svchost s'emballe!

Accélérer son PC et résoudre les problèmes de lenteur PC et Windows

Modérateur : Mods Windows

Groumpif

svchost s'emballe!

par Groumpif »

Bonjour à tous,

Je viens vous voir parce que depuis un certain temps j'ai un processus svchost qui me prend tout mon processeur après chaque démarrage..
Alors j'ai d'abord pensé à un virus parce que j'avais une version d'avast qui visiblement fonctionnait pas forcement super bien .. alors j'ai installé antivir et fait un scan qui m'a trouvé un virus. Mais même après la mise en quarantaine du virus le problème persiste.
J'ai vu que beaucoup de personne avaient ce même problème, mais je n'ai pas trouvé de solution qui marche pour moi pour l'instant.
J'ai remarqué que le processus s'emballait quand je lançais firefox. Mais c'est peu être un hasard parce que c'est à peu près la première chose que je fais en arrivant sur mon pc.

Enfin voila si vous avez besoin de quoi que ce soit comme indication dites moi!

Merci d'avance
SkyTech

Re: svchost s'emballe!

par SkyTech »

Salut,

Pour voir :


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Groumpif

Re: svchost s'emballe!

par Groumpif »

OK voici les 2 rapports

Extrats.Txt
OTL Extras logfile created on: 08/10/2010 18:00:33 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Vincent\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 015,00 Mb Total Physical Memory | 672,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 20,46 Gb Free Space | 51,13% Space Free | Partition Type: NTFS
Drive D: | 106,11 Gb Total Space | 25,03 Gb Free Space | 23,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEB-BOX
Current User Name: Vincent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Maple 11\jre\bin\maple.exe" = C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11 -- (Sun Microsystems, Inc.)
"D:\EvilIslands\game.exe" = D:\EvilIslands\game.exe:*:Enabled:game -- File not found
"C:\Documents and Settings\Vincent\Bureau\utorrent.exe" = C:\Documents and Settings\Vincent\Bureau\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\FreeSpace2\FS2.exe" = D:\FreeSpace2\FS2.exe:*:Enabled:FreeSpace -- File not found
"D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\GUILD WARS\Gw.exe" = D:\GUILD WARS\Gw.exe:*:Enabled:GUILD WARS -- File not found
"D:\Dawn of War - Dark Crusade\DarkCrusade.exe" = D:\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found
"C:\Documents and Settings\Vincent\Local Settings\Temp\eclipse-jee-galileo-SR2-win32\eclipse\eclipse.exe" = C:\Documents and Settings\Vincent\Local Settings\Temp\eclipse-jee-galileo-SR2-win32\eclipse\eclipse.exe:*:Enabled:eclipse.exe -- File not found
"C:\Documents and Settings\Vincent\Local Settings\Temp\eclipse-jee-galileo-SR2-win32\eclipse\eclipsec.exe" = C:\Documents and Settings\Vincent\Local Settings\Temp\eclipse-jee-galileo-SR2-win32\eclipse\eclipsec.exe:*:Enabled:eclipsec -- ()
"D:\TmNationsForever\TmForever.exe" = D:\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"D:\Steam2\steamapps\sigmar_avenger\condition zero\hl.exe" = D:\Steam2\steamapps\sigmar_avenger\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- File not found
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- File not found
"C:\Documents and Settings\Vincent\Local Settings\Temp\pylB.tmp\pyrun.exe" = C:\Documents and Settings\Vincent\Local Settings\Temp\pylB.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
"C:\Documents and Settings\Vincent\Local Settings\Temp\pyl7.tmp\pyrun.exe" = C:\Documents and Settings\Vincent\Local Settings\Temp\pyl7.tmp\pyrun.exe:*:Enabled:pyrun -- File not found
"C:\Documents and Settings\Vincent\Local Settings\Temp\pyl2.tmp\pyrun.exe" = C:\Documents and Settings\Vincent\Local Settings\Temp\pyl2.tmp\pyrun.exe:*:Enabled:pyrun -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A7F0737-99DD-4D56-8866-C4FE96F44F2A}" = TES Construction Set
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{34D48F0E-C2F1-4ED7-841D-210B2517BC7E}" = StarOffice 8
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.5
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{68F7EA5B-C5A9-4D40-B305-991340482488}" = AdaGide
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}" = ASUS Easy Update
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2174B0-F84A-11D4-ACAA-0010A4E31500}" = GNAT Public Version Ada 95 Environment 3.15p
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aMSN" = aMSN 0.97.2
"Armor Command" = Armor Command
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Baldur's Gate" = Baldur's Gate
"Blaze Media Pro" = Blaze Media Pro
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Cossacks : The Art Of War" = Cossacks - The Art of War
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"docXConverter3_is1" = docXConverter 3.1.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enregistrement utilisateur de Canon MP250 series" = Enregistrement utilisateur de Canon MP250 series
"FileZilla Client" = FileZilla Client 3.2.6.1
"foobar2000" = foobar2000 v0.9.6.3
"Foxit Reader" = Foxit Reader
"Freelancer 1.0" = Freelancer
"Frets on Fire" = Frets On Fire
"Globulation_2" = Globulation 2
"Guitare-Online - Accordeur Multi Instruments [DEMO]_is1" = Guitare-Online - Accordeur Multi Instruments [DEMO], version 2.
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Machinarium" = Machinarium
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Quick Zip_is1" = Quick Zip 4.60.019
"RealAlt_is1" = Real Alternative 1.60
"Rogue Spear" = Rogue Spear
"Steam App 80" = Condition Zero
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuxGuitar 1.0" = TuxGuitar
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"Wubi" = Ubuntu
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/09/2009 09:18:39 | Computer Name = SEB-BOX | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/m ... ootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 30/09/2009 09:18:39 | Computer Name = SEB-BOX | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/m ... ootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 01/10/2009 07:49:26 | Computer Name = SEB-BOX | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.

Error - 02/10/2009 11:12:36 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/10/2009 11:39:54 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/10/2009 12:15:29 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 03/10/2009 07:08:33 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 03/10/2009 08:45:43 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 03/10/2009 12:46:20 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 08/10/2009 10:06:16 | Computer Name = SEB-BOX | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 08/10/2010 11:45:00 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:00 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:00 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:00 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:00 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:08 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 08/10/2010 11:45:08 | Computer Name = SEB-BOX | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 0.0.0.0 pour la carte réseau dont l'adresse
réseau est 002354C23E7B a été refusé par le serveur DHCP 172.17.32.2 (celui-ci a
envoyé un message DHCPNACK).

Error - 08/10/2010 11:45:09 | Computer Name = SEB-BOX | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 0.0.0.0 pour la carte réseau dont l'adresse
réseau est 002354C23E7B a été refusé par le serveur DHCP 172.17.32.2 (celui-ci a
envoyé un message DHCPNACK).

Error - 08/10/2010 11:45:13 | Computer Name = SEB-BOX | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 172.17.128.166,
car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.

Error - 08/10/2010 12:15:32 | Computer Name = SEB-BOX | Source = BROWSER | ID = 8032
Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs
trop important en essayant de retrouver la copie de sauvegarde de la liste sur
le transport \Device\NwlnkNb. L'explorateur secondaire s'arrête.


< End of report >
Et OTL.Txt
OTL logfile created on: 08/10/2010 18:00:33 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Vincent\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 015,00 Mb Total Physical Memory | 672,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 20,46 Gb Free Space | 51,13% Space Free | Partition Type: NTFS
Drive D: | 106,11 Gb Total Space | 25,03 Gb Free Space | 23,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEB-BOX
Current User Name: Vincent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Vincent\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()
PRC - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Vincent\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()
SRV - (RalinkRegistryWriter) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (SSScsiSV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (pnicml) -- C:\DOCUME~1\Vincent\LOCALS~1\Temp\pnicml.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys File not found
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (RTSTOR) -- C:\WINDOWS\system32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "google.Fr"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.21.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.autoconfig_url: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "220.189.228.179"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "220.189.228.179"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "220.189.228.179"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "220.189.228.179"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "http://proxypac/proxy.pac"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 17:56:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 18:45:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/26 01:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/25 19:01:07 | 000,000,000 | ---D | M]

[2009/03/13 16:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Extensions
[2010/10/08 14:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions
[2010/09/15 19:00:29 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 18:34:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 18:32:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/27 23:59:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/19 22:47:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/10 00:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/06 17:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\[email protected]
[2009/08/03 23:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\[email protected]
[2010/04/25 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\[email protected]
[2010/10/08 17:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 20:09:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/06 20:08:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/10 00:32:06 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/29 18:54:01 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/29 18:54:01 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/29 18:54:01 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/29 18:54:01 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/29 18:54:01 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.128.5
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/19 12:07:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\Shell\AutoRun\command - "" = gi2ky.exe
O33 - MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\Shell\open\Command - "" = gi2ky.exe
O33 - MountPoints2\{7e3850de-3f23-11de-82a6-ca2c1cdfa293}\Shell\AutoRun\command - "" = E:\ClickMe.exe -- File not found
O33 - MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\Shell - "" = AutoRun
O33 - MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\Shell\AutoRun\command - "" = mbdm.exe
O33 - MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\Shell\open\Command - "" = mbdm.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: wmcmgc - File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/07 15:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\Avira
[2010/10/07 15:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/07 15:54:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/07 15:54:39 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/07 15:54:39 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/07 15:54:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/07 15:54:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/07 15:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/07 15:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/07 15:34:03 | 000,000,000 | ---D | C] -- C:\ubuntu
[2010/10/03 22:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\vlc
[2010/10/03 22:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/03 22:02:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Identities
[2010/09/15 20:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/09 17:01:36 | 000,000,000 | ---D | C] -- C:\.gvd
[2010/09/09 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\adagide
[2010/09/09 17:00:29 | 000,000,000 | ---D | C] -- C:\GNAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 17:42:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 17:42:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 17:41:36 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Vincent\NTUSER.DAT
[2010/10/08 17:41:36 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Vincent\ntuser.ini
[2010/10/08 17:41:29 | 004,222,718 | -H-- | M] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\IconCache.db
[2010/10/07 20:00:48 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/07 19:58:01 | 000,000,847 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/07 19:58:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/07 19:58:01 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2010/10/07 15:55:04 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/10/07 15:33:40 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/10/05 17:15:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/03 22:59:07 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/10/03 21:38:30 | 000,041,400 | ---- | M] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/15 22:48:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/13 18:39:37 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 15:55:04 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/10/03 22:59:07 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/08/30 20:20:53 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/04/24 16:02:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/24 16:02:31 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/24 16:02:31 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/24 16:02:27 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/24 16:02:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/23 19:00:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/11/04 14:12:25 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Vincent\Application Data\lakerda1967.sys
[2009/11/04 14:12:11 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\docXConverter (3).ini
[2009/08/06 17:54:12 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/06 17:54:12 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\PnkBstrK.sys
[2009/07/16 20:46:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/07/16 20:46:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/07/16 20:46:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/24 17:26:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\hlp-fastvid.dll
[2009/05/18 14:25:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\wklnhst.dat
[2009/05/13 19:57:18 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/09 01:55:18 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\QuickZip45.ini
[2009/04/23 19:00:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/04/06 21:28:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/04/06 17:34:56 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/06 14:14:49 | 000,000,806 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/05 13:40:50 | 000,000,619 | ---- | C] () -- C:\WINDOWS\BZII.INI
[2009/04/05 13:05:51 | 000,000,585 | ---- | C] () -- C:\WINDOWS\DR2.INI
[2009/03/30 17:45:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/03/30 17:13:15 | 000,004,505 | ---- | C] () -- C:\WINDOWS\fred2.INI
[2009/03/13 22:33:45 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\fusioncache.dat
[2009/03/13 19:10:20 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 18:50:13 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/04 01:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll
[2008/09/28 19:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2008/08/28 13:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2008/08/28 13:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2008/08/28 13:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/08/19 13:51:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/19 13:33:22 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/08/19 13:27:40 | 000,018,983 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/08/19 13:27:39 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/08/19 13:27:31 | 000,018,945 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/08/19 13:27:31 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/09 00:27:18 | 000,005,342 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/11/06 21:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
J'espère que sa aidera,

Merci a toi de prendre du temps pour mon problème !
SkyTech

Re: svchost s'emballe!

par SkyTech »

Salut,

Normal cette DNS ?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.128.5
172.16.0.0 - 172.31.255.255
4676 Admiralty Way, Suite 330
Marina del Rey, CA
US
---

Désinstalle via Ajout\Suppression de programmes :
  • Skype web features
    Adobe Download Manager
    Foxit Toolbar
    AVG Anti-Spyware 7.5
    DAEMON Tools Toolbar
Firefox -) Outils -) Modules complémentaires, désinstalle Google Toolbar for Firefox.

---

Adobe Reader pas à jour, il contient des failles de sécurités, installe la dernière version ou remplace-le par Sumatra PDF, c'est une alternative gratuite et plus légère.
Bien sûr ce n'est pas une obligation mais un conseil.
(Désinstalle d'abord l'ancienne version via Ajout\Suppression de programmes qui porte le nom de Adobe Reader 8.0)
voir : http://forum.malekal.com/exploitation-s ... ml#p104313

Sur la page de téléchargement de Adobe Reader, décoche McAfee Security Scan avant d'appuyer sur le bouton Télécharger :

Image

---

Java est pas à jour, il contient des failles de sécurités, installe la dernière version : http://www.java.com/fr/download/installed.jsp

Et :

Télécharge JavaRa (de Paul McLain et Fred de Vries)
  • Décompresse le fichier sur ton Bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu.
  • Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
  • Clique sur Effacer les anciennes versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok
  • Ferme l'application.
  • Poste le contenu de C:\JavaRa.log
---

Je te conseille de désinstaller µTorrent, tu connais les risques ?

voir :
http://www.libellules.ch/phpBB2/les-ris ... 28947.html
http://forum.zebulon.fr/prevention-le-p ... 85544.html
http://www.infos-du-net.com/forum/27314 ... ks-risques
http://forum.zebulon.fr/blog/gof/index. ... wentry=526
http://forum.malekal.com/pourquoi-evite ... tml#p21897
http://forum.malekal.com/les-dangers-pe ... tml#p21557
http://forum.malekal.com/danger-des-cra ... html#p4489

---

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparaitra suite à l'opération que tu conserveras sur clé usb par exemple afin d'en coller le résultat:
:OTL
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
DRV - (pnicml) -- C:\DOCUME~1\Vincent\LOCALS~1\Temp\pnicml.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys File not found
[2009/05/10 00:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O33 - MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\Shell\AutoRun\command - "" = gi2ky.exe
O33 - MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\Shell\open\Command - "" = gi2ky.exe
O33 - MountPoints2\{7e3850de-3f23-11de-82a6-ca2c1cdfa293}\Shell\AutoRun\command - "" = E:\ClickMe.exe -- File not found
O33 - MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\Shell - "" = AutoRun
O33 - MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\Shell\AutoRun\command - "" = mbdm.exe
O33 - MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\Shell\open\Command - "" = mbdm.exe
[2010/09/13 18:39:37 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-

:commands
[purity]
[emptytemp]
[emptyflash]
* redemarre le pc sous windows et poste le rapport ici
Groumpif

Re: svchost s'emballe!

par Groumpif »

Bonsoir,

Alors j'ai tout suivi à la lettre, merci beaucoup pour tous ces conseils, sa peut que faire du bien à mon pc tout ça!

Je sais pas trop ce que la DNS est sensé signifier mais en tout cas j'habite en France et je me connecte grâce à un réseau universitaire, alors je suppose que c'est pas normal?

Sinon voici le résultat de JavaRa.log
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Oct 10 21:04:08 2010

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Documents and Settings\Vincent\Application Data\Sun\Java\jre1.6.0_04

Found and removed: C:\Documents and Settings\Vincent\Application Data\Sun\Java\jre1.6.0_11

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\Classes\JavaPlugin.160_20

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_20

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_20

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\JavaPlugin.160_20

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_20

Found and removed: Software\JavaSoft\Java2D\1.6.0_04

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_20

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.


Et le résultat de OTL :
All processes killed
========== OTL ==========
Service NMSAccessU stopped successfully!
Service NMSAccessU deleted successfully!
File C:\Program Files\CDBurnerXP\NMSAccessU.exe File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll File not found not found.
Service pnicml stopped successfully!
Service pnicml deleted successfully!
File C:\DOCUME~1\Vincent\LOCALS~1\Temp\pnicml.sys File not found not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found not found.
Service CrystalSysInfo stopped successfully!
Service CrystalSysInfo deleted successfully!
File C:\Program Files\MediaCoder\SysInfo.sys File not found not found.
Folder C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\0gkt4bc3.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{551119c1-407c-11de-82ad-001b2f339241}\ not found.
File gi2ky.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{551119c1-407c-11de-82ad-001b2f339241}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{551119c1-407c-11de-82ad-001b2f339241}\ not found.
File gi2ky.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3850de-3f23-11de-82a6-ca2c1cdfa293}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e3850de-3f23-11de-82a6-ca2c1cdfa293}\ not found.
File E:\ClickMe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd154783-1936-11de-8209-0015afdb9052}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd154783-1936-11de-8209-0015afdb9052}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd154783-1936-11de-8209-0015afdb9052}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff3ef113-e7e8-11de-8484-0015afdb9052}\ not found.
File mbdm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff3ef113-e7e8-11de-8484-0015afdb9052}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff3ef113-e7e8-11de-8484-0015afdb9052}\ not found.
File mbdm.exe not found.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 34745 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vincent
->Temp folder emptied: 649687081 bytes
->Temporary Internet Files folder emptied: 388916583 bytes
->Java cache emptied: 14643139 bytes
->FireFox cache emptied: 79626106 bytes
->Flash cache emptied: 74948 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9852196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91229592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 19657194 bytes

Total Files Cleaned = 1 196,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Vincent
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10102010_210735

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Voila,
Encore merci !

C'est la première fois que je vois un forum avec quelqu'un qui répond de façon aussi claire et précise, c'est impressionnant !
SkyTech

Re: svchost s'emballe!

par SkyTech »

Salut,
Groumpif a écrit :Je sais pas trop ce que la DNS est sensé signifier mais en tout cas j'habite en France et je me connecte grâce à un réseau universitaire, alors je suppose que c'est pas normal?
Si c'est pas toi qui gère le réseau, c'est pas anormal on va dire :)

Supprime JavaRa &
C:\JavaRa.log
C:\OTL

Puis :

Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton bureau.

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
  • Double-clique sur "USBFix.exe" pour lancer l'outil.
  • Au menu principal choisis La langue : F pour Français
  • Au second menu choisis l'option 1(recherche) et tape sur [entrée] .
  • Puis laisse travailler l'outil ...
  • Une fois terminé, poste le rapport USBFix.txt qui est généré ...

Note : le rapport est sauvegardé à la racine du disque : C:\USBFix.txt)

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Groumpif

Re: svchost s'emballe!

par Groumpif »

Voila, mais j'ai pas de disque dur externe.. enfin pas ici donc j'ai juste mis la clé usb que j'utilise en ce moment.
############################## | UsbFix 7.030 | [Recherche]

Utilisateur: Vincent (Administrateur) # SEB-BOX [ ]
Mis à jour le 10/10/10 par El Desaparecido / C_XX
Lancé à 23:13:30 | 10/10/2010
Site Web: http://www.teamxscript.org
Contact: [email protected]

CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
CPU 2: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 10.0.1.52 [Enabled | Updated]
RAM -> 1015 Mo
C:\ (%systemdrive%) -> Disque fixe # 40 Go (21 Go libre(s) - 54%) [WINXP] # NTFS
D:\ -> Disque fixe # 106 Go (25 Go libre(s) - 24%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (1 Go libre(s) - 64%) [] # FAT32

################## | Éléments infectieux |


Présent! F:\Autorun.inf

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
SkyTech

Re: svchost s'emballe!

par SkyTech »

Va dans Panneau de configuration/Options des dossiers/onglet Affichage.
  • Cochez Afficher les fichiers et dossiers cachés,
  • Décochez Masquer les extensions de fichiers connus
  • Décochez Masquer les fichiers protégés du Système.
Un message de mise en garde va apparaitre. Cliquez sur OK pour confirmer votre choix.

Ouvre F:\Autorun.inf et poste son contenu.
Groumpif

Re: svchost s'emballe!

par Groumpif »

[autorun]
open=wubi.exe --cdmenu
icon=wubi.exe,0
label=Installer Ubuntu

[Content]
MusicFiles=false
PictureFiles=false
VideoFiles=false

C'est pour installer ubuntu normalement.. c'est mon frère qui m'avait passé ça. (et ça marche pas d'ailleurs)
Avira le bloque tout seul d'ailleurs.
SkyTech

Re: svchost s'emballe!

par SkyTech »

Salut,

OK rien d'anormal donc.

Relance USBFix et prends Désinstaller.
Groumpif a écrit :Avira le bloque tout seul d'ailleurs.
Dans AntiVir, tape F8 :

Image

---

Télécharge HiJackThis de TrendMicro sur ton Bureau
  • Procède à son installation.
  • Une fois l'installation achevée, lance le via son icône sur le bureau ou bien via Démarrer>Tout les Programmes>HijackThis>Hijackthis
  • Clique sur "Do a system scan and save a logfile".
  • Le rapport s'affiche dans le bloc-note à présent.
  • Copie colle son contenu dans ton prochain message sur le forum.
Note: Tu peut t'aider de ce tutorial si tu rencontre un problème: Guide sur HiJackThis

Comment se comporte le PC ?
Groumpif

Re: svchost s'emballe!

par Groumpif »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:56, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Vincent\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 6600 bytes
Mon PC va un peu plus vite (au démarrage notamment) mais svchost continue de pomper le processeur.
Après quelque minutes sur mon PC tout se met a ramer. Je peux pas regarder de vidéo normalement par exemple..
SkyTech

Re: svchost s'emballe!

par SkyTech »

Salut,

Désactive CTFMON.exe :

Panneau de configuration >>> Options régionales et linguistiques >>> Langues >>> Détails >>> Avancé >>> Cocher la case "Arrêtez les services de texte avancés"

Désactive aussi Java Quick Starter :

Panneau de configuration (de Windows) > Java > Avancé > Divers > Décocher Java Quick Starter.

---

Relance HijackThis, coche ces lignes et clic sur Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com


---

Menu démarrer, exécuter, tape services.msc, entrée

Dans la fenêtre qui s'ouvre cherche :

InstallDriver Table Manager
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Imapi Helper
NMSAccess
PnkBstrA


Double clique dessus, dans type de démarrage mets manuel.

---
  • Clique sur le Menu Démarrer puis panneau de configuration,
  • Double clique sur Ajout\Suppression de programmes,
  • Clique sur Ajouter/supprimer des composants windows,
  • Décoche si tu t'en sert pas : MSN Explorer, Windows Messenger,
  • Clique sur suivant, laisse faire, redémarre.
Remarque : Windows Messenger ou MSN Explorer n'ont rien à voir avec Windows Live Messenger

Après le redémarrage supprime si présent :

C:\Program Files\Messenger

Poste un nouveau log HijackThis.

Si le problème n'est toujours pas corrigé : http://forum.malekal.com/svchost-exe-ut ... 15289.html
Groumpif

Re: svchost s'emballe!

par Groumpif »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:24, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent\Mes documents\Téléchargements\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 4955 bytes
J'ai pas le temps de vraiment voir mais le problème a pas l'air d'être corrigé.
Je verrai ce soir.

Merci en tout cas!
SkyTech

Re: svchost s'emballe!

par SkyTech »

Fix ces lignes :
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
http://forum.malekal.com/svchost-exe-ut ... 15289.html

Revenir à « Accélérer Windows et problème de lenteur PC »