Aller au contenu

dynatek

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    32

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par dynatek

  1. dynatek
    Je ne trouve pas le fichier Combofix.exe Faut il que je le telecharge à nouveau ?
  2. dynatek
    Voici le rapportde Combo ComboFix 09-02-21.01 - 007 2009-02-22 16:42:30.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1320 [GMT 1:00] Lancé depuis: c:\users\007\Downloads\plop.exe AV: avast! antivirus 4.8.1229 [VPS 081112-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\gaopdxcounter D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 )))))))))))))))))))))))))))))))))))) . 2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\All Users\Malwarebytes 2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\007\AppData\Roaming\Malwarebytes 2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\programdata\Malwarebytes 2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-22 16:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-22 16:18 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- C:\rsit 2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- c:\program files\trend micro 2009-02-12 07:33 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-02-12 07:33 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-02-12 07:33 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-02-12 07:33 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-12 07:33 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-02-12 07:33 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-02-12 07:33 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-02-12 07:33 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-02-12 07:22 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-02-12 07:22 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-02-12 07:22 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-02-12 07:22 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-02-12 07:22 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-02-11 20:42 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-11 20:42 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-11 20:42 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-11 20:42 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-11 20:42 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-11 07:02 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 07:02 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-10 18:07 . 2009-02-10 18:07 <REP> d-------- c:\users\007\AppData\Roaming\World-LooM 2009-02-04 13:00 . 2009-02-04 13:00 <REP> d-------- c:\users\007\AppData\Roaming\GameInvest 2009-02-03 11:55 . 2009-02-03 11:55 <REP> d-------- c:\users\007\AppData\Roaming\YoudaGames 2009-01-28 18:32 . 2009-01-28 18:33 <REP> d-------- c:\program files\Shareaza 2009-01-28 15:41 . 2009-01-28 15:41 <REP> d-------- c:\users\007\AppData\Roaming\Boomzap . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 15:46 84,711 ----a-w c:\windows\system32\drivers\stwrte.log 2009-02-12 11:10 --------- d-----w c:\program files\Windows Mail 2009-02-12 06:54 --------- d-----w c:\programdata\Microsoft Help 2009-02-10 20:41 --------- d---a-w c:\programdata\TEMP 2009-02-10 17:04 --------- d-----w c:\program files\Oberon Media 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-02-05 19:03 --------- d-----w c:\programdata\Roxio 2009-02-03 15:55 --------- d-----w c:\users\007\AppData\Roaming\iWin 2009-02-03 15:54 --------- d-----w c:\users\007\AppData\Roaming\Zylom 2009-01-28 16:10 --------- d-----w c:\program files\M6 Jeux 2009-01-28 11:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-28 11:41 --------- d-----w c:\program files\Orange 2009-01-27 15:06 --------- d-----w c:\program files\BoontyGames 2009-01-03 09:58 --------- d-----w c:\programdata\eMule 2008-07-02 08:33 174 --sha-w c:\program files\desktop.ini 2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-11-14 16:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-11-23 77824] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544] "PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\System32\ico.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-10-09 19:56 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-10-09 19:57 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] --a------ 2007-05-25 07:03 17920 c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe] --a------ 2007-04-26 12:03 74672 c:\program files\Lexmark X1100 Series\LXBKbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 13:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon] --a------ 2006-11-08 16:01 49152 c:\windows\System32\ico.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-09-24 10:41 4452352 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{110C98B4-E267-4BF9-B5A0-F0363DE8A894}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B126F1A0-7B2A-4579-B43E-E2D6633E073A}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{88091847-1AC6-4AB9-980E-C454D0CE3FD0}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System "{FA83E195-2EC4-424F-9346-CBF266A641DE}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "{B9C507D5-62EF-499C-8D79-71A373621B38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window "TCP Query User{9A5AF0D4-1CE7-4491-AA6C-520042186D81}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{96F4609A-1456-44D6-9E70-6D2E0294B513}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3EC0DE3F-B0C1-46C3-A609-EB556F879473}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{52CE4FD7-F66D-4903-B190-BCB20A773034}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "TCP Query User{41DBEA7D-281F-424C-AD91-D6CCFE774336}c:\\program files\\palm\\hotsync.exe"= UDP:c:\program files\palm\hotsync.exe:HotSync® Manager Application "UDP Query User{9C48CA53-08EF-4D3C-9996-31DCB08F94ED}c:\\program files\\palm\\hotsync.exe"= TCP:c:\program files\palm\hotsync.exe:HotSync® Manager Application "TCP Query User{67954C02-B91A-48C1-9EBC-DA5C08EF5FE5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{A983FA1E-CB8E-4722-8489-B524CBB7C146}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{F0321945-F46A-4BE6-8D49-B125F91BD033}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "UDP Query User{7BAF0931-D657-4C39-BF89-A0B236F135D0}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-04 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-04 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-12-08 51792] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?] R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2007-11-23 18432] R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2007-11-23 19008] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2007-11-29 28224] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6a2908-99f8-11dc-a21f-806e6f6e6963}] \shell\AutoRun\command - E:\go.exe autorun.hta [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace8ce6b-a639-11dc-9b36-001aa05f868a}] \shell\AutoRun\command - J:\setupSNK.exe . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: gouv.fr\inscriptionpart.impots FF - ProfilePath - c:\users\007\AppData\Roaming\Mozilla\Firefox\Profiles\nm1g2uof.default\ FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\users\007\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 16:47:29 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\windows\System32\lxbkcoms.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\conime.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\pmxmiced.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-02-22 16:52:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-22 15:52:43 Avant-CF: 191 802 679 296 octets libres Après-CF: 191,716,569,088 octets libres 207 --- E O F --- 2009-02-20 06:01:36
  3. dynatek
    J'ai tout de même (sans mise à jour du logiciel ) fais une analyse Voici le resultat alwarebytes' Anti-Malware 1.34 Version de la base de données: 1749 Windows 6.0.6001 Service Pack 1 22/02/2009 16:29:34 mbam-log-2009-02-22 (16-29-34).txt Type de recherche: Examen rapide Eléments examinés: 58306 Temps écoulé: 3 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\drivers\gaopdxirelewvi.sys (Trojan.Agent) -> Quarantined and deleted successfully.
  4. dynatek
    Comment faire pour autoriser une mise à jour? Je desactive Avast + le pare feu est il m'indique toujours que je ne peux pas acceder à internet
  5. dynatek
    Ci dessous les deux rapports Rapport du log Logfile of random's system information tool 1.05 (written by random/random) Run by 007 at 2009-02-22 14:48:39 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 185 GB (81%) free of 228 GB Total RAM: 2046 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:49:08, on 22/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\OrangeHSS\Systray\SystrayApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\ico.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\Pmxmiced.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\007\Downloads\RSIT.exe C:\Program Files\trend micro\007.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7086 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-23 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-23 2583352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-11-23 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-11-23 2583352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "SunJavaUpdateSched"=c:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-11-23 77824] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920] ""= [] "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2006-12-12 90112] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544] "PMX Daemon"=C:\Windows\system32\ICO.EXE [2006-11-08 49152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-10-09 202544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [2008-01-19 125952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2007-04-26 74672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon] C:\Windows\system32\ICO.EXE [2006-11-08 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-09-24 4452352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] C:\PROGRA~1\Palm\Hotsync.exe [2007-06-07 1392640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6a2908-99f8-11dc-a21f-806e6f6e6963}] shell\AutoRun\command - E:\go.exe autorun.hta [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace8ce6b-a639-11dc-9b36-001aa05f868a}] shell\AutoRun\command - J:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2009-02-22 14:48:41 ----D---- C:\Program Files\trend micro 2009-02-22 14:48:39 ----D---- C:\rsit 2009-02-20 19:06:41 ----D---- C:\RECYCLER 2009-02-12 07:33:54 ----A---- C:\Windows\system32\infocardapi.dll 2009-02-12 07:33:52 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-02-12 07:33:51 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-02-12 07:33:51 ----A---- C:\Windows\system32\icardres.dll 2009-02-12 07:33:51 ----A---- C:\Windows\system32\icardagt.exe 2009-02-12 07:33:47 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-02-12 07:33:43 ----A---- C:\Windows\system32\PresentationHost.exe 2009-02-12 07:22:59 ----A---- C:\Windows\system32\dfshim.dll 2009-02-12 07:22:55 ----A---- C:\Windows\system32\mscoree.dll 2009-02-12 07:22:54 ----A---- C:\Windows\system32\netfxperf.dll 2009-02-12 07:22:37 ----A---- C:\Windows\system32\mscorier.dll 2009-02-12 07:22:32 ----A---- C:\Windows\system32\mscories.dll 2009-02-11 20:42:14 ----A---- C:\Windows\system32\EncDec.dll 2009-02-11 20:42:12 ----A---- C:\Windows\system32\psisdecd.dll 2009-02-11 07:02:51 ----A---- C:\Windows\system32\mshtml.dll 2009-02-11 07:02:50 ----A---- C:\Windows\system32\ieframe.dll 2009-02-11 07:02:49 ----A---- C:\Windows\system32\urlmon.dll 2009-02-11 07:02:48 ----A---- C:\Windows\system32\wininet.dll 2009-02-11 07:02:48 ----A---- C:\Windows\system32\msfeeds.dll 2009-02-11 07:02:47 ----A---- C:\Windows\system32\mstime.dll 2009-02-11 07:02:47 ----A---- C:\Windows\system32\iertutil.dll 2009-02-11 07:02:46 ----A---- C:\Windows\system32\jsproxy.dll 2009-02-10 18:07:43 ----D---- C:\Users\007\AppData\Roaming\World-LooM 2009-02-04 13:00:04 ----D---- C:\Users\007\AppData\Roaming\GameInvest 2009-02-03 11:55:16 ----D---- C:\Users\007\AppData\Roaming\YoudaGames 2009-01-28 18:32:55 ----D---- C:\Program Files\Shareaza 2009-01-28 15:41:09 ----D---- C:\Users\007\AppData\Roaming\Boomzap ======List of files/folders modified in the last 1 months====== 2009-02-22 14:49:01 ----D---- C:\Windows\Temp 2009-02-22 14:48:41 ----D---- C:\Program Files 2009-02-22 14:28:27 ----D---- C:\Windows\Prefetch 2009-02-22 13:40:11 ----D---- C:\Windows\System32 2009-02-22 13:40:11 ----D---- C:\Windows\inf 2009-02-22 13:40:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-02-22 12:25:58 ----D---- C:\Windows\system32\drivers 2009-02-22 10:57:40 ----D---- C:\Windows 2009-02-21 18:16:07 ----SHD---- C:\System Volume Information 2009-02-19 06:53:48 ----SHD---- C:\Windows\Installer 2009-02-19 06:53:48 ----RSD---- C:\Windows\assembly 2009-02-18 20:44:07 ----D---- C:\Windows\system32\LogFiles 2009-02-18 20:44:07 ----D---- C:\Windows\Debug 2009-02-12 12:30:07 ----D---- C:\Windows\Microsoft.NET 2009-02-12 12:29:15 ----D---- C:\Windows\rescache 2009-02-12 12:23:54 ----D---- C:\Windows\winsxs 2009-02-12 12:13:46 ----D---- C:\Windows\system32\catroot 2009-02-12 12:10:13 ----D---- C:\Windows\ehome 2009-02-12 12:10:10 ----D---- C:\Program Files\Windows Mail 2009-02-12 12:10:01 ----D---- C:\Windows\system32\fr-FR 2009-02-12 12:09:36 ----D---- C:\Windows\system32\XPSViewer 2009-02-12 12:09:36 ----D---- C:\Windows\system32\en-US 2009-02-12 12:09:35 ----D---- C:\Windows\system32\wbem 2009-02-12 07:54:06 ----D---- C:\ProgramData\Microsoft Help 2009-02-12 07:52:29 ----D---- C:\Windows\system32\catroot2 2009-02-10 21:41:56 ----AD---- C:\ProgramData\TEMP 2009-02-10 18:04:42 ----D---- C:\Program Files\Oberon Media 2009-02-06 20:20:54 ----D---- C:\temp 2009-02-05 22:11:35 ----A---- C:\Windows\system32\aswBoot.exe 2009-02-05 20:03:05 ----D---- C:\ProgramData\Roxio 2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe 2009-02-03 16:55:08 ----D---- C:\Users\007\AppData\Roaming\iWin 2009-02-03 16:54:58 ----D---- C:\Users\007\AppData\Roaming\Zylom 2009-02-03 16:54:58 ----D---- C:\Users\007\AppData\Roaming\Identities 2009-02-03 16:54:53 ----HD---- C:\ProgramData 2009-02-02 20:02:24 ----D---- C:\Windows\system32\WDI 2009-01-28 17:10:58 ----D---- C:\Program Files\M6 Jeux 2009-01-28 12:41:12 ----D---- C:\Program Files\Orange 2009-01-28 12:41:11 ----HD---- C:\Program Files\InstallShield Installation Information 2009-01-27 16:06:32 ----D---- C:\Program Files\BoontyGames 2009-01-26 17:40:57 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-20 2930176] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-24 1776480] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112] R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] R3 pmxmouse;PMXMOUSE; C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432] R3 pmxusblf;PMXUSBLF; C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008] R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-03-19 16640] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-26 474304] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-20 2930176] S3 STHDA;IDT HDMI; C:\Windows\system32\DRIVERS\stwrt.sys [2007-09-05 348160] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-20 610304] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344] R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-04-26 537520] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 202544] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744] S2 STacSV;Audio Service; C:\Windows\system32\STacSV.exe [2007-09-05 204800] S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-07-09 69120] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-23 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- Rapport info info.txt logfile of random's system information tool 1.05 2009-02-22 14:49:13 ======Uninstall list====== -->C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} AnumanLive-->"C:\Users\007\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe" /UNINSTALL Appartement et agencement 3D-->"C:\Program Files\Anuman Interactive\DECO\Appartement et agencement 3D\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x40c avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} EA SPORTS Rugby 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38420AB3-8788-4DA2-A296-E8B6F328876F}\setup.exe" -l0x40c Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Guide de l'utilisateur-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Guide de mise en route Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Lexmark X1100 Series-->C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mouse Suite for Desktop Computers-->C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe -runfromtemp -l0x040c -removeonly Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376} Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove Orange Preload-->MsiExec.exe /I{38496EC2-78B7-412A-9398-FC6B7DB8E182} Palm Desktop 6.2 for Windows -->MsiExec.exe /X{CEE9A021-A79C-462F-9F47-4BE718452FF1} QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036 Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe" Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2} VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081112-0] AS: Windows Defender AS: avast! antivirus 4.8.1229 [VPS 081112-0] System event log Computer Name: PC-de-007 Event Code: 7036 Message: Le service Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration est entré dans l'état : arrêté. Record Number: 208534 Source Name: Service Control Manager Time Written: 20090222124804.000000-000 Event Type: Information User: Computer Name: PC-de-007 Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté. Record Number: 208535 Source Name: Service Control Manager Time Written: 20090222125157.000000-000 Event Type: Information User: Computer Name: PC-de-007 Event Code: 4 Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible. Record Number: 208536 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20090222133835.000000-000 Event Type: Avertissement User: Computer Name: PC-de-007 Event Code: 4 Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible. Record Number: 208537 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20090222133909.000000-000 Event Type: Avertissement User: Computer Name: PC-de-007 Event Code: 4 Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible. Record Number: 208538 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20090222133909.000000-000 Event Type: Avertissement User: Application event log Computer Name: PC-de-007 Event Code: 1 Message: Le service Centre de sécurité Windows a démarré. Record Number: 27879 Source Name: SecurityCenter Time Written: 20090222123611.000000-000 Event Type: Information User: Computer Name: PC-de-007 Event Code: 1000 Message: Application défaillante SystrayApp.exe, version 1.0.29.47, horodatage 0x457ef1fa, module défaillant SystrayApp.exe, version 1.0.29.47, horodatage 0x457ef1fa, code d’exception 0xc0000005, décalage d’erreur 0x00001b6a, ID du processus 0x5d4, heure de début de l’application 0x01c994e9fac9d48c. Record Number: 27880 Source Name: Application Error Time Written: 20090222123711.000000-000 Event Type: Erreur User: Computer Name: PC-de-007 Event Code: 1001 Message: Récipient d’erreurs 362947157, type 1 Événement : APPCRASH Réponse : http://oca.microsoft.com/resredir.aspx?SID...ucket=362947157 ID de CAB : 0 Signature du problème : P1 : SystrayApp.exe P2 : 1.0.29.47 P3 : 457ef1fa P4 : SystrayApp.exe P5 : 1.0.29.47 P6 : 457ef1fa P7 : c0000005 P8 : 00001b6a P9 : P10 : Fichiers joints : C:\Users\007\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report08ee8d41\WER8239.tmp.version.txt C:\Users\007\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report08ee8d41\WER824A.tmp.appcompat.txt C:\Users\007\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report08ee8d41\WER825A.tmp.hdmp C:\Users\007\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report08ee8d41\WER8BEC.tmp.mdmp Ces fichiers sont peut-être disponibles ici : C:\Users\007\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report090e907b Record Number: 27881 Source Name: Windows Error Reporting Time Written: 20090222123715.000000-000 Event Type: Information User: Computer Name: PC-de-007 Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 27882 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090222124011.000000-000 Event Type: Information User: Computer Name: PC-de-007 Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement dans la section des données contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 27883 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090222124012.000000-000 Event Type: Information User: Security event log Computer Name: PC-de-007 Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 37446 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090222134905.976775-000 Event Type: Échec de l'audit User: Computer Name: PC-de-007 Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 37447 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090222134906.021775-000 Event Type: Échec de l'audit User: Computer Name: PC-de-007 Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 37448 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090222134906.064775-000 Event Type: Échec de l'audit User: Computer Name: PC-de-007 Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 37449 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090222134906.121775-000 Event Type: Échec de l'audit User: Computer Name: PC-de-007 Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 37450 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090222134906.167775-000 Event Type: Échec de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=4303 "NUMBER_OF_PROCESSORS"=2 "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "CLASSPATH"=.; -----------------EOF-----------------
  6. dynatek
    Scan selon hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:53, on 22/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\OrangeHSS\Systray\SystrayApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\ico.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\Pmxmiced.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Users\007\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=4071124 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6669 bytes
  7. dynatek
    bonjour, Je possède un ordinateur sous vista familial premium. Avast comme anti virus. A la connexion internet, le pare-feu windows se desactive + Avast me detecte un trojan win32: fasec. Apres analyse par avast, je demande une supression --> opération accomplie Deuxième demarrage, de nouveau une alerte par avast--> je demande ce coup ci une mise en quarantaine. Troisième demarrage--> idem, toujours le virus Je n'arrive pas à le supprimer. Symptome: re direction vers des site non desiré ! Desactivation du pare feu windows Alertes d'avast. J'ai lu en preambule les aides du forum, j'ai tout de même laissé Avast sur l'ordi, j'ai telechargé hij.. Pouvez vous m'aider SVP.
×
×
  • Créer...