Votre question

Svchost.exe -Erreur d'application l'instruction à 0x6f8916c8

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Octobre 2009 12:45:16

Bonjour,

après quelque temps de l'ouverture d'une session windows je reçoi le message suivant :

**** svchost.exe -Erreur d'application
l'instruction à 0x6f8916c8 emploi l'adresse mémoire 0x0199005c la mémoire ne peut pas être "read".
Cliquez sur OK pour terminer le programme.
Cliquez sur Annuler pour débouguer le programme ****

Si je clique sur "OK ou Annuler" windows se bloque.

J'ai un Dell Optiplex 320
CPU : 3 Ghz
RAM : 1 Go
Os : Win XP SP2
DD : 80 Go

Merci pour votre aide.

Autres pages sur : svchost exe erreur application instruction 0x6f8916c8

a c 614 8 Sécurité
a b 9 Windows
19 Octobre 2009 13:55:07

[:arslan:13] Bonjour,


C'est un souci récent ?

Est-ce apparu après une mise à jour du système ? L'installation d'un programme/périphérique ?


Pour voir :

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

  • Double-clique sur RSIT.exe pour l'exécuter.
  • Clique sur le bouton "Continue" sur la fenêtre d'avertissement.
  • Une fois le scan terminé, tu auras deux rapports qui seront ouverts : log.txt et info.txt (dans c:\rsit)
  • Poste les dans ta prochaine réponse s'il te plait

    Note : un rapport hijackthis est contenu dans le rapport log.txt

    [:_tom_:7]
    19 Octobre 2009 17:24:40

    ca date d'environ un mois, j'ai rien installé,

    ************** Info.txt *******************

    info.txt logfile of random's system information tool 1.06 2009-10-19 15:20:59

    ======Uninstall list======

    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.7 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{CB9FF6BD-FCE9-43FB-AD3C-5BCD4C822962}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    BitDefender Antivirus Plus v10-->MsiExec.exe /I{22524CA1-515C-4153-9807-52AE65F73B5F}
    Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
    CodeSite 3.0.1 Client Tools-->C:\PROGRA~1\Raize\CS3\UNWISE.EXE C:\PROGRA~1\Raize\CS3\CS3ClientTools_Install.log
    Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
    Event Log Explorer 3.0-->"C:\Program Files\Event Log Explorer\unins000.exe"
    FacilWebCots 3.0.3.256-->"C:\Cots\unins000.exe"
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    ImageMagick 6.2.5-5.2 Q16 (13/03/07)-->"C:\tools\ImageMagick\6.2.5-5.2-Q16\unins000.exe"
    J2SE Development Kit 5.0 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Knowledge Xpert for Oracle Administration V9.1.1-->C:\PROGRA~1\QUESTS~1\KNOWLE~1\ORADM\UNWISE.EXE C:\PROGRA~1\QUESTS~1\KNOWLE~1\ORADM\INSTALL.LOG
    Knowledge Xpert for PLSQL V9.1.1-->C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\UNWISE.EXE C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\INSTALL.LOG
    Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x40c mmUninstall
    Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Document Explorer 2005 Language Pack - FRA-->MsiExec.exe /X{A0EEDF22-8A8A-45C3-9571-FCCE846ABAED}
    Microsoft Document Explorer 2005-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Access Runtime (French) 2007-->MsiExec.exe /X{90120000-001C-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2000 Driver for JDBC Service Pack 3-->MsiExec.exe /X{ACE98315-EA06-4751-B00C-5B42D1E03A76}
    Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
    Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Microsoft Windows Services for UNIX-->MsiExec.exe /I{51065952-A485-4AA5-8884-2E093B3C6206}
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - FRA\install.exe
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Multi-Remote Registry Change v4-->MsiExec.exe /X{DFE7F0E9-E6AF-421C-A40E-0C83D4FBE3F0}
    MySQL Connector/ODBC 3.51-->MsiExec.exe /I{C0EED196-57F3-46B7-AC3B-B2DD45B01A43}
    Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
    Oracle Database 10g Express Edition-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1033
    Quest Application Integration Tool-->MsiExec.exe /I{D9446E7F-BA07-4F3F-AA44-F1C0C85A3543}
    Quest Installer-->C:\Program Files\Quest Software\Quest Installer\Uninstall.EXE
    Quest SQL Optimizer 7.2 for Oracle-->MsiExec.exe /I{FFE5B5D3-DEA8-4EF0-8FE5-56C206EAACEE}
    Remote Script-->"C:\Program Files\RemoteScript\uninstall.exe"
    SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
    Security Update for Microsoft Services for UNIX(KB939778)-->c:\windows\$NtUninstallKB939778$\hotfix.exe /u
    Toad for Oracle-->MsiExec.exe /I{D6C757FF-2189-46C3-9528-8864B069B192}
    Toad Group Policy Manager-->MsiExec.exe /I{564B3929-368C-4136-9BA6-8AE15126E6B8}
    URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
    winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
    XML Notepad 2007-->MsiExec.exe /I{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}
    Zed! Limited Edition-->MsiExec.exe /I{00000181-251F-5CA8-8868-36F59DEFD14D}

    ======Hosts File======

    192.20.2.55 metperso

    ======Security center information======

    AV: Bitdefender Antivirus (disabled) (outdated)
    FW: Bitdefender Firewall (disabled)

    ======System event log======

    Computer Name: CONNECTION-CI
    Event Code: 17
    Message: Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de
    l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau
    la recherche DNS dans 30 minutes.
    L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751)

    Record Number: 8977
    Source Name: W32Time
    Time Written: 20091012083839.000000+000
    Event Type: error
    User:

    Computer Name: CONNECTION-CI
    Event Code: 7023
    Message: Le service Security Update s'est arrêté avec l'erreur :
    Accès refusé.


    Record Number: 8965
    Source Name: Service Control Manager
    Time Written: 20091012082500.000000+000
    Event Type: error
    User:

    Computer Name: CONNECTION-CI
    Event Code: 7023
    Message: Le service Monitor Support s'est arrêté avec l'erreur :
    Accès refusé.


    Record Number: 8964
    Source Name: Service Control Manager
    Time Written: 20091012082500.000000+000
    Event Type: error
    User:

    Computer Name: CONNECTION-CI
    Event Code: 44044
    Message: I2c return failed

    Record Number: 8963
    Source Name: ati2mtag
    Time Written: 20091012082343.000000+000
    Event Type: error
    User:

    Computer Name: CONNECTION-CI
    Event Code: 44044
    Message: I2c return failed

    Record Number: 8962
    Source Name: ati2mtag
    Time Written: 20091012082343.000000+000
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: TEST-CONNECTION
    Event Code: 32026
    Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
    Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

    Record Number: 14399
    Source Name: Microsoft Fax
    Time Written: 20090611075551.000000+000
    Event Type: warning
    User:

    Computer Name: TEST-CONNECTION
    Event Code: 1014
    Message: Could not connect to Mapping Server at host localhost:while connecting
    : RPC: Port mapper failure - RPC: Unable to receive


    Record Number: 14389
    Source Name: Interix
    Time Written: 20090611075551.000000+000
    Event Type: error
    User:

    Computer Name: TEST-CONNECTION
    Event Code: 32068
    Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
    Code de pays/région : '*'
    Indicatif régional : '*'

    Record Number: 14364
    Source Name: Microsoft Fax
    Time Written: 20090610091627.000000+000
    Event Type: warning
    User:

    Computer Name: TEST-CONNECTION
    Event Code: 32026
    Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
    Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

    Record Number: 14363
    Source Name: Microsoft Fax
    Time Written: 20090610091627.000000+000
    Event Type: warning
    User:

    Computer Name: TEST-CONNECTION
    Event Code: 1014
    Message: Could not connect to Mapping Server at host localhost:while connecting
    : RPC: Port mapper failure - RPC: Unable to receive


    Record Number: 14355
    Source Name: Interix
    Time Written: 20090610091627.000000+000
    Event Type: error
    User:

    ======Environment variables======

    "CLASSPATH"=.;%ORACLE_HOME%\jdbc\lib\ojdbc14.jar;%ORACLE_HOME%\jlib\orai18n.jar;%ITEXT_LIB%
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "COTS_HOME"=c:\cots
    "DISPLAY"=localhost:0.0
    "EDITOR"=vi
    "FP_NO_HOST_CHECK"=NO
    "INTERIX_ROOT"=/dev/fs/C/SFU/
    "INTERIX_ROOT_WIN"=C:\SFU\
    "ITEXT_LIB"=C:\cots\jakarta-tomcat-5.0.28\webapps\birt-viewer\WEB-INF\platform\plugins\com.lowagie.itext\lib\itext-1.3.jar
    "JAVA_HOME"=C:\cots\jdk1.5.0_06
    "LD_LIBRARY_PATH"=/usr/lib:/usr/X11R6/lib
    "NUMBER_OF_PROCESSORS"=2
    "OPENNT_ROOT"=/dev/fs/C/SFU/
    "ORACLE_HOME"=C:\oraclexe\app\oracle\product\10.2.0\server
    "OS"=Windows_NT
    "Path"=c:\tools\imagemagick\6.2.5-5.2-q16;C:\oraclexe\app\oracle\product\10.2.0\server\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\cots\jdk1.5.0_06\bin;C:\facil\web\bin;C:\Program Files\Fichiers communs\Easysoft\Shared\;C:\SFU\common\;C:\Program Files\EasyPHP 2.0b1\www\supervision;C:\tools\ImageMagick\6.2.5-5.2-Q16
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_REVISION"=0605
    "SFUDIR"=C:\SFU\
    "SFUDIR_INTERIX"=/dev/fs/C/SFU/
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "TOOLS_HOME"=c:\tools
    "windir"=%SystemRoot%
    "XAPPLRESDIR"=/usr/X11R6/lib/X11/app-defaults
    "XCMSDB"=/usr/X11R6/lib/X11/Xcms.txt
    "XKEYSYMDB"=/usr/X11R6/lib/X11/XKeysymDB
    "XNLSPATH"=/usr/X11R6/lib/X11/locale

    -----------------EOF-----------------



    ************* Log.txt **************

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-10-19 15:20:56
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 47 GB (62%) free of 76 GB
    Total RAM: 990 MB (51% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\cg.job
    C:\WINDOWS\tasks\cg_j.job
    C:\WINDOWS\tasks\Check_CEI.job
    C:\WINDOWS\tasks\j PC_.job
    C:\WINDOWS\tasks\P.job
    C:\WINDOWS\tasks\PC.job
    C:\WINDOWS\tasks\RUN_MET_PKG.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\cots\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2007-01-12 98304]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
    "SunJavaUpdateSched"=C:\cots\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
    "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-05 144384]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
    "kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-09-30 101447]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    C:\Program Files\Softwin\BitDefender10\bdagent.exe [2007-03-26 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe [2007-03-22 290816]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
    C:\WINDOWS\system32\kavo.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]
    C:\WINDOWS\MDM.EXE []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Raccourci vers BackScan_cs.exe.lnk - C:\Documents and Settings\Administrateur\Bureau\NEW supervision\supervision\BackScan_cs.exe
    Raccourci vers EasyPHP.exe.lnk - C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-02-15 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-05 240128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\cots\jdk1.5.0_06\bin\java.exe"="C:\cots\jdk1.5.0_06\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\Documents and Settings\Operateur\Local Settings\Temp\OraInstall2007-08-18_04-06-08PM\jre\1.4.2\bin\javaw.exe"="C:\Documents and Settings\Operateur\Local Settings\Temp\OraInstall2007-08-18_04-06-08PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw"
    "C:\CQCLocal\Lib\APPRunnera.exe"="C:\CQCLocal\Lib\APPRunnera.exe:*:Enabled:Generic Application Runner"
    "C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\test\lib\APPRunnera.exe"="C:\test\lib\APPRunnera.exe:*:Enabled:Generic Application Runner"
    "C:\CQCLocal\Lib\ManagerRunnera.exe"="C:\CQCLocal\Lib\ManagerRunnera.exe:*:Enabled:Manager Runner"
    "C:\Program Files\PRTG Network Monitor\PRTG Probe.exe"="C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:p RTG_Network_Monitor_Probe"
    "C:\Program Files\PRTG Network Monitor\PRTG Server.exe"="C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:p RTG_Network_Monitor_Server"
    "C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe"="C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:p RTG_Network_Monitor_Admin_Tool"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    shell\AutoRun\command - C:\n.com
    shell\explore\command - C:\n.com
    shell\open\command - C:\n.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17e1212d-6588-11de-b06a-001aa018404e}]
    shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{180fa9e4-8efe-11dd-b03f-001aa018404e}]
    shell\AutoRun\command - E:\zPharaoh.exe
    shell\explore\command - E:\zPharaoh.exe
    shell\open\command - E:\zPharaoh.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f2a0d6-4d7e-11dc-98a9-806d6172696f}]
    shell\AutoRun\command - C:\otyh.cmd
    shell\explore\command - C:\otyh.cmd
    shell\open\command - C:\otyh.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39bf65a5-2b1c-11dd-b030-001aa018404e}]
    shell\AutoRun\command - E:\m.exe
    shell\explore\command - E:\m.exe
    shell\open\command - E:\m.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44e7ef98-7b66-11de-b06c-001aa018404e}]
    shell\AutoRun\command - E:\Memorybar.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44e7ef99-7b66-11de-b06c-001aa018404e}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{548eb648-dbf4-11dd-b054-001aa018404e}]
    shell\AutoRun\command - E:\otyh.cmd
    shell\explore\command - E:\otyh.cmd
    shell\open\command - E:\otyh.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd74f08-e3bf-11dc-b022-001aa018404e}]
    shell\AutoRun\command - b.com
    shell\explore\command - b.com
    shell\open\command - b.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab40ab48-2114-11dd-b02d-001aa018404e}]
    shell\AutoRun\command - E:\tknn6.bat
    shell\explore\command - E:\tknn6.bat
    shell\open\command - E:\tknn6.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0f2ad3-9d91-11dd-b040-001aa018404e}]
    shell\AutoRun\command - E:\n.com
    shell\explore\command - E:\n.com
    shell\open\command - E:\n.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c88db5-75ce-11dd-b03d-001aa018404e}]
    shell\AutoRun\command - E:\n.com
    shell\explore\command - E:\n.com
    shell\open\command - E:\n.com


    ======File associations======

    .js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

    ======List of files/folders created in the last 1 months======

    2009-10-19 15:20:56 ----D---- C:\rsit
    2009-10-19 15:20:56 ----D---- C:\Program Files\trend micro
    2009-10-14 15:34:54 ----RSH---- C:\otyh.cmd

    ======List of files/folders modified in the last 1 months======

    2009-10-19 15:20:56 ----RD---- C:\Program Files
    2009-10-19 12:39:32 ----D---- C:\WINDOWS\Prefetch
    2009-10-19 11:24:11 ----D---- C:\log
    2009-10-18 15:35:58 ----D---- C:\WINDOWS\system32\inetsrv
    2009-10-16 17:58:12 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-10-16 17:58:07 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-10-16 17:56:31 ----D---- C:\WINDOWS\Temp
    2009-10-16 17:56:29 ----D---- C:\WINDOWS
    2009-10-16 17:56:25 ----RSH---- C:\WINDOWS\system32\ckvo0.dll
    2009-10-16 17:56:25 ----D---- C:\WINDOWS\system32
    2009-10-16 17:56:24 ----D---- C:\WINDOWS\system32\drivers
    2009-10-16 17:56:13 ----SHD---- C:\WINDOWS\CSC
    2009-10-05 09:33:38 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-09-30 16:03:27 ----D---- C:\tmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-22 230400]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-15 1754624]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
    R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NfsRdr;NfsRdr; \??\C:\WINDOWS\system32\drivers\nfsrdr.sys []
    R3 Portmap;Portmap; \??\C:\WINDOWS\system32\drivers\portmap.sys []
    R3 PsxDrv;PsxDrv; \??\C:\WINDOWS\system32\drivers\PSXDRV.SYS []
    R3 RpcXdr;RpcXdr; \??\C:\WINDOWS\system32\drivers\rpcxdr.sys []
    R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
    S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
    S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 cxru0wdm;CardMan 5x21; C:\WINDOWS\system32\DRIVERS\cxru0wdm.sys [2007-01-26 184192]
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-15 425984]
    R2 Client for NFS;Client for NFS; C:\WINDOWS\system32\nfsclnt.exe [2003-11-08 53408]
    R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 15872]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
    R2 MSFtpsvc;Publication FTP; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 15872]
    R2 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
    R2 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe [2007-01-19 81920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FacilTomcat;Facil Tomcat; c:/cots/jakarta-tomcat-5.0.28\bin\tomcat5.exe [2007-08-18 94208]
    S3 GroupPolicySrv;TOAD Group Policy Service; C:\Program Files\Quest Software\Toad Group Policy Manager\Service\GroupPolicyService.exe [2007-10-25 908800]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe [2007-03-21 237568]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 57616]
    S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 45056]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
    S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
    S3 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-03-27 446464]
    S3 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]
    S4 CronService;Windows Cron Service; C:\SFU\common\cron.exe [2003-11-08 47536]
    S4 Mapsvc;User Name Mapping; C:\SFU\Mapper\mapsvc.exe [2003-11-08 111728]
    S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 102400]
    S4 OracleServiceDSTR;OracleServiceDSTR; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
    S4 zzInterix;Interix Subsystem Startup; C:\WINDOWS\system32\PSXRUN.EXE [2007-07-02 104448]

    -----------------EOF-----------------





    Merci

    a c 614 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 19:04:57

    Re,

    Bingo, t'a gagné un billet pour la partie "sécurité-virus"

    Bon courage [:_tom_:7]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS