Virus je suis perdue qui peut m aider svp?

Utilisateur anonyme -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
bonjour je ne sais plus quoi faire mon ordinateur est trop lent et jai encore choppé un virus tout a l heure (avast ma averti )
jai supprimé le fichier contaminé mais ca rame tjr autant je vous post le scan si quelqun peut m aider un peu merci beaucoup d avance

ogfile of HijackThis v1.99.1
Scan saved at 17:06:12, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb100\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb100\Dealio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb100\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
Configuration: Windows XP
Internet Explorer 7.0

33 réponses

  • 1
  • 2
  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    qu'as tu supprimé exactement ?
    0
  2. Utilisateur anonyme
     
    bein en fait je sais pas du tout un fichier contaminé attend je vais regardé dans mon historique pour essayer de te dire ca
    mais mon ordi ramé bien avant ce virus jai tout essayée
    ccleaner
    easy cleaner
    scan avec bit defender
    jai effacé tout mes point de restauration system je sais plus quoi faire la
    ya til quelque chose d anormal dans mon scan ?????????????????????
    je ny comprend rien
    merci encore
    0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    non justement rien d'anormal dans ton scan.

    0
  4. Utilisateur anonyme
     
    09/07/2007 22:14:44 SYSTEM 1072 Sign of "Win32:CTX" has been found in "HTTP://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL" file.
    09/07/2007 22:15:38 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET24.tmp" file.
    09/07/2007 22:16:51 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET25.tmp" file.
    09/07/2007 22:16:56 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.
    06/11/2007 21:40:31 jérome Roussel 1568 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.
    05/12/2007 13:38:09 jérome Roussel 1780 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.
    04/01/2008 15:43:00 jérome Roussel 1120 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\CannaScripTV2\dll\moo.$$A" file.

    JAI retrouvé ca sur avast
    cannascripttv2 cest ce qui ma apportée le virus
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

    c'est scan panda avec avast. Incompatibilité d'humeur, rien d'infectieux

    quant à

    04/01/2008 15:43:00 jérome Roussel 1120 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\CannaScripTV2\dll\moo.$$A" file.


    cela ne me cause pas du tout.
    on va creuser un peu

    * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal)

    Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd(le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.

    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

    0
  7. Utilisateur anonyme
     
    ca scan la merci je te post des que ca arrive
    0
  8. Utilisateur anonyme
     
    voila

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 04/01/2008 à 17:38:52,85

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->04/01/2008 17:38:30
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->04/01/2008 17:38:13
    C:\WINDOWS\prefetch\SIGCHECK.EXE-0D595D24.pf -->04/01/2008 17:37:56
    C:\WINDOWS\prefetch\GREP.EXE-1E51A37E.pf -->04/01/2008 17:37:56
    C:\WINDOWS\prefetch\LFILES.EXE-22F72A9E.pf -->04/01/2008 17:36:26
    C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->04/01/2008 17:35:24
    C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->04/01/2008 17:34:19
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->04/01/2008 17:24:35
    C:\WINDOWS\prefetch\ASHCHEST.EXE-0FED8209.pf -->04/01/2008 17:22:04
    C:\WINDOWS\prefetch\ASHSIMPL.EXE-14F851AB.pf -->04/01/2008 17:21:45

    C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
    C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
    C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
    C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
    C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\PxHelp20.sys -->02/07/2007 20:41:10

    C:\WINDOWS\System32\wpa.dbl -->03/01/2008 18:41:17
    C:\WINDOWS\System32\CONFIG.NT -->02/01/2008 01:56:38
    C:\WINDOWS\System32\lvcoinst.log -->15/12/2007 14:58:29
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 03:02:45
    C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
    C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfh009.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfc009.dat -->31/10/2007 16:19:59
    C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 16:19:58
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\mstime.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\msrating.dll -->11/10/2007 00:49:44

    C:\WINDOWS\WindowsUpdate.log -->04/01/2008 16:00:01
    C:\WINDOWS\wiaservc.log -->04/01/2008 15:59:58
    C:\WINDOWS\wiadebug.log -->04/01/2008 15:59:58
    C:\WINDOWS\NeroDigital.ini -->04/01/2008 15:59:52
    C:\WINDOWS\SchedLgU.Txt -->03/01/2008 15:58:27
    C:\WINDOWS\win.ini -->02/01/2008 02:04:02
    C:\WINDOWS\QTFont.qfn -->23/12/2007 00:16:24
    C:\WINDOWS\Sti_Trace.log -->02/10/2007 21:08:57
    C:\WINDOWS\system.ini -->02/10/2007 18:19:20
    C:\WINDOWS\QTFont.for -->01/08/2007 22:53:14
    C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe -->24/07/2007 20:37:43
    C:\WINDOWS\StreamRipper32.INI -->14/07/2007 17:20:15
    C:\WINDOWS\sripper.ini -->14/07/2007 17:20:15
    C:\WINDOWS\ODBC.INI -->10/07/2007 20:43:30
    C:\WINDOWS\ODBCINST.INI -->10/07/2007 20:38:33

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Unsigned
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1848
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
    0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
    0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x01540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x02d80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x022a0000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
    0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
    0x028b0000 0x28000 6.00.0000.9606 C:\Program Files\JetAudio\JetFlExt.dll
    0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x01b80000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x028e0000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    0x780c0000 0x61000 6.05.2144.0000 C:\Program Files\Windows Desktop Search\msvcp60.dll
    0x02410000 0x3000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui
    0x02790000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 456
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01110000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\WINDOWS\system32

    05/08/2004 13:00 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 52 932 386 816 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\WINDOWS\Downloaded Program Files

    15/07/2007 15:25 <REP> .
    15/07/2007 15:25 <REP> ..
    13/08/2007 21:53 <REP> CONFLICT.1
    19/01/2004 18:22 65 desktop.ini
    07/06/2006 11:09 1 249 erma.inf
    10/04/2000 17:12 1 765 fhg.inf
    22/11/2006 23:22 372 736 GAME_UNO1.dll
    22/11/2006 20:50 316 GAME_UNO1.INF
    12/07/2007 03:22 1 055 jinstall-6u2.inf
    11/02/2007 22:27 490 Medialogic.INF
    29/05/2003 15:00 160 864 messengerstatsclient.dll
    22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    29/05/2003 15:00 84 064 minesweeper.dll
    29/05/2003 15:00 77 408 msgrchkr.dll
    04/12/2006 15:16 144 QTPlugin.inf
    09/11/2006 14:36 5 019 swflash.inf
    18/07/2006 14:35 151 080 ZIntro.ocx
    15 fichier(s) 1 161 961 octets

    Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

    13/08/2007 21:53 <REP> .
    13/08/2007 21:53 <REP> ..
    28/02/2007 13:21 130 472 MineSweeper.dll
    28/02/2007 13:21 131 472 msgrchkr.dll
    2 fichier(s) 261 944 octets

    Total des fichiers listés :
    17 fichier(s) 1 423 905 octets
    5 Rép(s) 52 932 382 720 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe:*:Enabled:Microsoft Update"
    "C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe"="C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe:*:Enabled:Application MFC Dames"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-04 17:39:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940246ce]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a940246ce]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG06.00.00.01WORKSTATION"="FA594A44D42F338F1C3B4B58B88412283B0BA01E46AE5405988EE60FABCD072EFD3EA23674C7754872AE9CA89AF4A8903E83878A81D834EE3EEA7A2422ECD8118AB6368BA57A781B68FB425C3B87D166124851F6C34E90CBC95DFAE0D04A350A3BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D31C71407405A148EA60C44C3E617FD548D5B468038A399F90D85587E7F6B36D06C0D69FA67D10F77D0E6F0AA7F112946167854085CEC4277AB77DE6EBF2FC9B68A92C503D17D7AEFB4E4C1796CF46CF6CC42339AF71ECD78B34EDA9FD3AA1A40BB679C654F89EC4FEBDA5B6137C3DF3D557158F2ECAD766FF045B27E17EA219B14ECE5D9D5B8449E737065080C14611F34923D47C229BC8092EFD16B8B0F9DAB8CDA9D8F7DDEA020AB200C883F11925A5508DF3D242DDE07ABB2263B534C9287813C43A40466E4C65CBB0270C57857DF0705C07060EEE60F34C6A2B3376949F6336FD93149CBB8B8ACE57B41B99CD8537A14E6EE69359CDA883CBE122245CA7BC5276A3B53218BD22A96B0F058E2058D468F5CBC56DA0E5FE5F3738625CD6647C2EA7EC2C98B092448995CEA04C78D9AE5A8AC5162CE0EC570A2C0B57309AFBF15942836FB43A9F0DA0EC28BC2D6663CB7666A95EC15B36D31D2A835E40EFD7F0E5378FB5716A2AF1B692627BD3449E5FC1F2D6AF746D7661162B19375886CD4612A896DF3E5F00C27F15080C41533C0DC810BA3AB0A19766182E65046BA5AC3A8EF76D688A7D4E500C30DD4C7C46529E20DA585D023D897D43AD65F19F66A805FCD5DF873E453D00C4F2CCFDCA0652F7A969A4D58E3BE76026294A7D72804F865C4620AB4B9339413D785153F9BFB9778C613A9D43233F4E5A936068C4752488027AFB1F0D800ACC275ED39CA3C355B121C363C7B0BE5A85F0FD54BE8E64443581AEC8DF1870DC62E924547041CE3A663E4B21EA97CC8DB316C133ABE2A0EEE799ACDAEA41D6AC8C870E93D0EE91D5968473A58DC2B110B03E8110B884A25075476039A1909744A6DA2410C35E6390A853C03EB384D3A68E082F4E96092C479BCCFC4C9054CC3945711B41CE56AD5FE0090C5CA82AD0159398B6A7706E36D68EB1E4FA9C0FA3A292B7730C4B2DE54B50364C05B27AC68F6DFA9A048DEB262AAFD2CE21B493F7BBBEA6424555142D8DE9CACB479343DB58E8C57C862718729CBF298C172BF56703203BC06109BA6CCDE3EB1E774DD6774A2DA6199C26A7D8E88B0D633F8E99144293F38CD2B8F325ECD4091250F794571684969CED99945A0547D2C06ECAED4686F516278CFCE207E78DB3C387F820640C83B66270C72A333D686B486FD9B9C0F0A4E1C071C1FBD61"

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    224 - LVCOMSX.EXE
    296 - ashDisp.exe
    432 - csrss.exe
    456 - winlogon.exe
    500 - services.exe
    512 - lsass.exe
    660 - svchost.exe
    716 - svchost.exe
    752 - svchost.exe
    788 - svchost.exe
    840 - svchost.exe
    904 - svchost.exe
    1120 - ashServ.exe
    1376 - cmd.exe
    1444 - MDM.EXE
    1480 - slmdmsr.exe
    1788 - ashMaiSv.exe
    1804 - ashWebSv.exe
    1848 - explorer.exe
    1980 - alg.exe
    2488 - msnmsgr.exe
    3176 - iexplore.exe
    3640 - usnsvc.exe

    Total number of processes = 24
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806ED000 - \WINDOWS\system32\hal.dll
    F7993000 - \WINDOWS\system32\KDCOM.DLL
    F78A3000 - \WINDOWS\system32\BOOTVID.dll
    F7443000 - ACPI.sys
    F7995000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
    F7432000 - pci.sys
    F7493000 - isapnp.sys
    F78A7000 - compbatt.sys
    F78AB000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
    F7997000 - viaide.sys
    F7713000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F7414000 - pcmcia.sys
    F74A3000 - MountMgr.sys
    F73F5000 - ftdisk.sys
    F78AF000 - ACPIEC.sys
    F7A5B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    F771B000 - PartMgr.sys
    F74B3000 - VolSnap.sys
    F73DD000 - atapi.sys
    F7368000 - iaStor.sys
    F7723000 - SiSRaid2.sys
    F7350000 - \WINDOWS\system32\drivers\SCSIPORT.SYS
    F74C3000 - viamraid.sys
    F74D3000 - disk.sys
    F74E3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F7330000 - fltMgr.sys
    F731E000 - sr.sys
    F74F3000 - PxHelp20.sys
    F730C000 - TPkd.sys
    F72F5000 - KSecDD.sys
    F72E2000 - WudfPf.sys
    F7255000 - Ntfs.sys
    F7228000 - NDIS.sys
    F7503000 - uagp35.sys
    F772B000 - viaagp1.sys
    F78B3000 - RecAgent.sys
    F720E000 - Mup.sys
    F75D3000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    F7943000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
    F718B000 - \SystemRoot\system32\DRIVERS\vtmini.sys
    F7177000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F7105000 - \SystemRoot\system32\DRIVERS\ar5211.sys
    F77A3000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F70E2000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F77AB000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F75E3000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F70B3000 - \SystemRoot\system32\DRIVERS\SynTP.sys
    F79A3000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F77B3000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F77BB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F75F3000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F7947000 - \SystemRoot\system32\drivers\pfc.sys
    F77C3000 - \SystemRoot\system32\drivers\Afc.sys
    F7603000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F7613000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F7090000 - \SystemRoot\system32\DRIVERS\ks.sys
    F6D16000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
    F6CF4000 - \SystemRoot\system32\drivers\portcls.sys
    F7633000 - \SystemRoot\system32\drivers\drmk.sys
    F6C84000 - \SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
    F794F000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
    F6C63000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
    F77CB000 - \SystemRoot\System32\Drivers\Modem.SYS
    F7B2A000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F7693000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7953000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F6C4C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F76A3000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F76B3000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F77D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F6C3B000 - \SystemRoot\system32\DRIVERS\psched.sys
    F76C3000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F77DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F77E3000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F76D3000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F79A7000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F6B42000 - \SystemRoot\system32\DRIVERS\update.sys
    F795B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F796F000 - \SystemRoot\system32\drivers\MODEMCSA.sys
    F76F3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F7533000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F79AF000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7B96000 - \SystemRoot\System32\Drivers\Null.SYS
    F79B1000 - \SystemRoot\System32\Drivers\Beep.SYS
    F780B000 - \SystemRoot\System32\drivers\vga.sys
    F79B3000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F79B5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7813000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F781B000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F798B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    F59AC000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    F5953000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    F7543000 - \SystemRoot\System32\Drivers\aswTdi.SYS
    F592B000 - \SystemRoot\system32\DRIVERS\netbt.sys
    F5909000 - \SystemRoot\System32\drivers\afd.sys
    F7553000 - \SystemRoot\System32\Drivers\Fips.SYS
    F58E8000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    F7563000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    F7573000 - \SystemRoot\system32\drivers\lvusbsta.sys
    F58B4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
    F7583000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
    F71DE000 - \SystemRoot\system32\DRIVERS\hidusb.sys
    F7593000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    F7833000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    F71DA000 - \SystemRoot\system32\DRIVERS\mouhid.sys
    F783B000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
    F5803000 - \SystemRoot\System32\Drivers\Udfs.SYS
    F57EB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F79C9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F6B3A000 * ???????????????????????????????? --[Hidden]--
    F7883000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F7B03000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\vtdisp.dll
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    F134F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    F1135000 - \SystemRoot\System32\Drivers\aswMon2.SYS
    F0FA0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    F7783000 - \SystemRoot\System32\drivers\aspi32.sys
    F0F0F000 - \SystemRoot\System32\Drivers\HTTP.sys
    F0E0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
    F0BDA000 - \SystemRoot\system32\drivers\wdmaud.sys
    F0DBF000 - \SystemRoot\system32\drivers\sysaudio.sys
    F79DD000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
    F05EB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F050F000 - \SystemRoot\system32\drivers\kmixer.sys
    F7BBB000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 129

    Liste des programmes installes

    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.7 - Français
    AnmanieSMP 2.4 i
    Apple Software Update
    Audacity 1.2.6
    AutoUpdate
    AV Voice Changer Software DIAMOND 4.0
    avast! Antivirus
    CCleaner (remove only)
    CoPilot - Pocket PC 6
    CoPilot PocketPC
    Dealio Toolbar
    Decoder Package Version 2.0 build 2104
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    EasyCleaner
    eMule
    Free Bomb Factory Plug-Ins 7.3
    Free Mp3 Wma Converter V 1.5.3
    Google Earth
    HijackThis 1.99.1
    Hijackthis Version Française
    InterLok Driver Kit
    Java(TM) 6 Update 2
    jetAudio Basic
    Lecteur Windows Media 11
    livebox
    Logiciel QuickCam de Logitech
    Logitech Desktop Messenger
    Logitech Print Service
    Macromedia Flash Player 8
    Messenger Plus! Live & Sponsor (CiD)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft Office PowerPoint Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    Nero BurnRights
    Nero Suite
    NeroVision Express Content
    Programme de gestion Camera de Logitech®
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)
    Skype 2.5
    Smart Link 56K Voice Modem
    Synaptics Pointing Device Driver
    VideoLAN VLC media player 0.8.6c
    Webcamfirst 3.1.8
    WebcamFirst Mail 1.1.5
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Yahoo! Toolbar

    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\Program Files

    04/01/2008 15:42 <REP> .
    04/01/2008 15:42 <REP> ..
    30/04/2007 19:55 <REP> Adobe
    19/01/2004 19:31 <REP> Ahead
    17/06/2007 19:30 <REP> Alwil Software
    01/01/2007 15:49 <REP> AnmSMP
    14/07/2007 17:26 <REP> Apple Software Update
    01/03/2007 21:35 <REP> Audacity
    29/02/2004 17:17 4 624 445 audacity.exe
    18/11/2007 21:12 <REP> AV Vcs 4.0 DIAMOND
    04/01/2008 15:43 <REP> CannaScripTV2
    15/11/2006 20:52 <REP> CCleaner
    30/04/2007 20:18 <REP> CoPilot
    01/12/2006 00:01 <REP> Dealio
    11/07/2007 14:56 <REP> DivX
    30/12/2006 13:47 <REP> Emoticon
    02/01/2008 13:19 <REP> eMule
    24/07/2007 20:44 <REP> Fichiers communs
    01/03/2007 19:49 <REP> Free Audio Pack
    17/06/2007 23:30 <REP> Google
    04/01/2008 17:05 <REP> Hijackthis Version Française
    12/12/2007 03:12 <REP> Internet Explorer
    15/07/2007 15:24 <REP> Java
    05/12/2007 17:39 <REP> JetAudio
    14/12/2006 12:09 <REP> Ligos
    24/07/2007 20:44 <REP> Logitech
    30/06/2007 16:29 <REP> Messenger Plus! Live
    16/06/2007 09:45 <REP> Microsoft ActiveSync
    10/05/2007 02:10 <REP> Microsoft CAPICOM 2.1.0.2
    19/01/2004 18:24 <REP> microsoft frontpage
    01/11/2006 13:54 <REP> Microsoft Office
    19/01/2004 19:33 <REP> Microsoft Visual Studio
    19/01/2004 18:20 <REP> Movie Maker
    30/06/2007 11:48 <REP> MSN
    19/01/2004 18:18 <REP> MSN Gaming Zone
    02/01/2008 13:15 <REP> MSN Messenger
    15/11/2006 15:56 <REP> MSXML 4.0
    19/01/2004 18:21 <REP> NetMeeting
    22/07/2007 10:16 <REP> Outlook Express
    03/12/2006 23:27 <REP> PC Inspector Smart Recovery
    02/11/2006 19:50 <REP> Qualcomm
    14/07/2007 17:29 <REP> QuickTime
    14/12/2006 21:24 <REP> RegCleaner
    30/06/2007 11:47 <REP> Services en ligne
    05/03/2007 14:58 <REP> Setup
    31/10/2006 15:09 <REP> Skype
    02/10/2007 14:42 <REP> Spybot - Search & Destroy
    18/01/2007 18:09 <REP> StreamRipper32
    19/01/2004 19:22 <REP> Synaptics
    14/12/2006 21:20 <REP> ToniArts
    31/10/2006 18:40 <REP> VideoLAN
    28/06/2007 14:54 <REP> Wanadoo
    11/07/2007 20:12 <REP> Webcamfirst
    11/07/2007 20:33 <REP> WebcamFirst Mail
    03/12/2006 23:03 <REP> Windows Desktop Search
    30/06/2007 16:29 <REP> Windows Live
    04/07/2007 17:58 <REP> Windows Live Toolbar
    05/03/2007 20:51 <REP> Windows Media Connect 2
    11/07/2007 13:54 <REP> Windows Media Player
    19/01/2004 18:18 <REP> Windows NT
    19/01/2004 18:24 <REP> xerox
    30/11/2006 12:53 <REP> Yahoo!
    1 fichier(s) 4 624 445 octets
    61 Rép(s) 52 914 208 768 octets libres
    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\Program Files\fichiers communs

    24/07/2007 20:44 <REP> .
    24/07/2007 20:44 <REP> ..
    30/11/2006 13:18 <REP> ACD Systems
    19/01/2004 19:21 <REP> Adobe
    19/01/2004 19:29 <REP> Ahead
    25/09/2006 11:16 <REP> AOL
    09/01/2007 22:07 <REP> COWON
    22/07/2007 10:11 <REP> Digidesign
    24/07/2007 20:44 <REP> FotoWire
    30/06/2007 11:47 <REP> G DATA
    30/10/2006 22:07 <REP> InstallShield
    15/07/2007 15:22 <REP> Java
    30/10/2006 17:58 <REP> Logitech
    22/07/2007 10:16 <REP> Microsoft Shared
    19/01/2004 18:20 <REP> MSSoap
    28/09/2006 18:29 <REP> Nero
    30/06/2007 11:47 <REP> ODBC
    22/07/2007 10:16 <REP> PACE Anti-Piracy
    30/06/2007 11:47 <REP> Screaming Bee
    30/06/2007 11:47 <REP> Services
    02/01/2008 02:04 <REP> Softwin
    19/01/2004 19:13 <REP> SpeechEngines
    30/06/2007 11:47 <REP> Symantec Shared
    14/06/2007 02:15 <REP> System
    02/07/2007 19:59 <REP> Wise Installation Wizard
    0 fichier(s) 0 octets
    25 Rép(s) 52 914 204 672 octets libres
    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    01/11/2006 13:54 <REP> .
    01/11/2006 13:54 <REP> ..
    19/01/2004 19:33 <REP> 1033
    01/11/2006 13:54 <REP> 1036
    11/07/2003 10:15 1 292 872 MSONSEXT.DLL
    03/06/1999 12:09 122 937 MSOWS409.DLL
    07/03/2001 07:00 127 033 MSOWS40c.DLL
    11/07/2003 02:25 80 448 PKMWS.DLL
    4 fichier(s) 1 623 290 octets
    4 Rép(s) 52 914 204 672 octets libres

    c:\Documents and Settings\jérome Roussel\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\catchme.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\diff.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\dumphive.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\find2.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\Fport.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\grep.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\gzip.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\LFiles.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\md5sums.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\pslist.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\sigcheck.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\streams.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\swreg.exe
    c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\tar.exe
    c:\Documents and Settings\jérome Roussel\Default User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
    c:\Documents and Settings\jérome Roussel\Default User\Local Settings\Temporary Internet Files\Content.IE5\2VLJ51VD\WindowsUpdateAgent20-x86[1].exe
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\jérome Roussel\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\jérome Roussel\Application Data\Mozilla\Firefox\Profiles\4h8yl0jg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\jérome Roussel\Application Data\Mozilla\Firefox\Profiles\4h8yl0jg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_JEROME.tar.gz a l'adresse http://upload.malekal.com
    DiagHelp version v1.4 - http://www.malekal.com
    excute le 04/01/2008 à 17:38:52,85

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->04/01/2008 17:38:30
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->04/01/2008 17:38:13
    C:\WINDOWS\prefetch\SIGCHECK.EXE-0D595D24.pf -->04/01/2008 17:37:56
    C:\WINDOWS\prefetch\GREP.EXE-1E51A37E.pf -->04/01/2008 17:37:56
    C:\WINDOWS\prefetch\LFILES.EXE-22F72A9E.pf -->04/01/2008 17:36:26
    C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->04/01/2008 17:35:24
    C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->04/01/2008 17:34:19
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->04/01/2008 17:24:35
    C:\WINDOWS\prefetch\ASHCHEST.EXE-0FED8209.pf -->04/01/2008 17:22:04
    C:\WINDOWS\prefetch\ASHSIMPL.EXE-14F851AB.pf -->04/01/2008 17:21:45

    C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
    C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
    C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
    C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
    C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\PxHelp20.sys -->02/07/2007 20:41:10

    C:\WINDOWS\System32\wpa.dbl -->03/01/2008 18:41:17
    C:\WINDOWS\System32\CONFIG.NT -->02/01/2008 01:56:38
    C:\WINDOWS\System32\lvcoinst.log -->15/12/2007 14:58:29
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 03:02:45
    C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
    C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfh009.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 16:20:00
    C:\WINDOWS\System32\perfc009.dat -->31/10/2007 16:19:59
    C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 16:19:58
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\mstime.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\msrating.dll -->11/10/2007 00:49:44

    C:\WINDOWS\WindowsUpdate.log -->04/01/2008 16:00:01
    C:\WINDOWS\wiaservc.log -->04/01/2008 15:59:58
    C:\WINDOWS\wiadebug.log -->04/01/2008 15:59:58
    C:\WINDOWS\NeroDigital.ini -->04/01/2008 15:59:52
    C:\WINDOWS\SchedLgU.Txt -->03/01/2008 15:58:27
    C:\WINDOWS\win.ini -->02/01/2008 02:04:02
    C:\WINDOWS\QTFont.qfn -->23/12/2007 00:16:24
    C:\WINDOWS\Sti_Trace.log -->02/10/2007 21:08:57
    C:\WINDOWS\system.ini -->02/10/2007 18:19:20
    C:\WINDOWS\QTFont.for -->01/08/2007 22:53:14
    C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe -->24/07/2007 20:37:43
    C:\WINDOWS\StreamRipper32.INI -->14/07/2007 17:20:15
    C:\WINDOWS\sripper.ini -->14/07/2007 17:20:15
    C:\WINDOWS\ODBC.INI -->10/07/2007 20:43:30
    C:\WINDOWS\ODBCINST.INI -->10/07/2007 20:38:33

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Unsigned
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1848
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
    0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
    0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x01540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x02d80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x022a0000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
    0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
    0x028b0000 0x28000 6.00.0000.9606 C:\Program Files\JetAudio\JetFlExt.dll
    0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x01b80000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x028e0000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    0x780c0000 0x61000 6.05.2144.0000 C:\Program Files\Windows Desktop Search\msvcp60.dll
    0x02410000 0x3000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui
    0x02790000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 456
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01110000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\WINDOWS\system32

    05/08/2004 13:00 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 52 932 386 816 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\WINDOWS\Downloaded Program Files

    15/07/2007 15:25 <REP> .
    15/07/2007 15:25 <REP> ..
    13/08/2007 21:53 <REP> CONFLICT.1
    19/01/2004 18:22 65 desktop.ini
    07/06/2006 11:09 1 249 erma.inf
    10/04/2000 17:12 1 765 fhg.inf
    22/11/2006 23:22 372 736 GAME_UNO1.dll
    22/11/2006 20:50 316 GAME_UNO1.INF
    12/07/2007 03:22 1 055 jinstall-6u2.inf
    11/02/2007 22:27 490 Medialogic.INF
    29/05/2003 15:00 160 864 messengerstatsclient.dll
    22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
    20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
    29/05/2003 15:00 84 064 minesweeper.dll
    29/05/2003 15:00 77 408 msgrchkr.dll
    04/12/2006 15:16 144 QTPlugin.inf
    09/11/2006 14:36 5 019 swflash.inf
    18/07/2006 14:35 151 080 ZIntro.ocx
    15 fichier(s) 1 161 961 octets

    Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

    13/08/2007 21:53 <REP> .
    13/08/2007 21:53 <REP> ..
    28/02/2007 13:21 130 472 MineSweeper.dll
    28/02/2007 13:21 131 472 msgrchkr.dll
    2 fichier(s) 261 944 octets

    Total des fichiers listés :
    17 fichier(s) 1 423 905 octets
    5 Rép(s) 52 932 382 720 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe:*:Enabled:Microsoft Update"
    "C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe"="C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe:*:Enabled:Application MFC Dames"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-04 17:39:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940246ce]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a940246ce]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG06.00.00.01WORKSTATION"="FA594A44D42F338F1C3B4B58B88412283B0BA01E46AE5405988EE60FABCD072EFD3EA23674C7754872AE9CA89AF4A8903E83878A81D834EE3EEA7A2422ECD8118AB6368BA57A781B68FB425C3B87D166124851F6C34E90CBC95DFAE0D04A350A3BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D31C71407405A148EA60C44C3E617FD548D5B468038A399F90D85587E7F6B36D06C0D69FA67D10F77D0E6F0AA7F112946167854085CEC4277AB77DE6EBF2FC9B68A92C503D17D7AEFB4E4C1796CF46CF6CC42339AF71ECD78B34EDA9FD3AA1A40BB679C654F89EC4FEBDA5B6137C3DF3D557158F2ECAD766FF045B27E17EA219B14ECE5D9D5B8449E737065080C14611F34923D47C229BC8092EFD16B8B0F9DAB8CDA9D8F7DDEA020AB200C883F11925A5508DF3D242DDE07ABB2263B534C9287813C43A40466E4C65CBB0270C57857DF0705C07060EEE60F34C6A2B3376949F6336FD93149CBB8B8ACE57B41B99CD8537A14E6EE69359CDA883CBE122245CA7BC5276A3B53218BD22A96B0F058E2058D468F5CBC56DA0E5FE5F3738625CD6647C2EA7EC2C98B092448995CEA04C78D9AE5A8AC5162CE0EC570A2C0B57309AFBF15942836FB43A9F0DA0EC28BC2D6663CB7666A95EC15B36D31D2A835E40EFD7F0E5378FB5716A2AF1B692627BD3449E5FC1F2D6AF746D7661162B19375886CD4612A896DF3E5F00C27F15080C41533C0DC810BA3AB0A19766182E65046BA5AC3A8EF76D688A7D4E500C30DD4C7C46529E20DA585D023D897D43AD65F19F66A805FCD5DF873E453D00C4F2CCFDCA0652F7A969A4D58E3BE76026294A7D72804F865C4620AB4B9339413D785153F9BFB9778C613A9D43233F4E5A936068C4752488027AFB1F0D800ACC275ED39CA3C355B121C363C7B0BE5A85F0FD54BE8E64443581AEC8DF1870DC62E924547041CE3A663E4B21EA97CC8DB316C133ABE2A0EEE799ACDAEA41D6AC8C870E93D0EE91D5968473A58DC2B110B03E8110B884A25075476039A1909744A6DA2410C35E6390A853C03EB384D3A68E082F4E96092C479BCCFC4C9054CC3945711B41CE56AD5FE0090C5CA82AD0159398B6A7706E36D68EB1E4FA9C0FA3A292B7730C4B2DE54B50364C05B27AC68F6DFA9A048DEB262AAFD2CE21B493F7BBBEA6424555142D8DE9CACB479343DB58E8C57C862718729CBF298C172BF56703203BC06109BA6CCDE3EB1E774DD6774A2DA6199C26A7D8E88B0D633F8E99144293F38CD2B8F325ECD4091250F794571684969CED99945A0547D2C06ECAED4686F516278CFCE207E78DB3C387F820640C83B66270C72A333D686B486FD9B9C0F0A4E1C071C1FBD61"

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    224 - LVCOMSX.EXE
    296 - ashDisp.exe
    432 - csrss.exe
    456 - winlogon.exe
    500 - services.exe
    512 - lsass.exe
    660 - svchost.exe
    716 - svchost.exe
    752 - svchost.exe
    788 - svchost.exe
    840 - svchost.exe
    904 - svchost.exe
    1120 - ashServ.exe
    1376 - cmd.exe
    1444 - MDM.EXE
    1480 - slmdmsr.exe
    1788 - ashMaiSv.exe
    1804 - ashWebSv.exe
    1848 - explorer.exe
    1980 - alg.exe
    2488 - msnmsgr.exe
    3176 - iexplore.exe
    3640 - usnsvc.exe

    Total number of processes = 24
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806ED000 - \WINDOWS\system32\hal.dll
    F7993000 - \WINDOWS\system32\KDCOM.DLL
    F78A3000 - \WINDOWS\system32\BOOTVID.dll
    F7443000 - ACPI.sys
    F7995000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
    F7432000 - pci.sys
    F7493000 - isapnp.sys
    F78A7000 - compbatt.sys
    F78AB000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
    F7997000 - viaide.sys
    F7713000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F7414000 - pcmcia.sys
    F74A3000 - MountMgr.sys
    F73F5000 - ftdisk.sys
    F78AF000 - ACPIEC.sys
    F7A5B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    F771B000 - PartMgr.sys
    F74B3000 - VolSnap.sys
    F73DD000 - atapi.sys
    F7368000 - iaStor.sys
    F7723000 - SiSRaid2.sys
    F7350000 - \WINDOWS\system32\drivers\SCSIPORT.SYS
    F74C3000 - viamraid.sys
    F74D3000 - disk.sys
    F74E3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F7330000 - fltMgr.sys
    F731E000 - sr.sys
    F74F3000 - PxHelp20.sys
    F730C000 - TPkd.sys
    F72F5000 - KSecDD.sys
    F72E2000 - WudfPf.sys
    F7255000 - Ntfs.sys
    F7228000 - NDIS.sys
    F7503000 - uagp35.sys
    F772B000 - viaagp1.sys
    F78B3000 - RecAgent.sys
    F720E000 - Mup.sys
    F75D3000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    F7943000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
    F718B000 - \SystemRoot\system32\DRIVERS\vtmini.sys
    F7177000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F7105000 - \SystemRoot\system32\DRIVERS\ar5211.sys
    F77A3000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F70E2000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F77AB000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F75E3000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F70B3000 - \SystemRoot\system32\DRIVERS\SynTP.sys
    F79A3000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F77B3000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F77BB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F75F3000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F7947000 - \SystemRoot\system32\drivers\pfc.sys
    F77C3000 - \SystemRoot\system32\drivers\Afc.sys
    F7603000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F7613000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F7090000 - \SystemRoot\system32\DRIVERS\ks.sys
    F6D16000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
    F6CF4000 - \SystemRoot\system32\drivers\portcls.sys
    F7633000 - \SystemRoot\system32\drivers\drmk.sys
    F6C84000 - \SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
    F794F000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
    F6C63000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
    F77CB000 - \SystemRoot\System32\Drivers\Modem.SYS
    F7B2A000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F7693000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7953000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F6C4C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F76A3000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F76B3000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F77D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F6C3B000 - \SystemRoot\system32\DRIVERS\psched.sys
    F76C3000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F77DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F77E3000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F76D3000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F79A7000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F6B42000 - \SystemRoot\system32\DRIVERS\update.sys
    F795B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F796F000 - \SystemRoot\system32\drivers\MODEMCSA.sys
    F76F3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F7533000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F79AF000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7B96000 - \SystemRoot\System32\Drivers\Null.SYS
    F79B1000 - \SystemRoot\System32\Drivers\Beep.SYS
    F780B000 - \SystemRoot\System32\drivers\vga.sys
    F79B3000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F79B5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7813000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F781B000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F798B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    F59AC000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    F5953000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    F7543000 - \SystemRoot\System32\Drivers\aswTdi.SYS
    F592B000 - \SystemRoot\system32\DRIVERS\netbt.sys
    F5909000 - \SystemRoot\System32\drivers\afd.sys
    F7553000 - \SystemRoot\System32\Drivers\Fips.SYS
    F58E8000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    F7563000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    F7573000 - \SystemRoot\system32\drivers\lvusbsta.sys
    F58B4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
    F7583000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
    F71DE000 - \SystemRoot\system32\DRIVERS\hidusb.sys
    F7593000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    F7833000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    F71DA000 - \SystemRoot\system32\DRIVERS\mouhid.sys
    F783B000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
    F5803000 - \SystemRoot\System32\Drivers\Udfs.SYS
    F57EB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F79C9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F6B3A000 * ???????????????????????????????? --[Hidden]--
    F7883000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F7B03000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\vtdisp.dll
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    F134F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    F1135000 - \SystemRoot\System32\Drivers\aswMon2.SYS
    F0FA0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    F7783000 - \SystemRoot\System32\drivers\aspi32.sys
    F0F0F000 - \SystemRoot\System32\Drivers\HTTP.sys
    F0E0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
    F0BDA000 - \SystemRoot\system32\drivers\wdmaud.sys
    F0DBF000 - \SystemRoot\system32\drivers\sysaudio.sys
    F79DD000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
    F05EB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F050F000 - \SystemRoot\system32\drivers\kmixer.sys
    F7BBB000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 129

    Liste des programmes installes

    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.7 - Français
    AnmanieSMP 2.4 i
    Apple Software Update
    Audacity 1.2.6
    AutoUpdate
    AV Voice Changer Software DIAMOND 4.0
    avast! Antivirus
    CCleaner (remove only)
    CoPilot - Pocket PC 6
    CoPilot PocketPC
    Dealio Toolbar
    Decoder Package Version 2.0 build 2104
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    EasyCleaner
    eMule
    Free Bomb Factory Plug-Ins 7.3
    Free Mp3 Wma Converter V 1.5.3
    Google Earth
    HijackThis 1.99.1
    Hijackthis Version Française
    InterLok Driver Kit
    Java(TM) 6 Update 2
    jetAudio Basic
    Lecteur Windows Media 11
    livebox
    Logiciel QuickCam de Logitech
    Logitech Desktop Messenger
    Logitech Print Service
    Macromedia Flash Player 8
    Messenger Plus! Live & Sponsor (CiD)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft Office PowerPoint Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    Nero BurnRights
    Nero Suite
    NeroVision Express Content
    Programme de gestion Camera de Logitech®
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)
    Skype 2.5
    Smart Link 56K Voice Modem
    Synaptics Pointing Device Driver
    VideoLAN VLC media player 0.8.6c
    Webcamfirst 3.1.8
    WebcamFirst Mail 1.1.5
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Yahoo! Toolbar

    Le volume dans le lecteur C s'appelle N01050
    Le numéro de série du volume est 14D2-4588

    Répertoire de C:\Program Files

    04/01/2008 15:42 <REP> .
    04/01/2008 15:42 <REP> ..
    30/04/2007 19:55 <REP> Adobe
    19/01/2004 19:31 <REP> Ahead
    17/06/2007 19:30 <REP> Alwil Software
    01/01/2007 15:49 <REP> AnmSMP
    14/07/2007 17:26 <REP> Apple Software Update
    01/03/2007 21:35 <REP> Audacity
    29/02/2004 17:17 4 624 445 audacity.exe
    18/11/2007 21:12 <REP> AV Vcs 4.0 DIAMOND
    04/01/2008 15:43 <REP> CannaScripTV2
    15/11/2006 20:52 <REP> CCleaner
    30/04/2007 20:18 <REP> CoPilot
    01/12/2006 00:01 <REP> Dealio
    11/07/2007 14:56 <REP> DivX
    30/12/2006 13:47 <REP> Emoticon
    02/01/2008 13:19 <REP> eMule
    24
    0
  9. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    il n'est visiblement pas complet

    poste le en plusieurs fois
    0
  10. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    quelque chose me chiffonne, j'aimerais ceci également stp

    Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
    Extrais tout son contenu sur ton Bureau
    (clic droit sur le fichier .zip >> "Extraire tout...")
    Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
    Clique sur Smart Scan
    Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.

    Lorsque complété, clique sur le bouton [Save Reports]
    Sauvegarde le rapport sur ton Bureau
    Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

    je serais là après diner
    0
  11. Utilisateur anonyme
     
    re aussi dsl mais tu ne ma pas donné le lien pour le telechargé
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    oui c'est vrai excuse
    le voici
    http://www.kztechs.com/eng/download.html
    0
  13. Utilisateur anonyme
     
    VOILA par contre depuis que le scan a commencé jai une fenetre en bas a droite qui reste ouvert et il dise
    2007/12/25 virus aleart!dont't
    open christmas-2007 .zip file from
    msn messager if you received it
    from your friends
    christmas-2007.zip is a virus

    [CODE]

    2008-01-04,23:40:50

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <LogitechSoftwareUpdate><"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
    <LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE> [Logitech Inc.]
    <LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
    <LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><LogonUI.EXE> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}><> [N/A]
    <{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser> [(Verified)Microsoft Windows Publisher]

    ==================================
    Startup Folders
    N/A

    ==================================
    Services
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [Google Updater Service / gusvc][Stopped/Manual Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
    <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
    [SmartLinkService / SLService][Running/Auto Start]
    <slmdmsr.exe><>

    ==================================
    Drivers
    [PPdus ASPI Shell / Afc][Running/Manual Start]
    <system32\drivers\Afc.sys><Arcsoft, Inc.>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [Atheros Wireless Network Adapter Service / AR5211][Running/Manual Start]
    <system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
    [Aspi32 / Aspi32][Running/Auto Start]
    <System32\drivers\aspi32.sys><Adaptec>
    [DSDrv4 / DSDrv4][Stopped/Manual Start]
    <\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys><N/A>
    [EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
    <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
    [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Stopped/Manual Start]
    <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
    [Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Stopped/Manual Start]
    <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
    [iaStor / iaStor][Running/Boot Start]
    <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
    [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
    <system32\drivers\lvusbsta.sys><Logitech Inc.>
    [Mtlmnt5 / Mtlmnt5][Running/Manual Start]
    <system32\DRIVERS\SLDRV\Mtlmnt5.sys><>
    [Mtlstrm / Mtlstrm][Stopped/Manual Start]
    <system32\DRIVERS\SLDRV\Mtlstrm.sys><>
    [Webcam Deluxe / ovt530][Stopped/Manual Start]
    <System32\Drivers\ov530vid.sys><N/A>
    [Padus ASPI Shell / pfc][Running/Manual Start]
    <system32\drivers\pfc.sys><Padus, Inc.>
    [Logitech QuickCam Express(PID_0928) / PID_0928][Running/Manual Start]
    <system32\DRIVERS\LV561AV.SYS><Logitech Inc.>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    [RecAgent / RecAgent][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\SLDRV\RecAgent.sys><>
    [Screaming Bee Audio / SCREAMINGBDRIVER][Stopped/Manual Start]
    <system32\drivers\ScreamingBAudio.sys><N/A>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    [SiSRaid2 / SiSRaid2][Running/Boot Start]
    <\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp>
    [SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
    <system32\DRIVERS\SLDRV\slntamr.sys><>
    [SlNtHal / SlNtHal][Stopped/Manual Start]
    <system32\DRIVERS\SLDRV\Slnthal.sys><>
    [SlWdmSup / SlWdmSup][Running/Manual Start]
    <system32\DRIVERS\SLDRV\SlWdmSup.sys><>
    [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
    <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
    [VIA AGP Filter / viaagp1][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
    [viagfx / viagfx][Running/Manual Start]
    <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
    [ViaIde / ViaIde][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
    [viamraid / viamraid][Running/Boot Start]
    <\SystemRoot\system32\drivers\viamraid.sys><VIA Technologies inc,.ltd>
    [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
    <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

    ==================================
    Browser Add-ons
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [dsWebAllowBHO Class]
    {2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
    [DealioBHO Class]
    {6A87B991-A31F-4130-AE72-6D0C294BF082} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
    [Java Plug-in 1.6.0_02]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [Dealio]
    {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
    [&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
    [Checkers Class]
    {00B71CFB-6864-4346-A978-C0A14556272C} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, Microsoft Corporation>
    [QuickTime Object]
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
    [Checkers Class]
    {20A60F0D-9AFA-4515-A0FD-83BD84642501} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll, Microsoft Corporation>
    [CMediaMix Object]
    {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} <C:\WINDOWS\system32\MediaLogic.dll, Microsoft Corp.>
    [Minesweeper Flags Class]
    {2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
    [UnoCtrl Class]
    {5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
    [Java Plug-in 1.6.0_02]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [MessengerStatsClient Class]
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
    [ZoneIntro Class]
    {B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, Microsoft Corporation>
    [MessengerStatsClient Class]
    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
    [Java Plug-in 1.6.0_02]
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_02]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [Minesweeper Flags Class]
    {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MineSweeper.dll, Microsoft Corporation>
    [Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar3.dll, Google Inc.>
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [QuickTime Object]
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [Web Browser Applet Control]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
    [InformationCardSigninHelper Class]
    {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
    [HTML Document]
    {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    [XML DOM Document]
    {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    [DHTML Edit Control Safe for Scripting for IE5]
    {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
    [dsWebAllowBHO Class]
    {2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
    [Tabular Data Control]
    {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
    [QuickTime Object]
    {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Shell Name Space]
    {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [DealioBHO Class]
    {6A87B991-A31F-4130-AE72-6D0C294BF082} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [Microsoft Web Browser]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [Java Plug-in 1.6.0_02]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Skype Detection Object]
    {9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, N/A>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
    [SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
    [RDS.DataSpace]
    {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_ASF Moniker Class]
    {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Windows Live Sign-in Control]
    {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [QuickTimeCheck Class]
    {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
    []
    {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
    [Dealio]
    {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
    [XML HTTP Request]
    {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [JScript Language]
    {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <c:\windows\system32\jscript.dll, Microsoft Corporation>
    [XML HTTP 3.0]
    {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML HTTP]
    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Compare Prices with &Dealio]
    <C:\Program Files\Dealio\kb100\res\DealioSearch.html, N/A>
    [E&xporter vers Microsoft Excel]
    <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

    ==================================
    Running Processes
    [PID: 376 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 432 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 456 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2508 (xpsp.040806-1825)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 500 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [PID: 512 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 660 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 716 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 752 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [PID: 840 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 904 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 1072 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
    [PID: 1120 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1043, 0]
    [PID: 1300 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
    [PID: 1380 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1444 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [PID: 1480 / SYSTEM][C:\WINDOWS\system32\slmdmsr.exe] [ , 4.20.01]
    [PID: 1544 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1788 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1038, 0]
    [PID: 1804 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
    [PID: 1980 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1848 / jérome Roussel][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.0.6]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\JetAudio\JetFlExt.dll] [JetAudio, Inc., 6, 0, 0, 9606]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\Program Files\Windows Desktop Search\dsWebAllow.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\Windows Desktop Search\msvcp60.dll] [Microsoft Corporation, 6.05.2144.0]
    [C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [PID: 204 / jérome Roussel][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 224 / jérome Roussel][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
    [PID: 232 / jérome Roussel][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.7.1034]
    [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.7.1034]
    [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.7.1034]
    [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.7.1034]
    [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020]
    [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
    [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034]
    [PID: 296 / jérome Roussel][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1038, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1043, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1043, 0]
    [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1043, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1043, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1043, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1043, 0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Alwil Software\Avast4\AavmGuih.dll] [ALWIL Software, 4, 7, 1043, 0]
    [PID: 320 / jérome Roussel][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1008 / jérome Roussel][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.7.1034]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
    [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034]
    [PID: 3176 / jérome Roussel][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1601, 4978]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] [Yahoo! Inc., 2006, 6, 6, 1]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Windows Desktop Search\dsWebAllow.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\Windows Desktop Search\msvcp60.dll] [Microsoft Corporation, 6.05.2144.0]
    [C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
    [C:\Program Files\Dealio\kb100\Dealio.dll] [Vendio Services, Inc., 2, 1, 0, 0]
    [C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
    [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll] [Yahoo! Inc., 2006.1.25.01]
    [C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll] [Yahoo!, Inc., 2006, 4, 26, 1]
    [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [PID: 2488 / jérome Roussel][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276]
    [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276]
    [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276]
    [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
    [C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
    [C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
    [PID: 3640 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
    [PID: 2144 / jérome Roussel][C:\Documents and Settings\jérome Roussel\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\Documents and Settings\jérome Roussel\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 224, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 232, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1008, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 2144, C:\DOCUMENTS AND SETTINGS\JÉROME ROUSSEL\BUREAU\SRENG2\SRENGPS.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2144, C:\DOCUMENTS AND SETTINGS\JÉROME ROUSSEL\BUREAU\SRENG2\SRENGPS.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]
    0
  14. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    je n'ai pas relu je viens juste de voir ton message, a t on utiliser MSNFIX ?

    si non

    * Télécharge MSNFix.zip (de !aur3n7) sur ton bureau
    http://sosvirus.changelog.fr/MSNFix.zip

    * Dézippe-le en faisant un clic droit puis extraire ici.
    * Double-clique sur MSNfix.bat.* Choisis l'option R. Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
    * Le rapport est enregistré dans le même dossier que MSNfix (date.txt). Copie-colle son contenu dans ta prochaine réponse.

    ------
    Si un virus est détecté, il vous sera alors demandé de nettoyer l'ordinateur.
    Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
    Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.

    Si votre barre "Démarrer" ne s'affiche toujours pas, il suffit de faire
    Ctrl + Alt + Suppr sous Windows XP
    Ctrl + Maj + Echap sous Windows Vista
    pour ouvrir le Gestionnaire de tâches Windows.

    Faites ensuite "Fichier" puis "Nouvelle tâche" et entrez explorer.exe dans la fenêtre qui apparait et finissez par "OK".
    N'oubliez pas de redémarrer votre ordinateur pour achever le nettoyage !

    je vais regarder tes rapports
    0
  15. Utilisateur anonyme
     
    VOILA jai ca
    MSNFix 1.618

    C:\Documents and Settings\j‚rome Roussel\Bureau\MSNFix\MSNFix
    Fix exécuté le 05/01/2008 - 0:15:20,62 By j‚rome Roussel
    mode normal

    ************************ Recherche les fichiers présents

    Aucun Fichier trouvé

    ************************ Recherche les dossiers présents

    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

    ************************ Suppression des fichiers

    ************************ Suppression des dossiers

    .. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

    ************************ Nettoyage du registre

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\PROGRA~1\audacity.exe] 378DF653A01A0AD641F6A9D2580E435F

    [color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\JROMER~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05012008_ 0174162.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    jai jste nettoyé la cest tout mon ordi na pas redemaré
    0
  16. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    OK

    Connais tu
    [C:\PROGRAMES FILES\audacity.exe

    fait le analyser sur VIRUS TOTAL et poste le rapport généré ensuite stp
    http://www.virustotal.com/en/indexf.html

    Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

    ensuite upload
    C:\DOCUMENTS & SETTING\JROMER~1\Bureau\Upload_Me.zip
    ICI

    http://upload.changelog.fr

    et dans l'immédiat fait ceci :
    * Fait un scan antivirus en ligne avec Internet Explorer
    https://www.bitdefender.fr/
    et copie colle le résultat ici
    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, etc.

    tuto en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    0
  17. Utilisateur anonyme
     
    VOICI deja le premier scan

    Fichier audacity.exe reçu le 2007.04.10 13:00:27 (CET)
    Situation actuelle: terminé

    Résultat: 2/31 (6.45%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    FileAdvisor - - No threat detected
    Fortinet - - -
    F-Prot - - -
    F-Secure - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Suspicious file
    Prevx1 - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -
    Information additionnelle
    MD5: 7d821ff8789bf6f5cb1ed8755e647770
    0
  18. Utilisateur anonyme
     
    je nai pas compris ca par contre dsl
    0
  19. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    pas compris quoi ? la dernière manip ? c'était pour faire analyser unfichier par plusieurs antivirus et voir ce qu'ils en disent.
    apparemment Panda réagit mais c'set tout.

    tu sais à quoi il correspond cet exe ?
    0
  20. Utilisateur anonyme
     
    cest en cour avec bit defender online
    0
  • 1
  • 2