Suspiscion d'infection sous vista

zlouffi -  
 Utilisateur anonyme -
Bonjour,

Depuis quelques jours, mon portable tourne moins bien. parfois IE ne répond plus ou d'autre prog.
J'ai installé firefox à l'instant, mais je ne pense pas que ça va changer quoi que ce soit.
Au démarrage, j'ai depuis quelques jours (merci emule) client UGI qui m'ennuie au démarrage, et régulièrement une fenêtre Ad from Mobiswing polue mon surf.

Je vous serai bien reconnaissant de me filer les tuyaux à suivre svp !

Je suis allé à cette adresse http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr, qui m'envoie maintenant vers vous pour poster le rapport.

voici ces dits rapports : (pour info, j'ai lancer l'analyse alors que Create DVD Menu tournait.... je sais, désolé..lol )

Logfile of random's system information tool 1.06 (written by random/random)
Run by fsc at 2009-06-30 15:23:07
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 30 GB (31%) free of 94 GB
Total RAM: 2046 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:19, on 30/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Secured eMule\secp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
D:\eMule\emule.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Free DVD Creator\dvdcreator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Free DVD Creator\dvdplay.dll
C:\Users\fsc\Downloads\RSIT(4).exe
C:\Program Files\trend micro\fsc.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3351976751-2110638505-1580277848-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrateur')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\aspirateur_WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\aspirateur_WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\UltraVNC\winvnc.exe (file missing)

--
End of file - 6076 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-05-25 159744]
"PowerManager"=C:\Program Files\Power Manager\PM.exe [2007-05-16 29696]
"BisonAPP"=C:\Windows\BisonCam\BisonAPP.exe [2007-05-17 49152]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-31 6609440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-18 518488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIC HotKey]
C:\Program Files\Hotkey Utility\tray.exe [2007-07-13 561152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-01-17 1006264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c731cd-c79c-11dd-9625-00140b40c709}]
shell\AutoRun\command - G:\bbcauto.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-30 15:23:11 ----D---- C:\Program Files\trend micro
2009-06-30 15:23:07 ----D---- C:\rsit
2009-06-25 20:29:23 ----N---- C:\Windows\system32\Msvbvm50.dll
2009-06-25 20:28:21 ----A---- C:\Windows\IsUn040c.exe
2009-06-23 22:34:29 ----A---- C:\Windows\_MSRSTRT.EXE
2009-06-23 21:58:57 ----D---- C:\Windows\793CFFC9A72F431D9C742E9361E67D04.TMP
2009-06-23 21:58:56 ----D---- C:\Program Files\Secured_eMule
2009-06-22 16:43:49 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-06-22 16:43:48 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-06-22 16:43:48 ----A---- C:\Windows\system32\ff_vfw.dll
2009-06-22 16:43:47 ----D---- C:\Program Files\ffdshow
2009-06-22 15:55:12 ----D---- C:\Users\fsc\AppData\Roaming\vlc
2009-06-19 16:12:25 ----D---- C:\Program Files\Ontrack
2009-06-13 18:29:51 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-06-13 18:29:51 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-06-13 18:29:24 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-06-13 18:29:22 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-06-13 18:29:21 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-06-13 18:29:20 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-06-13 18:29:18 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-06-13 18:29:16 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-06-10 18:50:18 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 18:50:10 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 18:50:10 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 18:50:09 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 18:50:08 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 18:50:08 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 18:50:08 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-10 18:50:03 ----A---- C:\Windows\system32\rpcrt4.dll

======List of files/folders modified in the last 1 months======

2009-06-30 15:24:00 ----D---- C:\Windows\Temp
2009-06-30 15:23:11 ----RD---- C:\Program Files
2009-06-30 11:40:56 ----D---- C:\Users\fsc\AppData\Roaming\dvdcss
2009-06-30 11:39:38 ----D---- C:\Windows\Prefetch
2009-06-30 10:49:26 ----SHD---- C:\System Volume Information
2009-06-30 10:36:57 ----SHD---- C:\Windows\Installer
2009-06-30 10:36:50 ----D---- C:\Windows\system32\drivers
2009-06-30 10:36:50 ----D---- C:\Windows\System32
2009-06-30 09:26:49 ----D---- C:\Program Files\Mozilla Firefox
2009-06-28 15:01:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-28 15:01:49 ----D---- C:\Windows\inf
2009-06-25 20:29:47 ----D---- C:\Windows
2009-06-23 22:33:50 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-23 22:33:41 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-23 22:33:41 ----D---- C:\ProgramData\CyberLink
2009-06-23 22:33:04 ----D---- C:\Program Files\CyberLink
2009-06-22 16:29:16 ----A---- C:\Windows\NeroDigital.ini
2009-06-22 15:54:32 ----D---- C:\Program Files\VLC
2009-06-19 16:10:03 ----A---- C:\Windows\Rtcw.INI
2009-06-19 16:03:53 ----HD---- C:\ProgramData
2009-06-19 16:03:51 ----D---- C:\Program Files\Common Files
2009-06-19 13:00:22 ----D---- C:\Windows\system32\catroot2
2009-06-15 14:22:36 ----D---- C:\ProgramData\Microsoft Help
2009-06-13 18:29:51 ----RSD---- C:\Windows\assembly
2009-06-13 18:29:28 ----D---- C:\Windows\Microsoft.NET
2009-06-13 18:23:11 ----D---- C:\Windows\system32\Tasks
2009-06-13 17:24:59 ----RD---- C:\Users
2009-06-11 09:59:29 ----D---- C:\Windows\system32\migration
2009-06-11 09:59:28 ----D---- C:\Program Files\Internet Explorer
2009-06-11 09:59:17 ----D---- C:\Windows\winsxs
2009-06-11 09:55:31 ----D---- C:\Windows\system32\catroot
2009-06-09 21:27:13 ----SHD---- C:\$Recycle.Bin
2009-06-09 21:24:25 ----HD---- C:\Windows\system32\GroupPolicy
2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-05-15 157696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280]
R3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-24 783272]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-08-31 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-26 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-31 2231456]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-26 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 apw2autt;apw2autt; C:\Windows\system32\drivers\apw2autt.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-05-09 48640]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-18 1003344]
R2 NMSAccessU;NMSAccessU; d:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [2007-10-12 71096]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S2 winvnc;VNC Server; D:\UltraVNC\winvnc.exe -service []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560]

-----------------EOF-----------------

et

info.txt logfile of random's system information tool 1.06 2009-06-30 15:24:50

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AutoWebCam-->C:\Program Files\AutoWebCam\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bison WebCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\setup.exe -runfromtemp -l0x040c -removeonly
CCleaner (remove only)-->"d:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"d:\Program Files\CDex_170b2\uninstall.exe"
Charlotte aux Fraises - Voyage au pays des fraisi-rêves -->d:\Charlotte aux Fraises\uninst.exe
DivXscope 2007-->"d:\Program Files\DivXscope\unins000.exe"
eMule-->"d:\eMule\Uninstall.exe"
EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ffdshow [rev 2202] [2008-10-10]-->"C:\Program Files\ffdshow\unins000.exe"
Free DVD Creator version 2.0-->"d:\Program Files\Free DVD Creator\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GIMP 2.6.3-->"d:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\UIU32m.exe -U -IPDAZLCMzK.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotkey Utility-->"C:\Program Files\Hotkey Utility\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
KaraFun 1.18-->"D:\Program Files\KaraFun\unins000.exe"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571036}
NVIDIA Drivers-->C:\Windows\system32\nvunrm.exe UninstallGUI
Oui-Oui -En route pour l'école-->C:\Windows\IsUn040c.exe -f"D:\Program Files\Oui-Oui -En route pour l'école\Uninst.isu"
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
Power Manager 2.1.10-->"C:\Program Files\Power Manager\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Super DVD Creator 9.8 Full Version-->"d:\Program Files\Sup_DVD_Creator_9.8\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VideoCap 1.0-->"C:\Program Files\VideoCap\unins000.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinHTTrack Website Copier 3.43-3-->"d:\Program Files\aspirateur_WinHTTrack\unins000.exe"
Zattoo 3.3.3 Beta-->D:\Program Files\TVZattoo\uninst.exe

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: pzlouffi
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 69864
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090629215152.956000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: pzlouffi
Event Code: 6
Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 11, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.
Record Number: 69869
Source Name: ACPI
Time Written: 20090630065554.183217-000
Event Type: Erreur
User:

Computer Name: pzlouffi
Event Code: 6
Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 12, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.
Record Number: 69870
Source Name: ACPI
Time Written: 20090630065554.183217-000
Event Type: Erreur
User:

Computer Name: pzlouffi
Event Code: 6
Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 13, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.
Record Number: 69871
Source Name: ACPI
Time Written: 20090630065554.183217-000
Event Type: Erreur
User:

Computer Name: pzlouffi
Event Code: 7000
Message: Le service VNC Server n'a pas pu démarrer en raison de l'erreur :
Le chemin d'accès spécifié est introuvable.
Record Number: 69931
Source Name: Service Control Manager
Time Written: 20090630065738.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: pzlouffi
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Users\fsc\Desktop\fichiers perdus\cluster 21107765.JPG un code suspect avec la désignation 'DR/FakePic.Gen'!
Record Number: 12934
Source Name: Avira AntiVir
Time Written: 20090630082825.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: pzlouffi
Event Code: 10010
Message: Impossible de redémarrer l’application « C:\Windows\explorer.exe » (pid 2660) - Le SID de l’application ne correspond pas à celui du conducteur..
Record Number: 12937
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090630083628.195383-000
Event Type: Avertissement
User: PZLOUFFI\fsc

Computer Name: pzlouffi
Event Code: 1000
Message: Application défaillante NMIndexStoreSvr.exe, version 1.5.13.0, horodatage 0x458d61a6, module défaillant OLMAPI32.DLL_unloaded, version 0.0.0.0, horodatage 0x49e7f423, code d’exception 0xc0000005, décalage d’erreur 0x66884195, ID du processus 0x1164, heure de début de l’application 0x01c9f9652030fb1a.
Record Number: 12957
Source Name: Application Error
Time Written: 20090630092830.000000-000
Event Type: Erreur
User:

Computer Name: pzlouffi
Event Code: 1000
Message: Application défaillante NMIndexStoreSvr.exe, version 1.5.13.0, horodatage 0x458d61a6, module défaillant OLMAPI32.DLL_unloaded, version 0.0.0.0, horodatage 0x49e7f423, code d’exception 0xc0000005, décalage d’erreur 0x68004195, ID du processus 0xbfc, heure de début de l’application 0x01c9f9654d86f7ea.
Record Number: 12958
Source Name: Application Error
Time Written: 20090630092944.000000-000
Event Type: Erreur
User:

Computer Name: pzlouffi
Event Code: 1000
Message: Application défaillante NMIndexStoreSvr.exe, version 1.5.13.0, horodatage 0x458d61a6, module défaillant OLMAPI32.DLL_unloaded, version 0.0.0.0, horodatage 0x49e7f423, code d’exception 0xc0000005, décalage d’erreur 0x675c4195, ID du processus 0x1464, heure de début de l’application 0x01c9f965508d5a1a.
Record Number: 12959
Source Name: Application Error
Time Written: 20090630092949.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: pzlouffi
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-21-3351976751-2110638505-1580277848-1000
Nom du compte : fsc
Domaine du compte : PZLOUFFI
ID du compte : 0xa3cfae

Type d’ouverture de session : 2

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 19389
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630084552.723383-000
Event Type: Succès de l'audit
User:

Computer Name: pzlouffi
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-21-3351976751-2110638505-1580277848-500
Nom du compte : Administrateur
Domaine du compte : PZLOUFFI
ID du compte : 0x9f6f05

Type d’ouverture de session : 2

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 19390
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630092014.642383-000
Event Type: Succès de l'audit
User:

Computer Name: pzlouffi
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PZLOUFFI$
Domaine du compte : MSHOME
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x264
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 19391
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630100025.110383-000
Event Type: Succès de l'audit
User:

Computer Name: pzlouffi
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PZLOUFFI$
Domaine du compte : MSHOME
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x264
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 19392
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630100025.110383-000
Event Type: Succès de l'audit
User:

Computer Name: pzlouffi
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 19393
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090630100025.110383-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Merci, bien à vous.

En attendant je poursuis la manip. expliquée sur le site.

Merci encore du temps que vous m'accorderez.
Configuration: Windows Vista
Firefox 3.0.11

5 réponses

  1. Utilisateur anonyme
     
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c731cd-c79c-11dd-9625-00140b40c709}]
    shell\AutoRun\command - G:\bbcauto.exe

    2009-06-25 20:28:21 ----A---- C:\Windows\IsUn040c.exe
    2009-06-23 22:34:29 ----A---- C:\Windows\_MSRSTRT.EXE
    2009-06-23 21:58:57 ----D---- C:\Windows\793CFFC9A72F431D9C742E9361E67D04.TMP
    2009-06-22 16:43:49 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
    2009-06-22 16:43:48 ----A---- C:\Windows\system32\pthreadGC2.dll
    2009-06-22 16:43:48 ----A---- C:\Windows\system32\ff_vfw.dll
    2009-06-22 16:43:47 ----D---- C:\Program Files\ffdshow

    Cela n'a pas l'air très net
    1
  2. Utilisateur anonyme
     
    nétoi ton ordi avec glary utility ou CCleaner et fait un scan complet avec ton anti virus
    0
  3. zlouffi
     
    Je donne le scan ad-aware après ccleaner !

    Logfile created: 30/06/2009 16:43:7
    Lavasoft Ad-Aware version: 8.0.6
    Extended engine version: 8.1
    User performing scan: fsc

    *********************** Definitions database information ***********************
    Lavasoft definition file: 148.56
    Extended engine definition file: 8.1

    ******************************** Scan results: *********************************
    Scan profile name: Analyse astucieuse (ID: smart)
    Objects scanned: 36204
    Objects detected: 36

    Type Detected
    ==========================
    Processes.......: 0
    Registry entries: 0
    Hostfile entries: 0
    Files...........: 0
    Folders.........: 0
    LSPs............: 0
    Cookies.........: 36
    Browser hijacks.: 0
    MRU objects.....: 0

    Removed items:
    Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
    Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
    Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
    Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
    Description: *adviva* Family Name: Cookies Clean status: Success Item ID: 409016 Family ID: 0
    Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
    Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
    Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
    Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
    Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
    Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
    Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
    Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
    Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
    Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
    Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
    Description: *weborama* Family Name: Cookies Clean status: Success Item ID: 408955 Family ID: 0
    Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
    Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
    Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
    Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
    Description: *adviva* Family Name: Cookies Clean status: Success Item ID: 409016 Family ID: 0
    Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
    Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
    Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
    Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
    Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
    Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
    Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
    Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
    Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
    Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
    Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
    Description: *weborama* Family Name: Cookies Clean status: Success Item ID: 408955 Family ID: 0
    Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
    Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0

    Scan and cleaning complete: Finished correctly after 129 seconds

    *********************************** Settings ***********************************

    Scan profile:
    ID: smart, enabled:1, value: Analyse astucieuse
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: false
    ID: scanhostsfile, enabled:1, value: false
    ID: scanmru, enabled:1, value: false
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
    ID: closebrowsers, enabled:1, value: false
    ID: folderstoscan, enabled:1, value:
    ID: usespywareheuristics, enabled:1, value: true
    ID: extendedengine, enabled:0, value: true
    ID: useheuristics, enabled:0, value: true
    ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
    ID: filescanningoptions, enabled:1
    ID: scanrootkits, enabled:1, value: true
    ID: archives, enabled:1, value: false
    ID: onlyexecutables, enabled:1, value: true
    ID: skiplargerthan, enabled:1, value: 20480

    Scan global:
    ID: global, enabled:1
    ID: addtocontextmenu, enabled:1, value: true
    ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

    Scheduled scan settings:
    <Empty>

    Update settings:
    ID: updates, enabled:1
    ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
    ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: schedules, enabled:1, value: true
    ID: updatedaily, enabled:1, value: Daily
    ID: time, enabled:1, value: Thu Apr 30 22:06:00 2009
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly, enabled:1, value: Weekly
    ID: time, enabled:1, value: Thu Apr 30 22:06:00 2009
    ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: true
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: true
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false

    Appearance settings:
    ID: appearance, enabled:1
    ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
    ID: showtrayicon, enabled:1, value: true
    ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

    Realtime protection settings:
    ID: realtime, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: registryprotection, enabled:0, value: true
    ID: networkprotection, enabled:0, value: true
    ID: usespywareheuristics, enabled:0, value: true
    ID: extendedengine, enabled:0, value: true
    ID: useheuristics, enabled:0, value: true
    ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
    ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

    ****************************** System information ******************************
    Computer name: PZLOUFFI
    Processor name: AMD Turion(tm) 64 Mobile Technology MK-38
    Processor identifier: x86 Family 15 Model 76 Stepping 2
    Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19458, number of processors 1
    Physical memory available: 1076977664 bytes
    Physical memory total: 2145714176 bytes
    Virtual memory available: 2024751104 bytes
    Virtual memory total: 2147352576 bytes
    Memory load: 49%
    Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
    Windows startup mode:

    Running processes:
    PID: 400 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: AUTORITE NT
    PID: 480 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: AUTORITE NT
    PID: 528 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: AUTORITE NT
    PID: 536 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: AUTORITE NT
    PID: 584 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: AUTORITE NT
    PID: 612 name: C:\Windows\System32\services.exe owner: SYSTEM domain: AUTORITE NT
    PID: 628 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: AUTORITE NT
    PID: 636 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: AUTORITE NT
    PID: 788 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
    PID: 860 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
    PID: 888 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1028 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 1056 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1072 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1164 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1184 name: C:\Windows\System32\SLsvc.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
    PID: 1228 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 1348 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
    PID: 1456 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1548 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1572 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1584 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 272 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: AUTORITE NT
    PID: 340 name: C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE owner: SYSTEM domain: AUTORITE NT
    PID: 436 name: C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe owner: SYSTEM domain: AUTORITE NT
    PID: 780 name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 1748 name: D:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe owner: SYSTEM domain: AUTORITE NT
    PID: 856 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
    PID: 1204 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 1980 name: C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe owner: SYSTEM domain: AUTORITE NT
    PID: 1244 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: AUTORITE NT
    PID: 2128 name: C:\Windows\System32\WUDFHost.exe owner: SERVICE LOCAL domain: AUTORITE NT
    PID: 2444 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: AUTORITE NT
    PID: 2452 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT
    PID: 2524 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: AUTORITE NT
    PID: 3288 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
    PID: 2736 name: C:\Windows\System32\taskeng.exe owner: fsc domain: PZLOUFFI
    PID: 2572 name: C:\Windows\System32\dwm.exe owner: fsc domain: PZLOUFFI
    PID: 2900 name: C:\Windows\System32\rundll32.exe owner: fsc domain: PZLOUFFI
    PID: 608 name: C:\Program Files\Apoint2K\Apoint.exe owner: fsc domain: PZLOUFFI
    PID: 2988 name: C:\Program Files\Power Manager\PM.exe owner: fsc domain: PZLOUFFI
    PID: 2720 name: C:\Windows\BisonCam\BisonAPP.exe owner: fsc domain: PZLOUFFI
    PID: 2984 name: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe owner: fsc domain: PZLOUFFI
    PID: 2036 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: fsc domain: PZLOUFFI
    PID: 2276 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: fsc domain: PZLOUFFI
    PID: 1900 name: D:\Program Files\Secured eMule\secp.exe owner: fsc domain: PZLOUFFI
    PID: 3076 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: fsc domain: PZLOUFFI
    PID: 3160 name: C:\Windows\System32\rundll32.exe owner: fsc domain: PZLOUFFI
    PID: 3692 name: C:\Program Files\Apoint2K\ApMsgFwd.exe owner: fsc domain: PZLOUFFI
    PID: 3904 name: C:\Program Files\Apoint2K\ApntEx.exe owner: fsc domain: PZLOUFFI
    PID: 1268 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: fsc domain: PZLOUFFI
    PID: 1692 name: C:\Windows\explorer.exe owner: fsc domain: PZLOUFFI
    PID: 5600 name: C:\Program Files\Windows Media Player\wmplayer.exe owner: fsc domain: PZLOUFFI
    PID: 5728 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: fsc domain: PZLOUFFI
    PID: 2408 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: fsc domain: PZLOUFFI

    Startup items:
    Name: WebCheck
    imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    Name: NvSvc
    imagepath: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    Name: NvCplDaemon
    imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    Name: NvMediaCenter
    imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    Name: Apoint
    imagepath: C:\Program Files\Apoint2K\Apoint.exe
    Name: PowerManager
    imagepath: C:\Program Files\Power Manager\PM.exe
    Name: BisonAPP
    imagepath: C:\Windows\BisonCam\BisonAPP.exe
    Name: RtHDVCpl
    imagepath: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    Name: avgnt
    imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    Name: MSConfig
    imagepath: "C:\Windows\system32\msconfig.exe" /auto
    Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
    imagepath: Component Categories cache daemon
    Name:
    imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    Bootexecute items:
    Name:
    imagepath: autocheck autochk *
    Name:
    imagepath: lsdelete

    Running services:
    Name: AeLookupSvc
    displayname: Expérience d’application
    Name: AntiVirSchedulerService
    displayname: Avira AntiVir Planificateur
    Name: AntiVirService
    displayname: Avira AntiVir Guard
    Name: Appinfo
    displayname: Informations d'application
    Name: AudioEndpointBuilder
    displayname: Générateur de points de terminaison du service Audio Windows
    Name: Audiosrv
    displayname: Audio Windows
    Name: BFE
    displayname: Moteur de filtrage de base
    Name: BITS
    displayname: Service de transfert intelligent en arrière-plan
    Name: Browser
    displayname: Explorateur d'ordinateurs
    Name: CryptSvc
    displayname: Services de chiffrement
    Name: DcomLaunch
    displayname: Lanceur de processus serveur DCOM
    Name: Dhcp
    displayname: Client DHCP
    Name: Dnscache
    displayname: Client DNS
    Name: DPS
    displayname: Service de stratégie de diagnostic
    Name: EapHost
    displayname: Protocole EAP (Extensible Authentication Protocol)
    Name: EPSON_PM_RPCV4_01
    displayname: EPSON V3 Service4(01)
    Name: Eventlog
    displayname: Journal d’événements Windows
    Name: EventSystem
    displayname: Système d'événement COM+
    Name: fdPHost
    displayname: Hôte du fournisseur de découverte de fonctions
    Name: FDResPub
    displayname: Publication des ressources de découverte de fonctions
    Name: FTRTSVC
    displayname: France Telecom Routing Table Service
    Name: gpsvc
    displayname: Client de stratégie de groupe
    Name: IKEEXT
    displayname: Modules de génération de clés IKE et AuthIP
    Name: iphlpsvc
    displayname: Assistance IP
    Name: KeyIso
    displayname: Isolation de clé CNG
    Name: KtmRm
    displayname: Service KtmRm pour Distributed Transaction Coordinator
    Name: LanmanServer
    displayname: Serveur
    Name: LanmanWorkstation
    displayname: Station de travail
    Name: Lavasoft Ad-Aware Service
    displayname: Lavasoft Ad-Aware Service
    Name: lmhosts
    displayname: Assistance NetBIOS sur TCP/IP
    Name: MMCSS
    displayname: Planificateur de classes multimédias
    Name: MpsSvc
    displayname: Pare-feu Windows
    Name: napagent
    displayname: Agent de protection d’accès réseau
    Name: Netman
    displayname: Connexions réseau
    Name: netprofm
    displayname: Service Liste des réseaux
    Name: NetTcpPortSharing
    displayname: Service de partage de ports Net.Tcp
    Name: NlaSvc
    displayname: Connaissance des emplacements réseau
    Name: NMSAccessU
    displayname: NMSAccessU
    Name: nsi
    displayname: Service Interface du magasin réseau
    Name: PcaSvc
    displayname: Service de l’Assistant Compatibilité des programmes
    Name: PlugPlay
    displayname: Plug-and-Play
    Name: PolicyAgent
    displayname: Agent de stratégie IPsec
    Name: ProfSvc
    displayname: Service de profil utilisateur
    Name: RasMan
    displayname: Gestionnaire de connexions d'accès distant
    Name: RpcSs
    displayname: Appel de procédure distante (RPC)
    Name: SamSs
    displayname: Gestionnaire de comptes de sécurité
    Name: Schedule
    displayname: Planificateur de tâches
    Name: seclogon
    displayname: Ouverture de session secondaire
    Name: SENS
    displayname: Service de notification d’événements système
    Name: ShellHWDetection
    displayname: Détection matériel noyau
    Name: slsvc
    displayname: Licence du logiciel
    Name: Spooler
    displayname: Spouleur d'impression
    Name: SSDPSRV
    displayname: Découverte SSDP
    Name: stisvc
    displayname: Acquisition d'image Windows (WIA)
    Name: SysMain
    displayname: Superfetch
    Name: TapiSrv
    displayname: Téléphonie
    Name: TeamViewer4
    displayname: TeamViewer 4
    Name: TermService
    displayname: Services Terminal Server
    Name: Themes
    displayname: Thèmes
    Name: TrkWks
    displayname: Client de suivi de lien distribué
    Name: upnphost
    displayname: Hôte de périphérique UPnP
    Name: UxSms
    displayname: Gestionnaire de sessions du Gestionnaire de fenêtrage
    Name: W32Time
    displayname: Horloge Windows
    Name: WdiSystemHost
    displayname: Hôte système de diagnostics
    Name: WebClient
    displayname: WebClient
    Name: WinDefend
    displayname: Windows Defender
    Name: Winmgmt
    displayname: Infrastructure de gestion Windows
    Name: Wlansvc
    displayname: Service de configuration automatique WLAN
    Name: WMPNetworkSvc
    displayname: Service Partage réseau du Lecteur Windows Media
    Name: WPDBusEnum
    displayname: Service Énumérateur d’appareil mobile
    Name: wscsvc
    displayname: Centre de sécurité
    Name: WSearch
    displayname: Recherche Windows
    Name: wuauserv
    displayname: Windows Update
    Name: wudfsvc
    displayname: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur
    0
  4. Utilisateur anonyme
     
    ok alors quand ad aware les as dectecter normalement tu a au bout des ligne RECOMMANDER tu laisse et tu clic sur le rond vert
    0
    1. zlouffi
       
      ok Merci à vous.

      En fait ces simples manip. ont réglé les soucis. Plus de fenetre pub, plus de client GUI etc ...

      Merci à vous.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    de rien bonne journéé
    0