Virus msn "C'est toi!!??"

Résolu/Fermé

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 - 22 janv. 2008 à 21:41
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 16 févr. 2008 à 00:02

Bonjour à tous,

j'ai lu le topic où Herri avait le même problème que moi c'est à dire le virus msn qui dit "C'est toi?!". Du coup j'ai fais un SDFIx rapport que voici :

SDFix: Version 1.130

Run by dior on 22/01/2008 at 20:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
runtime

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\drivers\runtime.sys

ldrsvc - Deleted
runtime - Deleted

Infected ip6fw.sys Found!

ip6fw.sys File Locations:

"C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 05/08/2004 19:00
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 05/08/2004 19:00

Infected File Listed Below:

C:\WINDOWS\system32\drivers\ip6fw.sys

File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...

Original ip6fw.sys Restored

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\-10025~1 - Deleted
C:\TUWWP.EXE - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\dior\LOCALS~1\Temp\services.exe - Deleted

Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 21:10:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009a
"TracesSuccessful"=dword:00000003

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 52

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"
"C:\\Documents and Settings\\dior\\Local Settings\\Temporary Internet Files\\Content.IE5\\2QOBTNID\\incredimail_install[1].exe"="C:\\Documents and Settings\\dior\\Local Settings\\Temporary Internet Files\\Content.IE5\\2QOBTNID\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\dior\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\dior\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Disabled:edonkey2000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\\Program Files\\OrangeHSS\\Browser\\Browser.exe"="C:\\Program Files\\OrangeHSS\\Browser\\Browser.exe:*:Disabled:Browser"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\DOCUME~1\\dior\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\dior\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\Program Files\Helper\superfindout.dll Found

File Backups: - C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Jun 2006 218 A.SHR --- "C:\BOOT.BAK"
Sat 1 Apr 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 25 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Jun 2001 1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITED.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Mon 22 Jan 2007 19,968 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0003.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3618.tmp"
Mon 22 Jan 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CV + LETTRE MOTIVATION\~WRL0001.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"

Finished!

De plus, mon pare-feu se desactive tout seul, je le remets sans cesse. mais le pare feu qu'il m'indique je l'ai désinstallé (mal je pense) il y a un moment...

Help me please :)

A voir également:

Virus msn "C'est toi!!??"
Msn - Télécharger - Messagerie
Svchost.exe virus - Guide
Msn actu - Télécharger - Médias et Actualité
Youtu.be virus - Guide
Msn hotmail - Forum Hotmail / Outlook.com

159 réponses

Réponse 61 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
26 janv. 2008 à 20:31

Coucou !

Voici le rapport :

SDFix: Version 1.131

Run by dior on 2008-01-26 at 20:12

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\dior\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
astq
ztx86

Path:
\??\C:\WINDOWS\system32\drivers\astq.tga
\??\C:\WINDOWS\system32\ztx86.sys

astq - Deleted
ztx86 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\astq.tga - Deleted
C:\WINDOWS\system32\ztx86.sys - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 20:23:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a0
"TracesSuccessful"=dword:00000006

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 52

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"="C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe:*:Enabled:avast! Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\dior\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Jun 2006 218 A.SHR --- "C:\BOOT.BAK"
Sat 1 Apr 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 25 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Jun 2001 1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITED.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Mon 22 Jan 2007 19,968 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0003.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3618.tmp"
Mon 22 Jan 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CV + LETTRE MOTIVATION\~WRL0001.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"

Finished!

Réponse 62 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 janv. 2008 à 16:58

salut Helpmei34

super, sdfix a bien bossé ,-)

peux tu reposter un nouveau comboscan stp

@+

Réponse 63 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 21:10

Hello !

Le voici :

Deckard's System Scanner v20071014.68
Run by dior on 2008-01-27 21:07:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as dior.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dior\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dior.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Réponse 64 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 janv. 2008 à 21:34

re,

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note: regedit4 est dur la premiere page et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
post un rapport hijack this apres l´avoir fait
@+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 21:45

Re,

Hitjack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Réponse 66 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 janv. 2008 à 21:51

re,

1/ Télécharge Icesword ici : https://www.majorgeeks.com/
Extrais l'archive Icesword sur ton bureau, puis, dans ce dossier, double-clique sur icesword.exe

Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}

dis moi quoi

@+

Réponse 67 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 21:53

Le lien ne fonctionne plus...

Réponse 68 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 21:57

Je l'ai trouvé sur telecharger.com

Réponse 69 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 janv. 2008 à 22:01

Réponse 70 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 22:03

J'ai "refresh" pas "delete"...

Réponse 71 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 janv. 2008 à 22:05

essaie refresh et apres delete

Réponse 72 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 22:07

J'ai pas de "delete" même aprsè avoir cliquer plusierus fois sur "refresh"

Réponse 73 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 22:31

Ca ne fonctionne pas..

Réponse 74 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
27 janv. 2008 à 22:48

G!rly ?

Réponse 75 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
28 janv. 2008 à 16:02

salut helpmei,

j´ai du m´absenter hier, desolé...

peux tu poster un rapport de sreng stp

double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse

Attention, le scan sera peut être trop long pour un seul message. Il faudra dans ce cas scinder le rapport en deux.

@+

Réponse 76 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
28 janv. 2008 à 18:41

Salut G!rly !

Voici le Sreng:

[CODE]

2008-01-28,18:39:29

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<Free Download Manager><C:\Program Files\Free Download Manager\fdm.exe -autorun> [N/A]
<PopUpStopperFreeEdition><"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"> [Panicware, Inc.]
<ares><"C:\Program Files\Ares\Ares.exe" -h> [Ares Development Group]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe> [Sun Microsystems, Inc.]
<hpsysdrv><c:\windows\system\hpsysdrv.exe> [Hewlett-Packard Company]
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<AlcxMonitor><ALCXMNTR.EXE> [(Verified)Microsoft Windows Publisher]
<HPHUPD08><c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe> [Hewlett-Packard]
<KBD><C:\HP\KBD\KBD.EXE> [Hewlett-Packard Company]
<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE> []
<PCDrProfiler><> [N/A]
<PS2><C:\WINDOWS\system32\ps2.exe> [(Verified)Microsoft Windows Publisher]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPwuSchd2.exe> [Hewlett-Packard Co.]
<LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE> [Logitech Inc.]
<LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.]
<LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent> [(Verified)Microsoft Windows Publisher]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SystrayORAHSS><"C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"> [N/A]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
<N/A><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\AVASTSS.scr> [(Verified)ALWIL Software]

==================================
Startup Folders
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk --> C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [ ]><N>
[Windows Desktop Search]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk --> C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [Microsoft Corporation]><N>
[Pin]
<C:\Documents and Settings\dior\Menu Démarrer\Programmes\Démarrage\Pin.lnk --> C:\hp\bin\cloaker.exe [Hewlett-Packard Co.]><N>

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ares Chatroom server / AresChatServer][Stopped/Manual Start]
<C:\Program Files\Ares\chatServer.exe><Ares Development Group>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
<"C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"><France Telecom SA>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Boot Start]
<\SystemRoot\C:\WINDOWS\system32\HPZipm12.exe><N/A>
[Sunbelt Personal Firewall 4 / SPF4][Running/Auto Start]
<"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"><Sunbelt Software>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\dior\LOCALS~1\Temp\catchme.sys><N/A>
[Firewall Driver / fwdrv][Running/System Start]
<\SystemRoot\system32\drivers\fwdrv.sys><Sunbelt Software>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[Pilote de processeur Intel / intelppm][Stopped/System Start]
<system32\DRIVERS\intelppm.sys><N/A>
[Kerio HIPS Driver / khips][Running/System Start]
<\SystemRoot\system32\drivers\khips.sys><Sunbelt Software>
[LT Modem Driver / ltmodem5][Stopped/Manual Start]
<system32\DRIVERS\ltmdmnt.sys><LT>
[Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
<system32\drivers\lvusbsta.sys><Logitech Inc.>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Volume Adapter / pepifilter][Running/Manual Start]
<system32\DRIVERS\lv302af.sys><Logitech Inc.>
[QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start]
<system32\DRIVERS\LV302AV.SYS><Logitech Inc.>
[Ps2 / Ps2][Running/Manual Start]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SAGEM 802.11g XG760 1211 Driver / SG760_XP][Running/Manual Start]
<system32\DRIVERS\WlanUZXP.sys><ZyDAS Technology Corporation>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ZDCndis5.SYS><N/A>
[ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ZDPNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
Browser Add-ons
[]
{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} <C:\WINDOWS\system32\iphttphl4.dll, N/A>
[Java Plug-in 1.5.0_05]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[BlogThisToolbarButton Class]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, Microsoft Corporation>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Aide à la connexion]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, N/A>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_05]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_05]
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Microsoft Office Template and Media Control]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL, >
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~3\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Windows Desktop Search Combo Control]
{4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, Microsoft Corporation>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, N/A>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_05]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Helper Class]
{BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Contrôle de l'Assistant de connexion Windows Live]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[NameCtrl Class]
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\OFFICE11\NAME.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[Runclose Control]
{F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\system32\runclose.ocx, Hewlett-Packard Company>
[JScript Language]
{F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\WINDOWS\system32\jscript.dll, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[]
{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} <C:\WINDOWS\system32\iphttphl4.dll, N/A>
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 784 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1108 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1404 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1456 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1788 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft, 7,0,2,6]
[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft, 7,0,2,6]
[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 2, 6]
[PID: 1804 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1856 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 240 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.001]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
[PID: 436 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468 / SYSTEM][C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe] [France Telecom SA, 12.1.42.48 ]
[C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll] [France Telecom SA, 12.1.42.48 ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[PID: 568 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe] [Sunbelt Software, 4.5.916.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\kfe.dll] [Sunbelt Software, 4.3.182.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\curllib.dll] [The cURL library, https://curl.se/ 7.15.2]
[C:\Program Files\Sunbelt Software\Personal Firewall\kwsapi.dll] [Sunbelt Software, 4.3.182.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\mssrch.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\propdefs.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\XmlLite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\WINDOWS\system32\fr-fr\tQuery.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\msscb.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[PID: 1668 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[PID: 540 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1288 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2128 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3020 / dior][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 3132 / dior][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Windows Desktop Search\deskbar.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\fr-fr\dbres.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\dbres.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\wordwheel.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[C:\Program Files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\msnlExtRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\WINDOWS\system32\LQCUI2.dll] [Logitech Inc., 8.4.6.1012]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[PID: 3196 / dior][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ]
[C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[PID: 3956 / dior][C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.50.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 3968 / dior][C:\windows\system\hpsysdrv.exe] [Hewlett-Packard Company, 1, 7, 0, 0]
[PID: 3976 / dior][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5166]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5166]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5166]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5166]
[PID: 3992 / dior][C:\WINDOWS\ALCXMNTR.EXE] [Realtek Semiconductor Corp., 1.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4040 / dior][C:\HP\KBD\KBD.EXE] [Hewlett-Packard Company, 1.0.2.2.20205]
[C:\HP\KBD\led.dll] [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\USB.dll] [Hewlett-Packard Company, 1.0.2.2.071205]
[C:\HP\KBD\ps2.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\msg.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\osd.dll] [Hewlett-Packard Company, 1.0.2.2.071105]
[C:\HP\KBD\sct.dll] [Hewlett-Packard Company, 1.0.2.2.32205]
[C:\HP\KBD\onl.dll] [Hewlett-Packard Company, 1.0.2.2.052705]
[C:\HP\KBD\aol.dll] [Hewlett-Packard Company, 1.0.2.2.071105]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\HP\KBD\url.dll] [Hewlett-Packard Company, 1.0.2.2.071105]
[C:\HP\KBD\cfg.dll] [Hewlett-Packard Company, 1.0.2.1]
[C:\HP\KBD\MSIKBDIF.DLL] [Hewlett-Packard Company, 1.0.2.0]
[PID: 2152 / dior][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000]
[PID: 2192 / dior][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092]
[PID: 2212 / dior][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.6.1012]
[C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.6.1012]
[C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.6.1012]
[C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.6.1012]
[C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020]
[C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092]
[C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012]
[PID: 2244 / dior][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[PID: 2284 / dior][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2296 / dior][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.3]
[PID: 2436 / dior][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2444 / dior][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.6.1012]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092]
[C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092]
[C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012]
[PID: 2464 / dior][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / dior][C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe] [Panicware, Inc., 3, 1, 0, 1014]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psie6.dll] [Panicware, 1, 0, 0, 1002]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XA\pswmsg.dll] [Panicware, 1, 0, 0, 1003]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psgain3.dll] [Panicware, 1, 0, 0, 1003]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns7.dll] [Panicware, 1, 0, 0, 1004]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns4.dll] [Panicware, 1, 0, 0, 1004]
[PID: 1208 / dior][C:\Program Files\Ares\Ares.exe] [Ares Development Group, 2.0.9.3030]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\amstream.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[C:\WINDOWS\system32\MSCOREE.DLL] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\Program Files\HP\Digital Imaging\bin\LCodcCMP.dll] [LEAD Technologies, Inc., 1.0.0.021]
[C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.6.1016]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4DSF.dll] [, 0.0.0.0]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\Pal.dll] [InterObject Ltd., 0, 0, 22, 0]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4System.dll] [N/A, ]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4Tools.dll] [N/A, ]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\AMRDSF.dll] [, 0.0.0.0]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\EvrcDecDll.dll] [N/A, ]
[C:\WINDOWS\system32\Samsung PC Studio Codecs\AMR.dll] [, 0.0.0.0]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 2920 / dior][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.214.000]
[c:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.214.000]
[c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll] [Hewlett-Packard, 5.0.0.247]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll] [, ]
[c:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hphtra08.dll] [Hewlett-Packard, 8,1,0,12]
[c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll] [, 5.0.0.247]
[c:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[PID: 3044 / dior][C:\Program Files\Windows Desktop Search\WindowsSearch.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\uncdms.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\oeph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\mssph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\fr-fr\WindowsSearchRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Windows Desktop Search\WdsMktTools.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1516 / dior][c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[c:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[c:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[c:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[PID: 1056 / dior][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 1588 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 3700 / dior][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial]
[C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[PID: 2748 / dior][C:\Documents and Settings\marionette\Mes documents\LOGICIEL\PhotoFiltre.exe] [Antonio Da Cruz, 6.2.7.0]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0,

Réponse 77 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
28 janv. 2008 à 18:43

Fin du rapport:

[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[PID: 3144 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2536 / dior][C:\Documents and Settings\dior\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Documents and Settings\dior\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3956, C:\PROGRAM FILES\JAVA\JRE1.5.0_05\BIN\JUSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3968, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3976, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4040, C:\HP\KBD\KBD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2152, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2192, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2212, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2244, C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2296, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2444, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 764, C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1208, C:\PROGRAM FILES\ARES\ARES.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2920, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1516, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2748, C:\DOCUMENTS AND SETTINGS\MARIONETTE\MES DOCUMENTS\LOGICIEL\PHOTOFILTRE.EXE]

==================================
API HOOK
Entrypoint Error: CreateProcessA (Dangerous Level: High, Hooked by Module: 0x00130239)
Entrypoint Error: CreateProcessW (Dangerous Level: High, Hooked by Module: 0x001302C5)
Entrypoint Error: CreateRemoteThread (Dangerous Level: High, Hooked by Module: 0x001304F5)
Entrypoint Error: CreateThread (Dangerous Level: High, Hooked by Module: 0x00130581)
Entrypoint Error: WriteProcessMemory (Dangerous Level: High, Hooked by Module: 0x00130699)
Entrypoint Error: SetWindowsHookExA (Dangerous Level: High, Hooked by Module: 0x00130725)
Entrypoint Error: SetWindowsHookExW (Dangerous Level: High, Hooked by Module: 0x001307B1)

==================================
Hidden Process
N/A

==================================

/CODE

Réponse 78 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
29 janv. 2008 à 16:04

G!rly?

Réponse 79 / 159

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
29 janv. 2008 à 16:06

salut helpmei34,

je n´ai pas encore regardé le rapport de sreng, je le fais maintenant et te dis...

@ toute.

Réponse 80 / 159

Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
29 janv. 2008 à 16:09

Merci beaucoup à toi !

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Softonic,est-ce un virus ?

symboles et écritures pour nick msn

Peut on retrouver des conversations MSN?

Comment savoir si j'ai attrapé un virus sur mon téléphone ?

Discussions similaires

Newsletters