Sujet Précédent Sujet Suivant

Virus je suis perdue qui peut m aider svp?

Fermé
Utilisateur anonyme - 4 janv. 2008 à 17:11
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 - 7 janv. 2008 à 01:09
Bonjour,
bonjour je ne sais plus quoi faire mon ordinateur est trop lent et jai encore choppé un virus tout a l heure (avast ma averti )
jai supprimé le fichier contaminé mais ca rame tjr autant je vous post le scan si quelqun peut m aider un peu merci beaucoup d avance

ogfile of HijackThis v1.99.1
Scan saved at 17:06:12, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb100\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb100\Dealio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb100\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 17:17
bonjour,

qu'as tu supprimé exactement ?
0
Réponse 2 / 33
Utilisateur anonyme
4 janv. 2008 à 17:21
bein en fait je sais pas du tout un fichier contaminé attend je vais regardé dans mon historique pour essayer de te dire ca
mais mon ordi ramé bien avant ce virus jai tout essayée
ccleaner
easy cleaner
scan avec bit defender
jai effacé tout mes point de restauration system je sais plus quoi faire la
ya til quelque chose d anormal dans mon scan ?????????????????????
je ny comprend rien
merci encore
0
Réponse 3 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 17:24
non justement rien d'anormal dans ton scan.



0
Réponse 4 / 33
Utilisateur anonyme
4 janv. 2008 à 17:28
09/07/2007 22:14:44 SYSTEM 1072 Sign of "Win32:CTX" has been found in "HTTP://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL" file.
09/07/2007 22:15:38 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET24.tmp" file.
09/07/2007 22:16:51 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\SET25.tmp" file.
09/07/2007 22:16:56 SYSTEM 1072 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.
06/11/2007 21:40:31 jérome Roussel 1568 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.
05/12/2007 13:38:09 jérome Roussel 1780 Function setifaceUpdatePackages() has failed. Return code is 0x00000002, dwRes is 00000002.
04/01/2008 15:43:00 jérome Roussel 1120 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\CannaScripTV2\dll\moo.$$A" file.




JAI retrouvé ca sur avast
cannascripttv2 cest ce qui ma apportée le virus
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 17:34
C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

c'est scan panda avec avast. Incompatibilité d'humeur, rien d'infectieux

quant à 

04/01/2008 15:43:00 jérome Roussel 1120 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\CannaScripTV2\dll\moo.$$A" file.




cela ne me cause pas du tout.
on va creuser un peu

* Télécharge DiagHelp.zip sur ton bureau(Merci Malekal)

Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd(le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.

* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

0
Réponse 6 / 33
Utilisateur anonyme
4 janv. 2008 à 17:42
ca scan la merci je te post des que ca arrive
0
Réponse 7 / 33
Utilisateur anonyme
4 janv. 2008 à 17:49
voila






DiagHelp version v1.4 - http://www.malekal.com
excute le 04/01/2008 à 17:38:52,85


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->04/01/2008 17:38:30
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->04/01/2008 17:38:13
C:\WINDOWS\prefetch\SIGCHECK.EXE-0D595D24.pf -->04/01/2008 17:37:56
C:\WINDOWS\prefetch\GREP.EXE-1E51A37E.pf -->04/01/2008 17:37:56
C:\WINDOWS\prefetch\LFILES.EXE-22F72A9E.pf -->04/01/2008 17:36:26
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->04/01/2008 17:35:24
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->04/01/2008 17:34:19
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->04/01/2008 17:24:35
C:\WINDOWS\prefetch\ASHCHEST.EXE-0FED8209.pf -->04/01/2008 17:22:04
C:\WINDOWS\prefetch\ASHSIMPL.EXE-14F851AB.pf -->04/01/2008 17:21:45

C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
C:\WINDOWS\System32\drivers\PxHelp20.sys -->02/07/2007 20:41:10

C:\WINDOWS\System32\wpa.dbl -->03/01/2008 18:41:17
C:\WINDOWS\System32\CONFIG.NT -->02/01/2008 01:56:38
C:\WINDOWS\System32\lvcoinst.log -->15/12/2007 14:58:29
C:\WINDOWS\System32\TZLog.log -->12/12/2007 03:02:45
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfh009.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfc009.dat -->31/10/2007 16:19:59
C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 16:19:58
C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\mstime.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\msrating.dll -->11/10/2007 00:49:44

C:\WINDOWS\WindowsUpdate.log -->04/01/2008 16:00:01
C:\WINDOWS\wiaservc.log -->04/01/2008 15:59:58
C:\WINDOWS\wiadebug.log -->04/01/2008 15:59:58
C:\WINDOWS\NeroDigital.ini -->04/01/2008 15:59:52
C:\WINDOWS\SchedLgU.Txt -->03/01/2008 15:58:27
C:\WINDOWS\win.ini -->02/01/2008 02:04:02
C:\WINDOWS\QTFont.qfn -->23/12/2007 00:16:24
C:\WINDOWS\Sti_Trace.log -->02/10/2007 21:08:57
C:\WINDOWS\system.ini -->02/10/2007 18:19:20
C:\WINDOWS\QTFont.for -->01/08/2007 22:53:14
C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe -->24/07/2007 20:37:43
C:\WINDOWS\StreamRipper32.INI -->14/07/2007 17:20:15
C:\WINDOWS\sripper.ini -->14/07/2007 17:20:15
C:\WINDOWS\ODBC.INI -->10/07/2007 20:43:30
C:\WINDOWS\ODBCINST.INI -->10/07/2007 20:38:33

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Unsigned
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1848
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x01540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02d80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x022a0000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x028b0000 0x28000 6.00.0000.9606 C:\Program Files\JetAudio\JetFlExt.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01b80000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x028e0000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll
0x780c0000 0x61000 6.05.2144.0000 C:\Program Files\Windows Desktop Search\msvcp60.dll
0x02410000 0x3000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui
0x02790000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 456
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01110000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 52 932 386 816 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\WINDOWS\Downloaded Program Files

15/07/2007 15:25 <REP> .
15/07/2007 15:25 <REP> ..
13/08/2007 21:53 <REP> CONFLICT.1
19/01/2004 18:22 65 desktop.ini
07/06/2006 11:09 1 249 erma.inf
10/04/2000 17:12 1 765 fhg.inf
22/11/2006 23:22 372 736 GAME_UNO1.dll
22/11/2006 20:50 316 GAME_UNO1.INF
12/07/2007 03:22 1 055 jinstall-6u2.inf
11/02/2007 22:27 490 Medialogic.INF
29/05/2003 15:00 160 864 messengerstatsclient.dll
22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
29/05/2003 15:00 84 064 minesweeper.dll
29/05/2003 15:00 77 408 msgrchkr.dll
04/12/2006 15:16 144 QTPlugin.inf
09/11/2006 14:36 5 019 swflash.inf
18/07/2006 14:35 151 080 ZIntro.ocx
15 fichier(s) 1 161 961 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

13/08/2007 21:53 <REP> .
13/08/2007 21:53 <REP> ..
28/02/2007 13:21 130 472 MineSweeper.dll
28/02/2007 13:21 131 472 msgrchkr.dll
2 fichier(s) 261 944 octets

Total des fichiers listés :
17 fichier(s) 1 423 905 octets
5 Rép(s) 52 932 382 720 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe"="C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe:*:Enabled:Application MFC Dames"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 17:39:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940246ce]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a940246ce]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="FA594A44D42F338F1C3B4B58B88412283B0BA01E46AE5405988EE60FABCD072EFD3EA23674C7754872AE9CA89AF4A8903E83878A81D834EE3EEA7A2422ECD8118AB6368BA57A781B68FB425C3B87D166124851F6C34E90CBC95DFAE0D04A350A3BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D31C71407405A148EA60C44C3E617FD548D5B468038A399F90D85587E7F6B36D06C0D69FA67D10F77D0E6F0AA7F112946167854085CEC4277AB77DE6EBF2FC9B68A92C503D17D7AEFB4E4C1796CF46CF6CC42339AF71ECD78B34EDA9FD3AA1A40BB679C654F89EC4FEBDA5B6137C3DF3D557158F2ECAD766FF045B27E17EA219B14ECE5D9D5B8449E737065080C14611F34923D47C229BC8092EFD16B8B0F9DAB8CDA9D8F7DDEA020AB200C883F11925A5508DF3D242DDE07ABB2263B534C9287813C43A40466E4C65CBB0270C57857DF0705C07060EEE60F34C6A2B3376949F6336FD93149CBB8B8ACE57B41B99CD8537A14E6EE69359CDA883CBE122245CA7BC5276A3B53218BD22A96B0F058E2058D468F5CBC56DA0E5FE5F3738625CD6647C2EA7EC2C98B092448995CEA04C78D9AE5A8AC5162CE0EC570A2C0B57309AFBF15942836FB43A9F0DA0EC28BC2D6663CB7666A95EC15B36D31D2A835E40EFD7F0E5378FB5716A2AF1B692627BD3449E5FC1F2D6AF746D7661162B19375886CD4612A896DF3E5F00C27F15080C41533C0DC810BA3AB0A19766182E65046BA5AC3A8EF76D688A7D4E500C30DD4C7C46529E20DA585D023D897D43AD65F19F66A805FCD5DF873E453D00C4F2CCFDCA0652F7A969A4D58E3BE76026294A7D72804F865C4620AB4B9339413D785153F9BFB9778C613A9D43233F4E5A936068C4752488027AFB1F0D800ACC275ED39CA3C355B121C363C7B0BE5A85F0FD54BE8E64443581AEC8DF1870DC62E924547041CE3A663E4B21EA97CC8DB316C133ABE2A0EEE799ACDAEA41D6AC8C870E93D0EE91D5968473A58DC2B110B03E8110B884A25075476039A1909744A6DA2410C35E6390A853C03EB384D3A68E082F4E96092C479BCCFC4C9054CC3945711B41CE56AD5FE0090C5CA82AD0159398B6A7706E36D68EB1E4FA9C0FA3A292B7730C4B2DE54B50364C05B27AC68F6DFA9A048DEB262AAFD2CE21B493F7BBBEA6424555142D8DE9CACB479343DB58E8C57C862718729CBF298C172BF56703203BC06109BA6CCDE3EB1E774DD6774A2DA6199C26A7D8E88B0D633F8E99144293F38CD2B8F325ECD4091250F794571684969CED99945A0547D2C06ECAED4686F516278CFCE207E78DB3C387F820640C83B66270C72A333D686B486FD9B9C0F0A4E1C071C1FBD61"

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
224 - LVCOMSX.EXE
296 - ashDisp.exe
432 - csrss.exe
456 - winlogon.exe
500 - services.exe
512 - lsass.exe
660 - svchost.exe
716 - svchost.exe
752 - svchost.exe
788 - svchost.exe
840 - svchost.exe
904 - svchost.exe
1120 - ashServ.exe
1376 - cmd.exe
1444 - MDM.EXE
1480 - slmdmsr.exe
1788 - ashMaiSv.exe
1804 - ashWebSv.exe
1848 - explorer.exe
1980 - alg.exe
2488 - msnmsgr.exe
3176 - iexplore.exe
3640 - usnsvc.exe

Total number of processes = 24
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806ED000 - \WINDOWS\system32\hal.dll
F7993000 - \WINDOWS\system32\KDCOM.DLL
F78A3000 - \WINDOWS\system32\BOOTVID.dll
F7443000 - ACPI.sys
F7995000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7432000 - pci.sys
F7493000 - isapnp.sys
F78A7000 - compbatt.sys
F78AB000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7997000 - viaide.sys
F7713000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7414000 - pcmcia.sys
F74A3000 - MountMgr.sys
F73F5000 - ftdisk.sys
F78AF000 - ACPIEC.sys
F7A5B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F771B000 - PartMgr.sys
F74B3000 - VolSnap.sys
F73DD000 - atapi.sys
F7368000 - iaStor.sys
F7723000 - SiSRaid2.sys
F7350000 - \WINDOWS\system32\drivers\SCSIPORT.SYS
F74C3000 - viamraid.sys
F74D3000 - disk.sys
F74E3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7330000 - fltMgr.sys
F731E000 - sr.sys
F74F3000 - PxHelp20.sys
F730C000 - TPkd.sys
F72F5000 - KSecDD.sys
F72E2000 - WudfPf.sys
F7255000 - Ntfs.sys
F7228000 - NDIS.sys
F7503000 - uagp35.sys
F772B000 - viaagp1.sys
F78B3000 - RecAgent.sys
F720E000 - Mup.sys
F75D3000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7943000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F718B000 - \SystemRoot\system32\DRIVERS\vtmini.sys
F7177000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7105000 - \SystemRoot\system32\DRIVERS\ar5211.sys
F77A3000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F70E2000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F77AB000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F75E3000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F70B3000 - \SystemRoot\system32\DRIVERS\SynTP.sys
F79A3000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F77B3000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F77BB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F75F3000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7947000 - \SystemRoot\system32\drivers\pfc.sys
F77C3000 - \SystemRoot\system32\drivers\Afc.sys
F7603000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F7613000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7090000 - \SystemRoot\system32\DRIVERS\ks.sys
F6D16000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F6CF4000 - \SystemRoot\system32\drivers\portcls.sys
F7633000 - \SystemRoot\system32\drivers\drmk.sys
F6C84000 - \SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
F794F000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
F6C63000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
F77CB000 - \SystemRoot\System32\Drivers\Modem.SYS
F7B2A000 - \SystemRoot\system32\DRIVERS\audstub.sys
F7693000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7953000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6C4C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F76A3000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F76B3000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F77D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6C3B000 - \SystemRoot\system32\DRIVERS\psched.sys
F76C3000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F77DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F77E3000 - \SystemRoot\system32\DRIVERS\raspti.sys
F76D3000 - \SystemRoot\system32\DRIVERS\termdd.sys
F79A7000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6B42000 - \SystemRoot\system32\DRIVERS\update.sys
F795B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F796F000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F76F3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7533000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F79AF000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B96000 - \SystemRoot\System32\Drivers\Null.SYS
F79B1000 - \SystemRoot\System32\Drivers\Beep.SYS
F780B000 - \SystemRoot\System32\drivers\vga.sys
F79B3000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F79B5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7813000 - \SystemRoot\System32\Drivers\Msfs.SYS
F781B000 - \SystemRoot\System32\Drivers\Npfs.SYS
F798B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F59AC000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F5953000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F7543000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F592B000 - \SystemRoot\system32\DRIVERS\netbt.sys
F5909000 - \SystemRoot\System32\drivers\afd.sys
F7553000 - \SystemRoot\System32\Drivers\Fips.SYS
F58E8000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7563000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F7573000 - \SystemRoot\system32\drivers\lvusbsta.sys
F58B4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
F7583000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F71DE000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7593000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F7833000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F71DA000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F783B000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F5803000 - \SystemRoot\System32\Drivers\Udfs.SYS
F57EB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F79C9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F6B3A000 * ???????????????????????????????? --[Hidden]--
F7883000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7B03000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\vtdisp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F134F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F1135000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F0FA0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F7783000 - \SystemRoot\System32\drivers\aspi32.sys
F0F0F000 - \SystemRoot\System32\Drivers\HTTP.sys
F0E0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F0BDA000 - \SystemRoot\system32\drivers\wdmaud.sys
F0DBF000 - \SystemRoot\system32\drivers\sysaudio.sys
F79DD000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
F05EB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F050F000 - \SystemRoot\system32\drivers\kmixer.sys
F7BBB000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7 - Français
AnmanieSMP 2.4 i
Apple Software Update
Audacity 1.2.6
AutoUpdate
AV Voice Changer Software DIAMOND 4.0
avast! Antivirus
CCleaner (remove only)
CoPilot - Pocket PC 6
CoPilot PocketPC
Dealio Toolbar
Decoder Package Version 2.0 build 2104
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EasyCleaner
eMule
Free Bomb Factory Plug-Ins 7.3
Free Mp3 Wma Converter V 1.5.3
Google Earth
HijackThis 1.99.1
Hijackthis Version Française
InterLok Driver Kit
Java(TM) 6 Update 2
jetAudio Basic
Lecteur Windows Media 11
livebox
Logiciel QuickCam de Logitech
Logitech Desktop Messenger
Logitech Print Service
Macromedia Flash Player 8
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero BurnRights
Nero Suite
NeroVision Express Content
Programme de gestion Camera de Logitech®
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
Skype 2.5
Smart Link 56K Voice Modem
Synaptics Pointing Device Driver
VideoLAN VLC media player 0.8.6c
Webcamfirst 3.1.8
WebcamFirst Mail 1.1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Yahoo! Toolbar



Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\Program Files

04/01/2008 15:42 <REP> .
04/01/2008 15:42 <REP> ..
30/04/2007 19:55 <REP> Adobe
19/01/2004 19:31 <REP> Ahead
17/06/2007 19:30 <REP> Alwil Software
01/01/2007 15:49 <REP> AnmSMP
14/07/2007 17:26 <REP> Apple Software Update
01/03/2007 21:35 <REP> Audacity
29/02/2004 17:17 4 624 445 audacity.exe
18/11/2007 21:12 <REP> AV Vcs 4.0 DIAMOND
04/01/2008 15:43 <REP> CannaScripTV2
15/11/2006 20:52 <REP> CCleaner
30/04/2007 20:18 <REP> CoPilot
01/12/2006 00:01 <REP> Dealio
11/07/2007 14:56 <REP> DivX
30/12/2006 13:47 <REP> Emoticon
02/01/2008 13:19 <REP> eMule
24/07/2007 20:44 <REP> Fichiers communs
01/03/2007 19:49 <REP> Free Audio Pack
17/06/2007 23:30 <REP> Google
04/01/2008 17:05 <REP> Hijackthis Version Française
12/12/2007 03:12 <REP> Internet Explorer
15/07/2007 15:24 <REP> Java
05/12/2007 17:39 <REP> JetAudio
14/12/2006 12:09 <REP> Ligos
24/07/2007 20:44 <REP> Logitech
30/06/2007 16:29 <REP> Messenger Plus! Live
16/06/2007 09:45 <REP> Microsoft ActiveSync
10/05/2007 02:10 <REP> Microsoft CAPICOM 2.1.0.2
19/01/2004 18:24 <REP> microsoft frontpage
01/11/2006 13:54 <REP> Microsoft Office
19/01/2004 19:33 <REP> Microsoft Visual Studio
19/01/2004 18:20 <REP> Movie Maker
30/06/2007 11:48 <REP> MSN
19/01/2004 18:18 <REP> MSN Gaming Zone
02/01/2008 13:15 <REP> MSN Messenger
15/11/2006 15:56 <REP> MSXML 4.0
19/01/2004 18:21 <REP> NetMeeting
22/07/2007 10:16 <REP> Outlook Express
03/12/2006 23:27 <REP> PC Inspector Smart Recovery
02/11/2006 19:50 <REP> Qualcomm
14/07/2007 17:29 <REP> QuickTime
14/12/2006 21:24 <REP> RegCleaner
30/06/2007 11:47 <REP> Services en ligne
05/03/2007 14:58 <REP> Setup
31/10/2006 15:09 <REP> Skype
02/10/2007 14:42 <REP> Spybot - Search & Destroy
18/01/2007 18:09 <REP> StreamRipper32
19/01/2004 19:22 <REP> Synaptics
14/12/2006 21:20 <REP> ToniArts
31/10/2006 18:40 <REP> VideoLAN
28/06/2007 14:54 <REP> Wanadoo
11/07/2007 20:12 <REP> Webcamfirst
11/07/2007 20:33 <REP> WebcamFirst Mail
03/12/2006 23:03 <REP> Windows Desktop Search
30/06/2007 16:29 <REP> Windows Live
04/07/2007 17:58 <REP> Windows Live Toolbar
05/03/2007 20:51 <REP> Windows Media Connect 2
11/07/2007 13:54 <REP> Windows Media Player
19/01/2004 18:18 <REP> Windows NT
19/01/2004 18:24 <REP> xerox
30/11/2006 12:53 <REP> Yahoo!
1 fichier(s) 4 624 445 octets
61 Rép(s) 52 914 208 768 octets libres
Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\Program Files\fichiers communs

24/07/2007 20:44 <REP> .
24/07/2007 20:44 <REP> ..
30/11/2006 13:18 <REP> ACD Systems
19/01/2004 19:21 <REP> Adobe
19/01/2004 19:29 <REP> Ahead
25/09/2006 11:16 <REP> AOL
09/01/2007 22:07 <REP> COWON
22/07/2007 10:11 <REP> Digidesign
24/07/2007 20:44 <REP> FotoWire
30/06/2007 11:47 <REP> G DATA
30/10/2006 22:07 <REP> InstallShield
15/07/2007 15:22 <REP> Java
30/10/2006 17:58 <REP> Logitech
22/07/2007 10:16 <REP> Microsoft Shared
19/01/2004 18:20 <REP> MSSoap
28/09/2006 18:29 <REP> Nero
30/06/2007 11:47 <REP> ODBC
22/07/2007 10:16 <REP> PACE Anti-Piracy
30/06/2007 11:47 <REP> Screaming Bee
30/06/2007 11:47 <REP> Services
02/01/2008 02:04 <REP> Softwin
19/01/2004 19:13 <REP> SpeechEngines
30/06/2007 11:47 <REP> Symantec Shared
14/06/2007 02:15 <REP> System
02/07/2007 19:59 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
25 Rép(s) 52 914 204 672 octets libres
Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

01/11/2006 13:54 <REP> .
01/11/2006 13:54 <REP> ..
19/01/2004 19:33 <REP> 1033
01/11/2006 13:54 <REP> 1036
11/07/2003 10:15 1 292 872 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
4 fichier(s) 1 623 290 octets
4 Rép(s) 52 914 204 672 octets libres




c:\Documents and Settings\jérome Roussel\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\jérome Roussel\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\jérome Roussel\Default User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\Documents and Settings\jérome Roussel\Default User\Local Settings\Temporary Internet Files\Content.IE5\2VLJ51VD\WindowsUpdateAgent20-x86[1].exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\jérome Roussel\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\jérome Roussel\Application Data\Mozilla\Firefox\Profiles\4h8yl0jg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\jérome Roussel\Application Data\Mozilla\Firefox\Profiles\4h8yl0jg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JEROME.tar.gz a l'adresse http://upload.malekal.com
DiagHelp version v1.4 - http://www.malekal.com
excute le 04/01/2008 à 17:38:52,85


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->04/01/2008 17:38:30
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->04/01/2008 17:38:13
C:\WINDOWS\prefetch\SIGCHECK.EXE-0D595D24.pf -->04/01/2008 17:37:56
C:\WINDOWS\prefetch\GREP.EXE-1E51A37E.pf -->04/01/2008 17:37:56
C:\WINDOWS\prefetch\LFILES.EXE-22F72A9E.pf -->04/01/2008 17:36:26
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->04/01/2008 17:35:24
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->04/01/2008 17:34:19
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->04/01/2008 17:24:35
C:\WINDOWS\prefetch\ASHCHEST.EXE-0FED8209.pf -->04/01/2008 17:22:04
C:\WINDOWS\prefetch\ASHSIMPL.EXE-14F851AB.pf -->04/01/2008 17:21:45

C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
C:\WINDOWS\System32\drivers\PxHelp20.sys -->02/07/2007 20:41:10

C:\WINDOWS\System32\wpa.dbl -->03/01/2008 18:41:17
C:\WINDOWS\System32\CONFIG.NT -->02/01/2008 01:56:38
C:\WINDOWS\System32\lvcoinst.log -->15/12/2007 14:58:29
C:\WINDOWS\System32\TZLog.log -->12/12/2007 03:02:45
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfh009.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 16:20:00
C:\WINDOWS\System32\perfc009.dat -->31/10/2007 16:19:59
C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 16:19:58
C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\url.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\occache.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\mstime.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\msrating.dll -->11/10/2007 00:49:44

C:\WINDOWS\WindowsUpdate.log -->04/01/2008 16:00:01
C:\WINDOWS\wiaservc.log -->04/01/2008 15:59:58
C:\WINDOWS\wiadebug.log -->04/01/2008 15:59:58
C:\WINDOWS\NeroDigital.ini -->04/01/2008 15:59:52
C:\WINDOWS\SchedLgU.Txt -->03/01/2008 15:58:27
C:\WINDOWS\win.ini -->02/01/2008 02:04:02
C:\WINDOWS\QTFont.qfn -->23/12/2007 00:16:24
C:\WINDOWS\Sti_Trace.log -->02/10/2007 21:08:57
C:\WINDOWS\system.ini -->02/10/2007 18:19:20
C:\WINDOWS\QTFont.for -->01/08/2007 22:53:14
C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe -->24/07/2007 20:37:43
C:\WINDOWS\StreamRipper32.INI -->14/07/2007 17:20:15
C:\WINDOWS\sripper.ini -->14/07/2007 17:20:15
C:\WINDOWS\ODBC.INI -->10/07/2007 20:43:30
C:\WINDOWS\ODBCINST.INI -->10/07/2007 20:38:33

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Unsigned
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1848
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x173000 1.01.0000.0006 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x01540000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02d80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x022a0000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x028b0000 0x28000 6.00.0000.9606 C:\Program Files\JetAudio\JetFlExt.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01b80000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x028e0000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll
0x780c0000 0x61000 6.05.2144.0000 C:\Program Files\Windows Desktop Search\msvcp60.dll
0x02410000 0x3000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui
0x02790000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 456
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01110000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 52 932 386 816 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\WINDOWS\Downloaded Program Files

15/07/2007 15:25 <REP> .
15/07/2007 15:25 <REP> ..
13/08/2007 21:53 <REP> CONFLICT.1
19/01/2004 18:22 65 desktop.ini
07/06/2006 11:09 1 249 erma.inf
10/04/2000 17:12 1 765 fhg.inf
22/11/2006 23:22 372 736 GAME_UNO1.dll
22/11/2006 20:50 316 GAME_UNO1.INF
12/07/2007 03:22 1 055 jinstall-6u2.inf
11/02/2007 22:27 490 Medialogic.INF
29/05/2003 15:00 160 864 messengerstatsclient.dll
22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
29/05/2003 15:00 84 064 minesweeper.dll
29/05/2003 15:00 77 408 msgrchkr.dll
04/12/2006 15:16 144 QTPlugin.inf
09/11/2006 14:36 5 019 swflash.inf
18/07/2006 14:35 151 080 ZIntro.ocx
15 fichier(s) 1 161 961 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

13/08/2007 21:53 <REP> .
13/08/2007 21:53 <REP> ..
28/02/2007 13:21 130 472 MineSweeper.dll
28/02/2007 13:21 131 472 msgrchkr.dll
2 fichier(s) 261 944 octets

Total des fichiers listés :
17 fichier(s) 1 423 905 octets
5 Rép(s) 52 932 382 720 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe"="C:\\DOCUME~1\\JROMER~1\\LOCALS~1\\Temp\\26exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe"="C:\\Documents and Settings\\jérome Roussel\\Local Settings\\Temporary Internet Files\\Content.IE5\\PQ5UGGWI\\Dames[1].exe:*:Enabled:Application MFC Dames"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 17:39:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940246ce]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a940246ce]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="FA594A44D42F338F1C3B4B58B88412283B0BA01E46AE5405988EE60FABCD072EFD3EA23674C7754872AE9CA89AF4A8903E83878A81D834EE3EEA7A2422ECD8118AB6368BA57A781B68FB425C3B87D166124851F6C34E90CBC95DFAE0D04A350A3BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D31C71407405A148EA60C44C3E617FD548D5B468038A399F90D85587E7F6B36D06C0D69FA67D10F77D0E6F0AA7F112946167854085CEC4277AB77DE6EBF2FC9B68A92C503D17D7AEFB4E4C1796CF46CF6CC42339AF71ECD78B34EDA9FD3AA1A40BB679C654F89EC4FEBDA5B6137C3DF3D557158F2ECAD766FF045B27E17EA219B14ECE5D9D5B8449E737065080C14611F34923D47C229BC8092EFD16B8B0F9DAB8CDA9D8F7DDEA020AB200C883F11925A5508DF3D242DDE07ABB2263B534C9287813C43A40466E4C65CBB0270C57857DF0705C07060EEE60F34C6A2B3376949F6336FD93149CBB8B8ACE57B41B99CD8537A14E6EE69359CDA883CBE122245CA7BC5276A3B53218BD22A96B0F058E2058D468F5CBC56DA0E5FE5F3738625CD6647C2EA7EC2C98B092448995CEA04C78D9AE5A8AC5162CE0EC570A2C0B57309AFBF15942836FB43A9F0DA0EC28BC2D6663CB7666A95EC15B36D31D2A835E40EFD7F0E5378FB5716A2AF1B692627BD3449E5FC1F2D6AF746D7661162B19375886CD4612A896DF3E5F00C27F15080C41533C0DC810BA3AB0A19766182E65046BA5AC3A8EF76D688A7D4E500C30DD4C7C46529E20DA585D023D897D43AD65F19F66A805FCD5DF873E453D00C4F2CCFDCA0652F7A969A4D58E3BE76026294A7D72804F865C4620AB4B9339413D785153F9BFB9778C613A9D43233F4E5A936068C4752488027AFB1F0D800ACC275ED39CA3C355B121C363C7B0BE5A85F0FD54BE8E64443581AEC8DF1870DC62E924547041CE3A663E4B21EA97CC8DB316C133ABE2A0EEE799ACDAEA41D6AC8C870E93D0EE91D5968473A58DC2B110B03E8110B884A25075476039A1909744A6DA2410C35E6390A853C03EB384D3A68E082F4E96092C479BCCFC4C9054CC3945711B41CE56AD5FE0090C5CA82AD0159398B6A7706E36D68EB1E4FA9C0FA3A292B7730C4B2DE54B50364C05B27AC68F6DFA9A048DEB262AAFD2CE21B493F7BBBEA6424555142D8DE9CACB479343DB58E8C57C862718729CBF298C172BF56703203BC06109BA6CCDE3EB1E774DD6774A2DA6199C26A7D8E88B0D633F8E99144293F38CD2B8F325ECD4091250F794571684969CED99945A0547D2C06ECAED4686F516278CFCE207E78DB3C387F820640C83B66270C72A333D686B486FD9B9C0F0A4E1C071C1FBD61"

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
224 - LVCOMSX.EXE
296 - ashDisp.exe
432 - csrss.exe
456 - winlogon.exe
500 - services.exe
512 - lsass.exe
660 - svchost.exe
716 - svchost.exe
752 - svchost.exe
788 - svchost.exe
840 - svchost.exe
904 - svchost.exe
1120 - ashServ.exe
1376 - cmd.exe
1444 - MDM.EXE
1480 - slmdmsr.exe
1788 - ashMaiSv.exe
1804 - ashWebSv.exe
1848 - explorer.exe
1980 - alg.exe
2488 - msnmsgr.exe
3176 - iexplore.exe
3640 - usnsvc.exe

Total number of processes = 24
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806ED000 - \WINDOWS\system32\hal.dll
F7993000 - \WINDOWS\system32\KDCOM.DLL
F78A3000 - \WINDOWS\system32\BOOTVID.dll
F7443000 - ACPI.sys
F7995000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7432000 - pci.sys
F7493000 - isapnp.sys
F78A7000 - compbatt.sys
F78AB000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7997000 - viaide.sys
F7713000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7414000 - pcmcia.sys
F74A3000 - MountMgr.sys
F73F5000 - ftdisk.sys
F78AF000 - ACPIEC.sys
F7A5B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F771B000 - PartMgr.sys
F74B3000 - VolSnap.sys
F73DD000 - atapi.sys
F7368000 - iaStor.sys
F7723000 - SiSRaid2.sys
F7350000 - \WINDOWS\system32\drivers\SCSIPORT.SYS
F74C3000 - viamraid.sys
F74D3000 - disk.sys
F74E3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7330000 - fltMgr.sys
F731E000 - sr.sys
F74F3000 - PxHelp20.sys
F730C000 - TPkd.sys
F72F5000 - KSecDD.sys
F72E2000 - WudfPf.sys
F7255000 - Ntfs.sys
F7228000 - NDIS.sys
F7503000 - uagp35.sys
F772B000 - viaagp1.sys
F78B3000 - RecAgent.sys
F720E000 - Mup.sys
F75D3000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7943000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F718B000 - \SystemRoot\system32\DRIVERS\vtmini.sys
F7177000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7105000 - \SystemRoot\system32\DRIVERS\ar5211.sys
F77A3000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F70E2000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F77AB000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F75E3000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F70B3000 - \SystemRoot\system32\DRIVERS\SynTP.sys
F79A3000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F77B3000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F77BB000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F75F3000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7947000 - \SystemRoot\system32\drivers\pfc.sys
F77C3000 - \SystemRoot\system32\drivers\Afc.sys
F7603000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F7613000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7090000 - \SystemRoot\system32\DRIVERS\ks.sys
F6D16000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F6CF4000 - \SystemRoot\system32\drivers\portcls.sys
F7633000 - \SystemRoot\system32\drivers\drmk.sys
F6C84000 - \SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
F794F000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
F6C63000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
F77CB000 - \SystemRoot\System32\Drivers\Modem.SYS
F7B2A000 - \SystemRoot\system32\DRIVERS\audstub.sys
F7693000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7953000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6C4C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F76A3000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F76B3000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F77D3000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6C3B000 - \SystemRoot\system32\DRIVERS\psched.sys
F76C3000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F77DB000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F77E3000 - \SystemRoot\system32\DRIVERS\raspti.sys
F76D3000 - \SystemRoot\system32\DRIVERS\termdd.sys
F79A7000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6B42000 - \SystemRoot\system32\DRIVERS\update.sys
F795B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F796F000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F76F3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7533000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F79AF000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B96000 - \SystemRoot\System32\Drivers\Null.SYS
F79B1000 - \SystemRoot\System32\Drivers\Beep.SYS
F780B000 - \SystemRoot\System32\drivers\vga.sys
F79B3000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F79B5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7813000 - \SystemRoot\System32\Drivers\Msfs.SYS
F781B000 - \SystemRoot\System32\Drivers\Npfs.SYS
F798B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F59AC000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F5953000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F7543000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F592B000 - \SystemRoot\system32\DRIVERS\netbt.sys
F5909000 - \SystemRoot\System32\drivers\afd.sys
F7553000 - \SystemRoot\System32\Drivers\Fips.SYS
F58E8000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7563000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F7573000 - \SystemRoot\system32\drivers\lvusbsta.sys
F58B4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
F7583000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F71DE000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7593000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F7833000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F71DA000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F783B000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F5803000 - \SystemRoot\System32\Drivers\Udfs.SYS
F57EB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F79C9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F6B3A000 * ???????????????????????????????? --[Hidden]--
F7883000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7B03000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\vtdisp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F134F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F1135000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F0FA0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F7783000 - \SystemRoot\System32\drivers\aspi32.sys
F0F0F000 - \SystemRoot\System32\Drivers\HTTP.sys
F0E0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F0BDA000 - \SystemRoot\system32\drivers\wdmaud.sys
F0DBF000 - \SystemRoot\system32\drivers\sysaudio.sys
F79DD000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
F05EB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F050F000 - \SystemRoot\system32\drivers\kmixer.sys
F7BBB000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7 - Français
AnmanieSMP 2.4 i
Apple Software Update
Audacity 1.2.6
AutoUpdate
AV Voice Changer Software DIAMOND 4.0
avast! Antivirus
CCleaner (remove only)
CoPilot - Pocket PC 6
CoPilot PocketPC
Dealio Toolbar
Decoder Package Version 2.0 build 2104
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EasyCleaner
eMule
Free Bomb Factory Plug-Ins 7.3
Free Mp3 Wma Converter V 1.5.3
Google Earth
HijackThis 1.99.1
Hijackthis Version Française
InterLok Driver Kit
Java(TM) 6 Update 2
jetAudio Basic
Lecteur Windows Media 11
livebox
Logiciel QuickCam de Logitech
Logitech Desktop Messenger
Logitech Print Service
Macromedia Flash Player 8
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero BurnRights
Nero Suite
NeroVision Express Content
Programme de gestion Camera de Logitech®
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
Skype 2.5
Smart Link 56K Voice Modem
Synaptics Pointing Device Driver
VideoLAN VLC media player 0.8.6c
Webcamfirst 3.1.8
WebcamFirst Mail 1.1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Yahoo! Toolbar



Le volume dans le lecteur C s'appelle N01050
Le numéro de série du volume est 14D2-4588

Répertoire de C:\Program Files

04/01/2008 15:42 <REP> .
04/01/2008 15:42 <REP> ..
30/04/2007 19:55 <REP> Adobe
19/01/2004 19:31 <REP> Ahead
17/06/2007 19:30 <REP> Alwil Software
01/01/2007 15:49 <REP> AnmSMP
14/07/2007 17:26 <REP> Apple Software Update
01/03/2007 21:35 <REP> Audacity
29/02/2004 17:17 4 624 445 audacity.exe
18/11/2007 21:12 <REP> AV Vcs 4.0 DIAMOND
04/01/2008 15:43 <REP> CannaScripTV2
15/11/2006 20:52 <REP> CCleaner
30/04/2007 20:18 <REP> CoPilot
01/12/2006 00:01 <REP> Dealio
11/07/2007 14:56 <REP> DivX
30/12/2006 13:47 <REP> Emoticon
02/01/2008 13:19 <REP> eMule
24
0
Réponse 8 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 19:24
il n'est visiblement pas complet

poste le en plusieurs fois
0
Réponse 9 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 19:30
re

quelque chose me chiffonne, j'aimerais ceci également stp

Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

je serais là après diner
0
Réponse 10 / 33
Utilisateur anonyme
4 janv. 2008 à 23:21
re aussi dsl mais tu ne ma pas donné le lien pour le telechargé
0
Réponse 11 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 janv. 2008 à 23:30
oui c'est vrai excuse
le voici
http://www.kztechs.com/eng/download.html
0
Réponse 12 / 33
Utilisateur anonyme
4 janv. 2008 à 23:38
je le fait merci
0
Réponse 13 / 33
Utilisateur anonyme
4 janv. 2008 à 23:46
VOILA par contre depuis que le scan a commencé jai une fenetre en bas a droite qui reste ouvert et il dise
2007/12/25 virus aleart!dont't
open christmas-2007 .zip file from
msn messager if you received it
from your friends
christmas-2007.zip is a virus




[CODE]

2008-01-04,23:40:50

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<LogitechSoftwareUpdate><"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE> [Logitech Inc.]
<LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}><> [N/A]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser> [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
[SmartLinkService / SLService][Running/Auto Start]
<slmdmsr.exe><>

==================================
Drivers
[PPdus ASPI Shell / Afc][Running/Manual Start]
<system32\drivers\Afc.sys><Arcsoft, Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Atheros Wireless Network Adapter Service / AR5211][Running/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[Aspi32 / Aspi32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[DSDrv4 / DSDrv4][Stopped/Manual Start]
<\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys><N/A>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Stopped/Manual Start]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[iaStor / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
<system32\drivers\lvusbsta.sys><Logitech Inc.>
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
<system32\DRIVERS\SLDRV\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
<system32\DRIVERS\SLDRV\Mtlstrm.sys><>
[Webcam Deluxe / ovt530][Stopped/Manual Start]
<System32\Drivers\ov530vid.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Logitech QuickCam Express(PID_0928) / PID_0928][Running/Manual Start]
<system32\DRIVERS\LV561AV.SYS><Logitech Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RecAgent / RecAgent][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SLDRV\RecAgent.sys><>
[Screaming Bee Audio / SCREAMINGBDRIVER][Stopped/Manual Start]
<system32\drivers\ScreamingBAudio.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiSRaid2 / SiSRaid2][Running/Boot Start]
<\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
<system32\DRIVERS\SLDRV\slntamr.sys><>
[SlNtHal / SlNtHal][Stopped/Manual Start]
<system32\DRIVERS\SLDRV\Slnthal.sys><>
[SlWdmSup / SlWdmSup][Running/Manual Start]
<system32\DRIVERS\SLDRV\SlWdmSup.sys><>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\drivers\viamraid.sys><VIA Technologies inc,.ltd>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[dsWebAllowBHO Class]
{2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
[DealioBHO Class]
{6A87B991-A31F-4130-AE72-6D0C294BF082} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Dealio]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Checkers Class]
{00B71CFB-6864-4346-A978-C0A14556272C} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, Microsoft Corporation>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Checkers Class]
{20A60F0D-9AFA-4515-A0FD-83BD84642501} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll, Microsoft Corporation>
[CMediaMix Object]
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} <C:\WINDOWS\system32\MediaLogic.dll, Microsoft Corp.>
[Minesweeper Flags Class]
{2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[UnoCtrl Class]
{5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[ZoneIntro Class]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, Microsoft Corporation>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Minesweeper Flags Class]
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MineSweeper.dll, Microsoft Corporation>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[dsWebAllowBHO Class]
{2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DealioBHO Class]
{6A87B991-A31F-4130-AE72-6D0C294BF082} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Skype Detection Object]
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[Dealio]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} <C:\Program Files\Dealio\kb100\Dealio.dll, Vendio Services, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[JScript Language]
{F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <c:\windows\system32\jscript.dll, Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[Compare Prices with &Dealio]
<C:\Program Files\Dealio\kb100\res\DealioSearch.html, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 376 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 456 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2508 (xpsp.040806-1825)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 512 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 840 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1072 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
[PID: 1120 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1043, 0]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1380 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 1480 / SYSTEM][C:\WINDOWS\system32\slmdmsr.exe] [ , 4.20.01]
[PID: 1544 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1788 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1038, 0]
[PID: 1804 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1043, 0]
[PID: 1980 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1848 / jérome Roussel][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.0.6]
[C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\JetAudio\JetFlExt.dll] [JetAudio, Inc., 6, 0, 0, 9606]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\Program Files\Windows Desktop Search\dsWebAllow.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\msvcp60.dll] [Microsoft Corporation, 6.05.2144.0]
[C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[PID: 204 / jérome Roussel][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 224 / jérome Roussel][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.7.1036]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
[PID: 232 / jérome Roussel][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.7.1034]
[C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.7.1034]
[C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.7.1034]
[C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.7.1034]
[C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020]
[C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
[C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034]
[PID: 296 / jérome Roussel][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1038, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1043, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1043, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1043, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1043, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1043, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1043, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Alwil Software\Avast4\AavmGuih.dll] [ALWIL Software, 4, 7, 1043, 0]
[PID: 320 / jérome Roussel][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / jérome Roussel][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.7.1034]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036]
[C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034]
[PID: 3176 / jérome Roussel][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] [Yahoo! Inc., 2006, 6, 6, 1]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Windows Desktop Search\dsWebAllow.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\msvcp60.dll] [Microsoft Corporation, 6.05.2144.0]
[C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Dealio\kb100\Dealio.dll] [Vendio Services, Inc., 2, 1, 0, 0]
[C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.249.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.249.1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll] [Yahoo! Inc., 2006.1.25.01]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll] [Yahoo!, Inc., 2006, 4, 26, 1]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 2488 / jérome Roussel][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3640 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[PID: 2144 / jérome Roussel][C:\Documents and Settings\jérome Roussel\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Documents and Settings\jérome Roussel\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 224, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 232, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1008, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 2144, C:\DOCUMENTS AND SETTINGS\JÉROME ROUSSEL\BUREAU\SRENG2\SRENGPS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2144, C:\DOCUMENTS AND SETTINGS\JÉROME ROUSSEL\BUREAU\SRENG2\SRENGPS.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]
0
Réponse 14 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
5 janv. 2008 à 00:10
je n'ai pas relu je viens juste de voir ton message, a t on utiliser MSNFIX ?

si non

* Télécharge MSNFix.zip (de !aur3n7) sur ton bureau
http://sosvirus.changelog.fr/MSNFix.zip

* Dézippe-le en faisant un clic droit puis extraire ici.
* Double-clique sur MSNfix.bat.* Choisis l'option R. Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
* Le rapport est enregistré dans le même dossier que MSNfix (date.txt). Copie-colle son contenu dans ta prochaine réponse.

------
Si un virus est détecté, il vous sera alors demandé de nettoyer l'ordinateur.
Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.

Si votre barre "Démarrer" ne s'affiche toujours pas, il suffit de faire
Ctrl + Alt + Suppr sous Windows XP
Ctrl + Maj + Echap sous Windows Vista
pour ouvrir le Gestionnaire de tâches Windows.

Faites ensuite "Fichier" puis "Nouvelle tâche" et entrez explorer.exe dans la fenêtre qui apparait et finissez par "OK".
N'oubliez pas de redémarrer votre ordinateur pour achever le nettoyage !

je vais regarder tes rapports
0
Réponse 15 / 33
Utilisateur anonyme
5 janv. 2008 à 00:22
VOILA jai ca
MSNFix 1.618

C:\Documents and Settings\j‚rome Roussel\Bureau\MSNFix\MSNFix
Fix exécuté le 05/01/2008 - 0:15:20,62 By j‚rome Roussel
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\




************************ Suppression des fichiers



************************ Suppression des dossiers

.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\PROGRA~1\audacity.exe] 378DF653A01A0AD641F6A9D2580E435F

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\JROMER~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05012008_ 0174162.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

jai jste nettoyé la cest tout mon ordi na pas redemaré
0
Réponse 16 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
5 janv. 2008 à 00:29
OK

Connais tu
[C:\PROGRAMES FILES\audacity.exe

fait le analyser sur VIRUS TOTAL et poste le rapport généré ensuite stp
http://www.virustotal.com/en/indexf.html

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

ensuite upload
C:\DOCUMENTS & SETTING\JROMER~1\Bureau\Upload_Me.zip
ICI

http://upload.changelog.fr

et dans l'immédiat fait ceci :
* Fait un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

0
Réponse 17 / 33
Utilisateur anonyme
5 janv. 2008 à 00:35
VOICI deja le premier scan


Fichier audacity.exe reçu le 2007.04.10 13:00:27 (CET)
Situation actuelle: terminé

Résultat: 2/31 (6.45%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - No threat detected
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 7d821ff8789bf6f5cb1ed8755e647770
0
Réponse 18 / 33
Utilisateur anonyme
5 janv. 2008 à 00:38
je nai pas compris ca par contre dsl
0
Réponse 19 / 33
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
5 janv. 2008 à 00:40
pas compris quoi ? la dernière manip ? c'était pour faire analyser unfichier par plusieurs antivirus et voir ce qu'ils en disent.
apparemment Panda réagit mais c'set tout.

tu sais à quoi il correspond cet exe ?
0
Réponse 20 / 33
Utilisateur anonyme
5 janv. 2008 à 00:42
cest en cour avec bit defender online
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses