suspiscion d'infection sous vista

Question

Bonjour,

Depuis quelques jours, mon portable tourne moins bien. parfois IE ne répond plus ou d'autre prog.
J'ai installé firefox à l'instant, mais je ne pense pas que ça va changer quoi que ce soit.
Au démarrage, j'ai depuis quelques jours (merci emule) client UGI qui m'ennuie au démarrage, et régulièrement une fenêtre Ad from Mobiswing polue mon surf.

Je vous serai bien reconnaissant de me filer les tuyaux à suivre svp !

Je suis allé à cette adresse http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr, qui m'envoie maintenant vers vous pour poster le rapport.

voici ces dits rapports : (pour info, j'ai lancer l'analyse alors que Create DVD Menu tournait.... je sais, désolé..lol )

Logfile of random's system information tool 1.06 (written by random/random)
Run by fsc at 2009-06-30 15:23:07
Microsoft® Windows Vista™ Édition Familiale Premium  
System drive C: has 30 GB (31%) free of 94 GB
Total RAM: 2046 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:19, on 30/06/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32undll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Secured eMule\secp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32undll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
D:\eMule\emule.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Free DVD Creator\dvdcreator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Free DVD Creator\dvdplay.dll
C:\Users\fsc\Downloads\RSIT(4).exe
C:\Program Files	rend micro\fsc.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3351976751-2110638505-1580277848-500\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrateur')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\aspirateur_WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\aspirateur_WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\UltraVNC\winvnc.exe (file missing)

Utilisateur anonyme · Answer

nétoi ton ordi avec glary utility ou CCleaner et fait un scan complet avec ton anti virus

Utilisateur anonyme · Answer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c731cd-c79c-11dd-9625-00140b40c709}]
shell\AutoRun\command - G:\bbcauto.exe


2009-06-25 20:28:21 ----A---- C:\Windows\IsUn040c.exe
2009-06-23 22:34:29 ----A---- C:\Windows\_MSRSTRT.EXE
2009-06-23 21:58:57 ----D---- C:\Windows\793CFFC9A72F431D9C742E9361E67D04.TMP 
2009-06-22 16:43:49 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-06-22 16:43:48 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-06-22 16:43:48 ----A---- C:\Windows\system32\ff_vfw.dll
2009-06-22 16:43:47 ----D---- C:\Program Files\ffdshow 

Cela n'a pas l'air très net

zlouffi · Answer

Je donne le scan ad-aware après ccleaner !

Logfile created: 30/06/2009 16:43:7
Lavasoft Ad-Aware version: 8.0.6
Extended engine version: 8.1
User performing scan: fsc

*********************** Definitions database information ***********************
Lavasoft definition file: 148.56
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Analyse astucieuse  (ID: smart)
Objects scanned: 36204
Objects detected: 36


Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        0
Folders.........:        0
LSPs............:        0
Cookies.........:       36
Browser hijacks.:        0
MRU objects.....:        0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
Description: *adviva* Family Name: Cookies Clean status: Success Item ID: 409016 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
Description: *weborama* Family Name: Cookies Clean status: Success Item ID: 408955 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
Description: *adviva* Family Name: Cookies Clean status: Success Item ID: 409016 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
Description: *weborama* Family Name: Cookies Clean status: Success Item ID: 408955 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0

Scan and cleaning complete: Finished correctly after 129 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Analyse astucieuse
  ID: scancriticalareas, enabled:1, value: true
  ID: scanrunningapps, enabled:1, value: true
  ID: scanregistry, enabled:1, value: true
  ID: scanlsp, enabled:1, value: true
  ID: scanads, enabled:1, value: false
  ID: scanhostsfile, enabled:1, value: false
  ID: scanmru, enabled:1, value: false
  ID: scanbrowserhijacks, enabled:1, value: true
  ID: scantrackingcookies, enabled:1, value: true
    ID: closebrowsers, enabled:1, value: false
  ID: folderstoscan, enabled:1, value: 
  ID: usespywareheuristics, enabled:1, value: true
  ID: extendedengine, enabled:0, value: true
    ID: useheuristics, enabled:0, value: true
      ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
  ID: filescanningoptions, enabled:1
    ID: scanrootkits, enabled:1, value: true
    ID: archives, enabled:1, value: false
    ID: onlyexecutables, enabled:1, value: true
    ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
  ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily, enabled:1, value: Daily
      ID: time, enabled:1, value: Thu Apr 30 22:06:00 2009
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly, enabled:1, value: Weekly
      ID: time, enabled:1, value: Thu Apr 30 22:06:00 2009
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: true
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: true
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: processprotection, enabled:1, value: true
  ID: registryprotection, enabled:0, value: true
  ID: networkprotection, enabled:0, value: true
  ID: usespywareheuristics, enabled:0, value: true
  ID: extendedengine, enabled:0, value: true
    ID: useheuristics, enabled:0, value: true
      ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: PZLOUFFI
Processor name: AMD Turion(tm) 64 Mobile Technology MK-38
Processor identifier: x86 Family 15 Model 76 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19458, number of processors 1
Physical memory available: 1076977664 bytes
Physical memory total: 2145714176 bytes
Virtual memory available: 2024751104 bytes
Virtual memory total: 2147352576 bytes
Memory load: 49%
Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Windows startup mode:

Running processes:
PID: 400 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: AUTORITE NT
PID: 480 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: AUTORITE NT
PID: 528 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: AUTORITE NT
PID: 536 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: AUTORITE NT
PID: 584 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: AUTORITE NT
PID: 612 name: C:\Windows\System32\services.exe owner: SYSTEM domain: AUTORITE NT
PID: 628 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: AUTORITE NT
PID: 636 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: AUTORITE NT
PID: 788 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 860 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 888 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1028 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1056 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1072 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1164 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1184 name: C:\Windows\System32\SLsvc.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1228 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1348 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1456 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT
PID: 1548 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT
PID: 1572 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: AUTORITE NT
PID: 1584 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 272 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: AUTORITE NT
PID: 340 name: C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE owner: SYSTEM domain: AUTORITE NT
PID: 436 name: C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe owner: SYSTEM domain: AUTORITE NT
PID: 780 name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1748 name: D:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe owner: SYSTEM domain: AUTORITE NT
PID: 856 name: C:\Windows\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1204 name: C:\Windows\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1980 name: C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe owner: SYSTEM domain: AUTORITE NT
PID: 1244 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: AUTORITE NT
PID: 2128 name: C:\Windows\System32\WUDFHost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 2444 name: C:\Windows\System32	askeng.exe owner: SYSTEM domain: AUTORITE NT
PID: 2452 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT
PID: 2524 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: AUTORITE NT
PID: 3288 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 2736 name: C:\Windows\System32	askeng.exe owner: fsc domain: PZLOUFFI
PID: 2572 name: C:\Windows\System32\dwm.exe owner: fsc domain: PZLOUFFI
PID: 2900 name: C:\Windows\System32undll32.exe owner: fsc domain: PZLOUFFI
PID: 608 name: C:\Program Files\Apoint2K\Apoint.exe owner: fsc domain: PZLOUFFI
PID: 2988 name: C:\Program Files\Power Manager\PM.exe owner: fsc domain: PZLOUFFI
PID: 2720 name: C:\Windows\BisonCam\BisonAPP.exe owner: fsc domain: PZLOUFFI
PID: 2984 name: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe owner: fsc domain: PZLOUFFI
PID: 2036 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: fsc domain: PZLOUFFI
PID: 2276 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: fsc domain: PZLOUFFI
PID: 1900 name: D:\Program Files\Secured eMule\secp.exe owner: fsc domain: PZLOUFFI
PID: 3076 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: fsc domain: PZLOUFFI
PID: 3160 name: C:\Windows\System32undll32.exe owner: fsc domain: PZLOUFFI
PID: 3692 name: C:\Program Files\Apoint2K\ApMsgFwd.exe owner: fsc domain: PZLOUFFI
PID: 3904 name: C:\Program Files\Apoint2K\ApntEx.exe owner: fsc domain: PZLOUFFI
PID: 1268 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: fsc domain: PZLOUFFI
PID: 1692 name: C:\Windows\explorer.exe owner: fsc domain: PZLOUFFI
PID: 5600 name: C:\Program Files\Windows Media Player\wmplayer.exe owner: fsc domain: PZLOUFFI
PID: 5728 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: fsc domain: PZLOUFFI
PID: 2408 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: fsc domain: PZLOUFFI

Startup items:
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: NvSvc
          imagepath: RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
Name: NvCplDaemon
          imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
          imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Apoint
          imagepath: C:\Program Files\Apoint2K\Apoint.exe
Name: PowerManager
          imagepath: C:\Program Files\Power Manager\PM.exe
Name: BisonAPP
          imagepath: C:\Windows\BisonCam\BisonAPP.exe
Name: RtHDVCpl
          imagepath: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Name: avgnt
          imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: MSConfig
          imagepath: "C:\Windows\system32\msconfig.exe" /auto
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
          imagepath: Component Categories cache daemon
Name: 
          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name: 
          imagepath: autocheck autochk *
Name: 
          imagepath: lsdelete

Running services:
Name: AeLookupSvc
          displayname: Expérience d’application
Name: AntiVirSchedulerService
          displayname: Avira AntiVir Planificateur
Name: AntiVirService
          displayname: Avira AntiVir Guard
Name: Appinfo
          displayname: Informations d'application
Name: AudioEndpointBuilder
          displayname: Générateur de points de terminaison du service Audio Windows
Name: Audiosrv
          displayname: Audio Windows
Name: BFE
          displayname: Moteur de filtrage de base
Name: BITS
          displayname: Service de transfert intelligent en arrière-plan
Name: Browser
          displayname: Explorateur d'ordinateurs
Name: CryptSvc
          displayname: Services de chiffrement
Name: DcomLaunch
          displayname: Lanceur de processus serveur DCOM
Name: Dhcp
          displayname: Client DHCP
Name: Dnscache
          displayname: Client DNS
Name: DPS
          displayname: Service de stratégie de diagnostic
Name: EapHost
          displayname: Protocole EAP (Extensible Authentication Protocol)
Name: EPSON_PM_RPCV4_01
          displayname: EPSON V3 Service4(01)
Name: Eventlog
          displayname: Journal d’événements Windows
Name: EventSystem
          displayname: Système d'événement COM+
Name: fdPHost
          displayname: Hôte du fournisseur de découverte de fonctions
Name: FDResPub
          displayname: Publication des ressources de découverte de fonctions
Name: FTRTSVC
          displayname: France Telecom Routing Table Service
Name: gpsvc
          displayname: Client de stratégie de groupe
Name: IKEEXT
          displayname: Modules de génération de clés IKE et AuthIP
Name: iphlpsvc
          displayname: Assistance IP
Name: KeyIso
          displayname: Isolation de clé CNG
Name: KtmRm
          displayname: Service KtmRm pour Distributed Transaction Coordinator
Name: LanmanServer
          displayname: Serveur
Name: LanmanWorkstation
          displayname: Station de travail
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service
Name: lmhosts
          displayname: Assistance NetBIOS sur TCP/IP
Name: MMCSS
          displayname: Planificateur de classes multimédias
Name: MpsSvc
          displayname: Pare-feu Windows
Name: napagent
          displayname: Agent de protection d’accès réseau
Name: Netman
          displayname: Connexions réseau
Name: netprofm
          displayname: Service Liste des réseaux
Name: NetTcpPortSharing
          displayname: Service de partage de ports Net.Tcp
Name: NlaSvc
          displayname: Connaissance des emplacements réseau
Name: NMSAccessU
          displayname: NMSAccessU
Name: nsi
          displayname: Service Interface du magasin réseau
Name: PcaSvc
          displayname: Service de l’Assistant Compatibilité des programmes
Name: PlugPlay
          displayname: Plug-and-Play
Name: PolicyAgent
          displayname: Agent de stratégie IPsec
Name: ProfSvc
          displayname: Service de profil utilisateur
Name: RasMan
          displayname: Gestionnaire de connexions d'accès distant
Name: RpcSs
          displayname: Appel de procédure distante (RPC)
Name: SamSs
          displayname: Gestionnaire de comptes de sécurité
Name: Schedule
          displayname: Planificateur de tâches
Name: seclogon
          displayname: Ouverture de session secondaire
Name: SENS
          displayname: Service de notification d’événements système
Name: ShellHWDetection
          displayname: Détection matériel noyau
Name: slsvc
          displayname: Licence du logiciel
Name: Spooler
          displayname: Spouleur d'impression
Name: SSDPSRV
          displayname: Découverte SSDP
Name: stisvc
          displayname: Acquisition d'image Windows (WIA)
Name: SysMain
          displayname: Superfetch
Name: TapiSrv
          displayname: Téléphonie
Name: TeamViewer4
          displayname: TeamViewer 4
Name: TermService
          displayname: Services Terminal Server
Name: Themes
          displayname: Thèmes
Name: TrkWks
          displayname: Client de suivi de lien distribué
Name: upnphost
          displayname: Hôte de périphérique UPnP
Name: UxSms
          displayname: Gestionnaire de sessions du Gestionnaire de fenêtrage
Name: W32Time
          displayname: Horloge Windows
Name: WdiSystemHost
          displayname: Hôte système de diagnostics
Name: WebClient
          displayname: WebClient
Name: WinDefend
          displayname: Windows Defender
Name: Winmgmt
          displayname: Infrastructure de gestion Windows
Name: Wlansvc
          displayname: Service de configuration automatique WLAN
Name: WMPNetworkSvc
          displayname: Service Partage réseau du Lecteur Windows Media
Name: WPDBusEnum
          displayname: Service Énumérateur d’appareil mobile
Name: wscsvc
          displayname: Centre de sécurité
Name: WSearch
          displayname: Recherche Windows
Name: wuauserv
          displayname: Windows Update
Name: wudfsvc
          displayname: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur

Utilisateur anonyme · Answer

ok alors quand ad aware les as dectecter normalement tu a au bout des ligne   RECOMMANDER tu laisse et tu clic sur le rond vert

Utilisateur anonyme · Answer

de rien bonne journéé

Suspiscion d'infection sous vista

5 réponses

Discussions similaires

Newsletters