probleme de connexion

[giginick]

======Security center information======

 

AV: avast! Antivirus

 

======System event log======

 

Computer Name: ACER

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

 

Record Number: 4211

Source Name: Service Control Manager

Time Written: 20101103181029.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: ACER

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

 

Record Number: 4210

Source Name: Service Control Manager

Time Written: 20101103181029.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: ACER

Event Code: 7036

Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

 

Record Number: 4209

Source Name: Service Control Manager

Time Written: 20101103181029.000000+060

Event Type: Informations

User:

 

Computer Name: ACER

Event Code: 49

Message: Échec de la configuration du fichier d'échange pour le vidage sur incident.

Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage

et qu'il est suffisamment grand pour contenir toute la mémoire physique.

 

Record Number: 4208

Source Name: Ftdisk

Time Written: 20101103181006.000000+060

Event Type: erreur

User:

 

Computer Name: ACER

Event Code: 45

Message: Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

 

Record Number: 4207

Source Name: Ftdisk

Time Written: 20101103181006.000000+060

Event Type: erreur

User:

 

=

[giginick]

j'ai un peu de mal a le mettre car firefox m'empeche des fois de poster

Modifié le 12 novembre 2010 par giginick

[giginick]

par contre pour supprimer un doublon on fait comment?

Modifié le 12 novembre 2010 par giginick

[giginick]

que c'est ennuyeux firefox parfois

Modifié le 12 novembre 2010 par giginick

[giginick]

Computer Name: ACER

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 3

Source Name: SecurityCenter

Time Written: 20101110131635.000000+060

Event Type: Informations

User:

 

 

-----Computer Name: ACER

Event Code: 0

Message:

Record Number: 2

Source Name: gupdate1c9d9658267ac30

Time Written: 20101110131629.000000+060

Event Type: Informations

User:

 

Computer Name: ACER

Event Code: 0

Message:

Record Number: 1

Source Name: EpsonCustomerResearchParticipation

Time Written: 20101110131629.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2302

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF------------

[giginick]

Logfile of random's system information tool 1.08 (written by random/random)

Run by Utilisateur at 2010-11-12 08:22:21

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 76 GB (76%) free of 100 GB

Total RAM: 958 MB (52% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:22:22, on 12/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\DATAMN~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE

C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

D:\Téléchargements\RSIT.exe

C:\Program Files\trend micro\Utilisateur.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: MediaBar - {7B840956-64ED-11DE-B890-694956D89593} - C:\PROGRA~1\LPHANT~1\MediaBar\ToolBar\LphantMediabarDx.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: MediaBar - {7B840956-64ED-11DE-B890-694956D89593} - C:\PROGRA~1\LPHANT~1\MediaBar\ToolBar\LphantMediabarDx.dll

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\WINDOWS\TEMP\E_S49E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227000416578

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\IEBHO.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service Google Update (gupdate1c9d9658267ac30) (gupdate1c9d9658267ac30) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 9004 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\Avast.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2931123349-3457853573-650866894-1004.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2931123349-3457853573-650866894-1004.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B840956-64ED-11DE-B890-694956D89593}]

MediaBar - C:\PROGRA~1\LPHANT~1\MediaBar\ToolBar\LphantMediabarDx.dll [2010-01-20 87488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

{7B840956-64ED-11DE-B890-694956D89593} - MediaBar - C:\PROGRA~1\LPHANT~1\MediaBar\ToolBar\LphantMediabarDx.dll [2010-01-20 87488]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

"DATAMNGR"=C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\DATAMN~1.EXE [2010-10-19 984000]

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2010-08-02 1167808]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]

"ABBYY Screenshot Reader Bonus"=C:\Program Files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe [2009-11-25 939272]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\LPHANT~1\MediaBar\Datamngr\IEBHO.dll "

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"

"C:\Program Files\Lphant Applications\Lphant\Lphant.exe"="C:\Program Files\Lphant Applications\Lphant\Lphant.exe:*:Enabled:Lphant"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Lphant Applications\Lphant\Lphant.exe"="C:\Program Files\Lphant Applications\Lphant\Lphant.exe:*:Enabled:Lphant"

 

======List of files/folders created in the last 1 months======

 

2010-11-12 08:20:27 ----D---- C:\rsit

2010-11-10 21:05:23 ----D---- C:\Program Files\ZHPDiag

2010-11-02 12:04:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-11-02 12:00:46 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2010-11-02 12:00:46 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2010-11-02 12:00:46 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2010-11-02 12:00:46 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2010-11-02 12:00:46 ----A---- C:\WINDOWS\system32\unacev2.dll

2010-11-02 12:00:45 ----D---- C:\Program Files\Trojan Remover

2010-11-02 12:00:45 ----D---- C:\Documents and Settings\Utilisateur\Application Data\Simply Super Software

2010-11-02 12:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2010-11-02 11:57:42 ----D---- C:\Program Files\Trend Micro

2010-10-30 11:11:13 ----D---- C:\Documents and Settings\Utilisateur\Application Data\lphantmediabartb

2010-10-30 11:10:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lphant

2010-10-30 11:10:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{4DA0F36C-DD53-4EB2-A0A8-6606C8680A7E}

2010-10-25 19:24:58 ----D---- C:\Program Files\Plus!

2010-10-21 07:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender

2010-10-21 07:40:01 ----D---- C:\Program Files\Fichiers communs\Softwin

2010-10-19 22:54:41 ----D---- C:\Program Files\Realtek AC97

2010-10-19 15:52:02 ----D---- C:\Documents and Settings\Utilisateur\Application Data\vlc

2010-10-19 15:51:25 ----D---- C:\Program Files\VideoLAN

 

======List of files/folders modified in the last 1 months======

 

2010-11-12 08:21:43 ----D---- C:\WINDOWS\Prefetch

2010-11-12 08:15:31 ----D---- C:\WINDOWS\Temp

2010-11-12 07:23:45 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-11 12:52:20 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-10 21:05:23 ----RD---- C:\Program Files

2010-11-10 20:59:22 ----SHD---- C:\WINDOWS\Installer

2010-11-10 20:59:09 ----D---- C:\WINDOWS\system32

2010-11-04 17:02:21 ----D---- C:\Documents and Settings\Utilisateur\Application Data\ChessBase

2010-11-04 16:58:48 ----A---- C:\WINDOWS\ChssBase.ini

2010-11-04 13:39:19 ----A---- C:\WINDOWS\win.ini

2010-11-02 11:53:38 ----D---- C:\WINDOWS\system32\drivers

2010-11-02 11:48:37 ----D---- C:\WINDOWS

2010-10-31 05:41:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-30 11:11:18 ----D---- C:\Documents and Settings\Utilisateur\Application Data\Mozilla

2010-10-30 11:11:10 ----D---- C:\Program Files\Lphant Applications

2010-10-28 23:07:41 ----D---- C:\Program Files\Mozilla Firefox

2010-10-21 10:59:40 ----SD---- C:\Documents and Settings\Utilisateur\Application Data\Microsoft

2010-10-21 07:40:01 ----D---- C:\Program Files\Fichiers communs

2010-10-20 11:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-10-19 22:55:03 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-10-19 22:54:52 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-10-19 15:44:14 ----D---- C:\Documents and Settings\Utilisateur\Application Data\Media Player Classic

2010-10-19 15:44:10 ----D---- C:\WINDOWS\Debug

2010-10-16 10:37:15 ----A---- C:\WINDOWS\NeroDigital.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 ohci1394;Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface); C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-30 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-30 12928]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys []

S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]

S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]

S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []

S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []

S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []

S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\EverestDriver.sys []

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912]

S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]

R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2010-09-29 472448]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]

S2 gupdate1c9d9658267ac30;Service Google Update (gupdate1c9d9658267ac30); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-20 133104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[pear]

Bonsoir,

 

Il n'y a pas d'infection visible.

 

Voyons 's'il y en de cachées:

 

Télécharger GMER

clic sur "Download EXE" et télécharger le fichier sur le bureau.

 

Désactiver les protection (antivirus, antispyware etc) et fermer tous les programmes ouverts.

Double-clic sur le fichier GMER téléchargé.

- Dans la section de droite de la fenêtre de l'outil, Vérifiez que soient décochées :

Show All

Une fois lancé, clic droit sur le fond blanc et clic sur "Only Non MS files"

Clic en bas à droite sur le bouton "Scan" pour lancer le scan.

 

 

Lorsque le scan est terminé, clic sur "Copy"

 

Il peut arriver que GMER plante sans raison apparente.

Vous pouvez essayer ceci : décocher "Devices" dans un premier temps et repasser l'outil ;

si ça coince toujours, décocher en plus "Files" et ré-essayez un scan.

Lorsque les informations sur le scan s'affichent , les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

 

 

Ouvrez le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistrer le fichier sur le bureau et copier/coller le contenu.

[giginick]

apparemment j'ai procédé comme indiqué ci-dessus et rien n'a été détecté à croire que ce n'est pas un virus