigo.exe
[21/05/2011 | 10:54:47] | \Kill'em
[16/01/2006 | 18:37:23] | \MSDOS.SYS
[17/01/2006 | 15:45:25] | \MSOCache
[16/01/2006 | 18:23:30] | \NTDETECT.COM
[16/01/2006 | 18:23:30] | \ntldr
[27/02/2010 | 16:25:08] | \pagefile.sys
[21/05/2011 | 10:54:47] | \Pre_Scan.txt
[16/01/2006 | 19:30:09] | \Program Files
[27/02/2010 | 17:09:44] | \RECYCLER
[16/01/2006 | 19:28:44] | \SUPPORT
[18/01/2006 | 00:15:11] | \SWSTAMP.TXT
[16/01/2006 | 19:29:21] | \System Volume Information
[17/01/2006 | 16:47:50] | \TOOLSCD
[21/05/2011 | 10:54:46] | \txt
[16/01/2006 | 19:28:47] | \VALUEADD
[16/01/2006 | 19:24:52] | \WINDOWS
¤¤¤¤¤¤¤¤¤¤ Listing Tasks
¤¤¤¤¤¤¤¤¤¤ Security
[HKLM | Security Center] | FirstRunDisabled : 1
[HKLM | Security Center] | AntiVirusDisableNotify : 0
[HKLM | Security Center] | AntiVirusOverride : 0
[HKLM | Security Center] | FirewallDisableNotify : 0
[HKLM | Security Center] | FirewallOverride : 0
[HKLM | Security Center] | UpdatesDisableNotify : 0
¤¤¤
Fin : 10:55:48
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
merci tout d'abord de ta réponse, dsl de ne pas avoir répondu plus tot , mais je suis débordé de travail actuellement.
voici ce que dit prescan
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.1.10 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour le 21/05/2011 | 03.45 par g3n-h@ckm@n
Utilisateur : Emilie (Administrateurs)
Ordinateur : YOUR-01199F19B2
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.6.17 (fr)
Scan : 10:54:47 | 21/05/2011
¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
624 | C:\WINDOWS\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
680 | C:\WINDOWS\system32\csrss.exe - SYSTEM - Normal - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 624
708 | C:\WINDOWS\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 624
760 | C:\WINDOWS\system32\services.exe - SYSTEM - Normal - C:\WINDOWS\system32\services.exe - 708
772 | C:\WINDOWS\system32\lsass.exe - SYSTEM - Normal - C:\WINDOWS\system32\lsass.exe - 708
964 | C:\WINDOWS\system32\Ati2evxx.exe - SYSTEM - Normal - C:\WINDOWS\system32\Ati2evxx.exe - 760
984 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost -k DcomLaunch - 760
1084 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost -k rpcss - 760
1148 | C:\WINDOWS\System32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\System32\svchost.exe -k netsvcs - 760
1212 | C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" - 760
1300 | C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" - 760
1472 | C:\WINDOWS\system32\svchost.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
1704 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - SYSTEM - Normal - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - 760
1340 | C:\WINDOWS\system32\spoolsv.exe - SYSTEM - Normal - C:\WINDOWS\system32\spoolsv.exe - 760
552 | C:\WINDOWS\system32\svchost.exe - - Normal - C:\WINDOWS\system32\svchost.exe -k LocalService - 760
776 | C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - SYSTEM - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" - 760
1580 | C:\Program Files\Java\jre6\bin\jqs.exe - SYSTEM - Idle - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - 760
1640 | C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - SYSTEM - Normal - "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" - 760
1936 | C:\WINDOWS\system32\svchost.exe - SYSTEM - Normal - C:\WINDOWS\system32\svchost.exe -k imgsvc - 760
1984 | C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe - SYSTEM - Normal - "C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe" - 760
2044 | C:\WINDOWS\system32\wdfmgr.exe - SERVICE LOCAL - Normal - C:\WINDOWS\system32\wdfmgr.exe - 760
2296 | C:\WINDOWS\system32\wbem\wmiapsrv.exe - SYSTEM - Normal - C:\WINDOWS\system32\wbem\wmiapsrv.exe - 760
2480 | C:\WINDOWS\System32\alg.exe - SERVICE LOCAL - Normal - C:\WINDOWS\System32\alg.exe - 760
4060 | C:\WINDOWS\system32\Ati2evxx.exe - Emilie - Normal - Ati2evxx.exe -Client - 708
2248 | C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe - Emilie - Normal - "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui - 1516
1788 | C:\Program Files\TOSHIBA\Tvs\TvsTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" - 1516
2404 | C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe - Emilie - Normal - "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" - 1516
924 | C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe" - 1516
3712 | C:\WINDOWS\system32\TDispVol.exe - Emilie - Normal - "C:\WINDOWS\system32\TDispVol.exe" - 1516
3700 | C:\WINDOWS\system32\TPSBattM.exe - Emilie - Normal - "C:\WINDOWS\system32\TPSBattM.exe" - 3896
3368 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" - 1516
1440 | C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" - 1516
3048 | C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" - 1516
2792 | C:\Program Files\Synaptics\SynTP\Toshiba.exe - Emilie - Normal - "C:\Program Files\Synaptics\SynTP\Toshiba" /RegPlugIn - 3368
2772 | C:\Program Files\ltmoh\Ltmoh.exe - Emilie - Normal - "C:\Program Files\ltmoh\Ltmoh.exe" - 1516
2868 | C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" - 1516
2864 | C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe - Emilie - Normal - "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless - 1516
2988 | C:\WINDOWS\System32\DLA\DLACTRLW.EXE - Emilie - Normal - "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" - 1516
2100 | C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" -NoClient - 1516
3068 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay - 1516
2928 | C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe - Emilie - Normal - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" - 1516
1896 | C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe - Emilie - Normal - C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding - 984
3268 | C:\WINDOWS\system32\ctfmon.exe - Emilie - Normal - "C:\WINDOWS\system32\ctfmon.exe" - 1516
2068 | C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe - Emilie - Normal - "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" - 1516
4052 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard - 3068
3352 | C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - Emilie - Normal - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray - 3068
720 | C:\Program Files\Windows Live\Contacts\wlcomm.exe - Emilie - Normal - "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding - 984
656 | C:\WINDOWS\system32\wscntfy.exe - Emilie - Normal - C:\WINDOWS\system32\wscntfy.exe - 1148
3044 | C:\WINDOWS\system32\wuauclt.exe - SYSTEM - Normal - "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[47c]SUSDS54df6aa63495d84fb96c55122f93a4c3 - 1148
2012 | C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe - Emilie - High - "C:\Documents and Settings\Emilie\Mes documents\Téléchargements\Pre_scan.exe" - 232
3780 | C:\WINDOWS\system32\cmd.exe - Emilie - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2012
2304 | C:\WINDOWS\explorer.exe - Emilie - Normal - C:\WINDOWS\explorer.exe - 708
3964 | C:\Kill'em\Pv.exe - Emilie - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3780
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\WINDOWS\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 0 -> 1
[HKLM | Winlogon] | System :
¤¤¤¤¤¤¤¤¤¤ Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\explorer.exe
¤
[Firefox | Command] | @ : C:\Program Files\Mozilla Firefox\firefox.exe -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ Divers
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKCU | Desktop] | Wallpaper : C:\Documents and Settings\Emilie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | HonorAutoRunSetting : 1
Supprimé : [HKU\.DEFAULT | Internet Explorer | FEATURE_BROWSER_EMULATION] -> svchost.exe
¤¤¤¤¤¤¤¤¤¤ Services
[Ndisuio] | Start : 3
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[ERSvc] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 3 -> 2 : Redémarré
[SharedAccess] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
[wzcsvc] | Start : 2 : Actif
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKCU | Main] | Start Page : https://www.facebook.com -> https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\WINDOWS\system32\blank.htm
[HKCU | Main] | Search Page : https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\WINDOWS\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processus
C:\WINDOWS\agrsmmsg.exe -> Processus stoppé
C:\WINDOWS\RTHDCPL.exe -> Processus stoppé
C:\Documents and Settings\Emilie\Bureau\OpenOffice.org 3.2 (fr) Installation Files\setup.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre
Mise en quarantaine : C:\Firefox Setup 3.6.exe
Mise en quarantaine : C:\ishigo.exe
Erreur de suppression : C:\ishigo.exe
Mise en quarantaine : C:\OOo_3.2.0_Win32Intel_install_wJRE_fr.exe
Mise en quarantaine : C:\DOCUME~1\Emilie\LOCALS~1\Temp\flaA6.tmp
Mise en quarantaine : C:\WINDOWS\Temp\xuag\setup.exe
¤¤¤¤¤¤¤¤¤¤ IFEO
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
Supprimé : [{6ef887a3-23ad-11df-b5d9-00a0d14940b3} | Autorun\command] -> E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
¤¤¤¤¤¤¤¤¤¤ Listing %AppData%
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Adobe
[22/03/2010 | 18:03:58] | C:\Documents and Settings\Emilie\Application Data\AdobeUM
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\ATI
[23/06/2010 | 14:10:50] | C:\Documents and Settings\Emilie\Application Data\DAEMON Tools Lite
[27/02/2010 | 16:30:46] | C:\Documents and Settings\Emilie\Application Data\desktop.ini
[02/03/2010 | 15:35:52] | C:\Documents and Settings\Emilie\Application Data\dvdcss
[10/05/2010 | 08:37:35] | C:\Documents and Settings\Emilie\Application Data\Hotbar
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Identities
[27/02/2010 | 16:32:39] | C:\Documents and Settings\Emilie\Application Data\Intel
[09/04/2010 | 13:06:41] | C:\Documents and Settings\Emilie\Application Data\InterVideo
[27/02/2010 | 17:24:04] | C:\Documents and Settings\Emilie\Application Data\Macromedia
[28/02/2010 | 22:29:00] | C:\Documents and Settings\Emilie\Application Data\Malwarebytes
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Microsoft
[28/02/2010 | 21:10:26] | C:\Documents and Settings\Emilie\Application Data\Mozilla
[27/02/2010 | 18:52:39] | C:\Documents and Settings\Emilie\Application Data\OpenOffice.org
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\Sonic
[27/02/2010 | 18:43:57] | C:\Documents and Settings\Emilie\Application Data\Sun
[25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Supaop
[27/02/2010 | 16:30:45] | C:\Documents and Settings\Emilie\Application Data\toshiba
[25/04/2011 | 14:36:03] | C:\Documents and Settings\Emilie\Application Data\Vayzsu
[02/03/2010 | 15:35:56] | C:\Documents and Settings\Emilie\Application Data\vlc
[10/05/2010 | 08:37:38] | C:\Documents and Settings\Emilie\Application Data\WeatherDPA
[01/06/2010 | 14:33:12] | C:\Documents and Settings\Emilie\Application Data\WinRAR
¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%
[10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[25/04/2011 | 21:04:59] | C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat
[29/09/2010 | 17:50:58] | C:\Documents and Settings\All Users\Application Data\Adobe
[27/02/2010 | 17:52:52] | C:\Documents and Settings\All Users\Application Data\Alwil Software
[23/06/2010 | 14:10:33] | C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[16/01/2006 | 19:29:53] | C:\Documents and Settings\All Users\Application Data\desktop.ini
[10/05/2010 | 08:37:39] | C:\Documents and Settings\All Users\Application Data\HotbarSA
[27/02/2010 | 16:32:50] | C:\Documents and Settings\All Users\Application Data\Intel
[28/02/2010 | 22:28:55] | C:\Documents and Settings\All Users\Application Data\Malwarebytes
[28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee
[28/02/2010 | 21:28:19] | C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[16/01/2006 | 19:29:36] | C:\Documents and Settings\All Users\Application Data\Microsoft
[16/01/2006 | 18:42:40] | C:\Documents and Settings\All Users\Application Data\SBSI
[27/02/2010 | 18:44:42] | C:\Documents and Settings\All Users\Application Data\Sun
[17/01/2006 | 15:47:31] | C:\Documents and Settings\All Users\Application Data\Symantec
¤¤¤¤¤¤¤¤¤¤ Listing %LocalAppData%
[26/06/2010 | 12:58:02] | \043e7f690788684efb8a3d5c7f
[03/08/2010 | 18:57:14] | \4e0daae221c1d3716b1598e16c024f
[16/01/2006 | 18:37:23] | \AUTOEXEC.BAT
[16/01/2006 | 18:23:59] | \boot.ini
[16/01/2006 | 18:23:28] | \Bootfont.bin
[21/05/2011 | 10:52:11] | \cfg.ini
[16/01/2006 | 18:37:23] | \CONFIG.SYS
[16/01/2006 | 19:29:21] | \Documents and Settings
[26/06/2010 | 12:57:46] | \f8ff1f9c182ef725f4
[28/11/2010 | 16:55:33] | \FA-123
[26/06/2010 | 13:07:45] | \fbde452df21bd9a6315a7ff6
[28/02/2010 | 22:49:23] | \hiberfil.sys
[16/01/2006 | 18:11:27] | \I386
[16/01/2006 | 18:37:23] | \IO.SYS
[16/01/2006 | 18:23:05] | \ishigo.exe
[21/05/2011 | 10:54:47] | \Kill'em
[16/01/2006 | 18:37:23] | \MSDOS.SYS
[17/01/2006 | 15:45:25] | \MSOCache
[16/01/2006 | 18:23:30] | \NTDETECT.COM
[16/01/2006 | 18:23:30] | \ntldr
[27/02/2010 | 16:25:08] | \pagefile.sys
[21/05/2011 | 10:54:47] | \Pre_Scan.txt
[16/01/2006 | 19:30:09] | \Program Files
[27/02/2010 | 17:09:44] | \RECYCLER
[16/01/2006 | 19:28:44] | \SUPPORT
[18/01/2006 | 00:15:11] | \SWSTAMP.TXT
[16/01/2006 | 19:29:21] | \System Volume Information
[17/01/2006 | 16:47:50] | \TOOLSCD
[21/05/2011 | 10:54:46] | \txt
[16/01/2006 | 19:28:47] | \VALUEADD
[16/01/2006 | 19:24:52] | \WINDOWS
¤¤¤¤¤¤¤¤¤¤ Listing Tasks
¤¤¤¤¤¤¤¤¤¤ Security
[HKLM | Security Center] | FirstRunDisabled : 1
[HKLM | Security Center] | AntiVirusDisableNotify : 0
[HKLM | Security Center] | AntiVirusOverride : 0
[HKLM | Security Center] | FirewallDisableNotify : 0
[HKLM | Security Center] | FirewallOverride : 0
[HKLM | Security Center] | UpdatesDisableNotify : 0
¤¤¤
Fin : 10:55:48
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
selectionne ce texte sans les lignes :
___________________________________________________
file::
C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat
folder::
C:\Documents and Settings\Emilie\Application Data\Hotbar
C:\Documents and Settings\Emilie\Application Data\Supaop
C:\Documents and Settings\Emilie\Application Data\Vayzsu
C:\Documents and Settings\Emilie\Application Data\WeatherDPA
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\HotbarSA
___________________________________________________
copie-le (ctrl+c) puis lance Pre_Script qui est sur ton bureau
poste Pre_Script.txt qui apparaitra à coté de l'executable en fin de travail
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
___________________________________________________
file::
C:\Documents and Settings\All Users\Application Data\6J15NkDHx.dat
folder::
C:\Documents and Settings\Emilie\Application Data\Hotbar
C:\Documents and Settings\Emilie\Application Data\Supaop
C:\Documents and Settings\Emilie\Application Data\Vayzsu
C:\Documents and Settings\Emilie\Application Data\WeatherDPA
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\HotbarSA
___________________________________________________
copie-le (ctrl+c) puis lance Pre_Script qui est sur ton bureau
poste Pre_Script.txt qui apparaitra à coté de l'executable en fin de travail
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
