Votre question

Ordi lent, virus?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juillet 2007 14:06:48

Bonjour a tous!

Je suis nouveau et je me suis inscrit ici car j'ai remarqué que vous reglez pas mal de probleme.

Et j'en ai justement un:

Du jour au lendemain, mon ordi est devenu lent, rien que qd je l'allume, la page de chargement est tres longue, il met 5 bonne minute avant d'arriver a la page de login, pareil pour le couper, 5min avant de s'éteindre.
Ensuite, niveau application, ca ram a mort, si j'écoute de la musique et que je lance une page internet, ca vas, mais au bout d'un moment ca ram grave, et qd je regarde dans Gestionnaire des taches, IE monte a 174.000ko et continue de monter.
Qd a ma charge dédiée, mtn je dépasse les 512Mo ce qui avant ne m'était jamais arrivé, et bien ca me le fait tres souvent. (Et je n'ai qu'une barette de 512...)
J'ai tenté une restauration systeme a une date ultérieure avant que tout cela commence, et rien ne change...
J'ai effectué un scan cette nuit, il m'a trouvé une 30aines de fichier infecté et a tout supprimé, mais c'est toujours pareil.


Maintenant je m'en remets a vous tous, je vous poste mon rapport Hijack, en espérant que vous pourrez m'aider.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:52:07, on 22/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A828F0B-8A2C-B476-B753-45C5D0389A27} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 6787 bytes

Autres pages sur : ordi lent virus

22 Juillet 2007 15:23:55

S'il vous plait, quelqu'un peu m'aider?
Contenus similaires
22 Juillet 2007 17:55:32

Voici le rapport que tu m'as demander chercheur_

"Geoffrey" - 2007-07-22 17:46:09 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Geoffrey\Application Data\Microsoft\20509.dat
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Geoffrey.\err.log
C:\Documents and Settings\Geoffrey.\ResErrors.log
C:\WINDOWS\exefld
C:\WINDOWS\gc_407.cnf
C:\WINDOWS\gsc_407.cnf
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-22 17:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 23:44 <REP> d-------- C:\Downloads
2007-07-17 12:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-17 12:19 <REP> d-------- C:\Program Files\Atari
2007-07-16 17:17 <REP> d-------- C:\Program Files\a-squared Free
2007-07-15 11:10 <REP> d-------- C:\Program Files\Fishtank Interactive
2007-07-12 15:58 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-12 15:58 <REP> d-------- C:\Program Files\Xvid
2007-06-26 10:16 261,351 --a------ C:\winlogon.exe
2007-06-24 14:24 <REP> d-------- C:\DVDVOLUME


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 15:50:47 59,239,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-22 15:45:00 -------- d-----w C:\Program Files\FlashGet
2007-07-22 13:25:37 -------- d-----w C:\Program Files\Steam
2007-07-22 11:41:10 798,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-22 11:41:10 177,020 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-22 11:41:10 1,860,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-20 15:31:08 -------- d-----w C:\DOCUME~1\Geoffrey\Application Data\teamspeak2
2007-07-18 21:23:35 -------- d-----w C:\Program Files\Google
2007-07-17 10:19:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-16 15:56:39 -------- d-----w C:\Program Files\SlySoft
2007-07-16 15:01:14 2,414 ----a-w C:\WINDOWS\system32\tmp.reg
2007-07-13 12:36:19 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-07-12 14:29:34 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-07-01 10:21:02 -------- d-----w C:\Program Files\Dofus
2007-06-19 07:51:37 -------- d-----w C:\Program Files\Windows Live
2007-06-19 07:51:16 -------- d-----w C:\Program Files\Railroad Tycoon II
2007-06-19 07:49:59 -------- d-----w C:\Program Files\AviCh
2007-06-19 07:47:21 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-19 07:47:18 -------- d-----w C:\Program Files\MSN Messenger
2007-06-16 12:55:50 -------- d-----w C:\Program Files\Bullfrog
2007-05-26 17:22:17 -------- d-----w C:\DOCUME~1\Geoffrey\Application Data\Apple Computer
2007-05-24 11:24:28 -------- d-----w C:\DOCUME~1\Geoffrey\Application Data\Vso
2007-05-10 09:03:30 1,146,932 ----a-w C:\WINDOWS\SCTUninstaller.exe
2007-05-06 13:47:17 245,488 ----a-w C:\WINDOWS\Mall Tycoon 2 Uninstaller.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 21:55:54 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-04-28 07:31:09 87,608 ----a-w C:\DOCUME~1\Geoffrey\Application Data\inst.exe
2007-04-28 07:31:09 47,360 -c--a-w C:\DOCUME~1\Geoffrey\Application Data\pcouffin.sys
2006-11-23 10:09:40 81,920 -c--a-w C:\DOCUME~1\Geoffrey\Application Data\ezpinst.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-29 13:44 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A3700EE-5330-4DE3-A9B6-D9B56E9791F6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A828F0B-8A2C-B476-B753-45C5D0389A27}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:56 2436160 -ra--c--- c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-16 07:05 163840 --a------ C:\PROGRA~1\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35]
"DXDllRegExe"="dxdllreg.exe" []
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Geoffrey^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Geoffrey\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
"C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]
"C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3688644-fe4e-11db-bae0-00138f064d9b}]
AutoRun\command- F:\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-20 15:15:01 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-22 01:30:01 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 17:50:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-22 17:51:52
C:\ComboFix-quarantined-files.txt ... 2007-07-22 17:51

--- E O F ---
22 Juillet 2007 22:14:32

Bonjour


Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
23 Juillet 2007 11:25:32

Bonjour Chercheur_
Voici le rapport de DiagHelp:

DiagHelp version v1.1.2 - http://www.malekal.com
excute le 23/07/2007 à 11:18:39,60


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\fidbox.dat -->23/07/2007 11:15:34
C:\WINDOWS\System32/drivers\fidbox2.idx -->23/07/2007 02:55:34
C:\WINDOWS\System32/drivers\fidbox2.dat -->23/07/2007 02:55:34
C:\WINDOWS\System32/drivers\fidbox.idx -->23/07/2007 02:55:33
C:\WINDOWS\System32/drivers\klin.sys -->26/06/2007 10:08:25
C:\WINDOWS\System32/drivers\klick.sys -->26/06/2007 10:08:25
C:\WINDOWS\System32/drivers\sptd.sys -->09/05/2007 18:58:05

C:\WINDOWS\System32\nvapps.xml -->23/07/2007 11:14:49
C:\WINDOWS\System32\wpa.dbl -->21/07/2007 19:48:18
C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->19/07/2007 12:30:30
C:\WINDOWS\System32\CmdLineExt03.dll -->17/07/2007 12:30:55
C:\WINDOWS\System32\tmp.txt -->16/07/2007 17:01:14
C:\WINDOWS\System32\tmp.reg -->16/07/2007 17:01:14
C:\WINDOWS\System32\SPOOLSV.EXE.kav -->13/07/2007 15:17:04
C:\WINDOWS\System32\SERVICES.EXE.kav -->13/07/2007 15:17:04
C:\WINDOWS\System32\LSASS.EXE.kav -->13/07/2007 15:17:03
C:\WINDOWS\System32\kr_done1 -->13/07/2007 14:37:14
C:\WINDOWS\System32\svchost.exe -->13/07/2007 14:36:19
C:\WINDOWS\System32\javaws.exe -->12/07/2007 02:22:38
C:\WINDOWS\System32\javacpl.cpl -->12/07/2007 02:22:36
C:\WINDOWS\System32\javaw.exe -->12/07/2007 01:22:04
C:\WINDOWS\System32\java.exe -->12/07/2007 01:22:00
C:\WINDOWS\System32\swreg.exe -->11/07/2007 16:59:04
C:\WINDOWS\System32\p.log -->01/06/2007 15:36:09
C:\WINDOWS\System32\c.log -->01/06/2007 15:36:01
C:\WINDOWS\System32\CONFIG.NT -->25/05/2007 19:21:31
C:\WINDOWS\System32\aswBoot.exe -->30/04/2007 17:46:10
C:\WINDOWS\System32\AVASTSS.scr -->30/04/2007 17:35:28
C:\WINDOWS\System32\FNTCACHE.DAT -->28/04/2007 18:54:24
C:\WINDOWS\System32\BASSMOD.dll -->28/04/2007 09:42:21
C:\WINDOWS\System32\QuickTimeVR.qtx -->27/04/2007 09:42:00
C:\WINDOWS\System32\QuickTime.qts -->27/04/2007 09:42:00

C:\WINDOWS\WindowsUpdate.log -->23/07/2007 11:14:54
C:\WINDOWS\0.log -->23/07/2007 11:14:54
C:\WINDOWS\wiadebug.log -->23/07/2007 11:14:53
C:\WINDOWS\wiaservc.log -->23/07/2007 11:14:51
C:\WINDOWS\bootstat.dat -->23/07/2007 11:14:35
C:\WINDOWS\SchedLgU.Txt -->23/07/2007 02:55:13
C:\WINDOWS\win.ini -->22/07/2007 21:41:03
C:\WINDOWS\system.ini -->22/07/2007 21:41:03
C:\WINDOWS\ntbtlog.txt -->21/07/2007 20:01:35
C:\WINDOWS\NeroDigital.ini -->21/07/2007 19:58:04
C:\WINDOWS\QTFont.qfn -->20/07/2007 23:59:44
C:\WINDOWS\QTFont.for -->20/07/2007 23:59:44
C:\WINDOWS\setupapi.log -->20/07/2007 01:30:28
C:\WINDOWS\setupact.log -->16/07/2007 17:01:17
C:\WINDOWS\wmsetup.log -->16/07/2007 00:57:37


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\WINDOWS\system

15/10/2003 17:26 1 454 080 SmWizard.exe
1 fichier(s) 1 454 080 octets
0 Rép(s) 8 502 808 576 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\WINDOWS\system32

04/08/2004 02:54 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 8 502 808 576 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\WINDOWS\Downloaded Program Files

20/07/2007 01:30 <REP> .
20/07/2007 01:30 <REP> ..
10/11/2006 15:52 65 desktop.ini
25/07/2002 19:13 24 576 dwusplay.dll
25/07/2002 19:13 196 608 dwusplay.exe
23/03/2007 12:17 1 292 erma.inf
13/04/2004 07:04 307 200 isusweb.dll
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
28/02/2007 14:21 142 248 SolitaireShowdown.dll
7 fichier(s) 976 533 octets

Total des fichiers listés :
7 fichier(s) 976 533 octets
2 Rép(s) 8 502 808 576 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 11:19:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
264 - svchost.exe
600 - csrss.exe
624 - winlogon.exe
668 - services.exe
680 - lsass.exe
840 - svchost.exe
888 - svchost.exe
952 - svchost.exe
1028 - svchost.exe
1428 - alg.exe
1544 - explorer.exe
1568 - a2service.exe
1652 - avp.exe
1728 - MSCamS32.exe
1760 - jusched.exe
1768 - LwbWheel.exe
1780 - nvsvc32.exe
1840 - rundll32.exe
1856 - avp.exe
2312 - IEXPLORE.EXE
2540 - wuauclt.exe
2976 - cmd.exe

Total number of processes = 23
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F8A36000 - \WINDOWS\system32\KDCOM.DLL
F8946000 - \WINDOWS\system32\BOOTVID.dll
F842D000 - sptd.sys
F8A38000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F8415000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F83E6000 - ACPI.sys
F83D5000 - pci.sys
F8536000 - isapnp.sys
F8AFE000 - pciide.sys
F87B6000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8546000 - MountMgr.sys
F83B6000 - ftdisk.sys
F8A3A000 - dmload.sys
F8390000 - dmio.sys
F87BE000 - PartMgr.sys
F8556000 - VolSnap.sys
F8378000 - atapi.sys
F8566000 - disk.sys
F8576000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F8359000 - fltMgr.sys
F8342000 - KSecDD.sys
F82B5000 - Ntfs.sys
F8288000 - NDIS.sys
F8586000 - uagp35.sys
F8A3C000 - speedfan.sys
F826D000 - Mup.sys
F8250000 - kl1.sys
F87C6000 - \WINDOWS\system32\drivers\TDI.SYS
F8AFF000 - giveio.sys
F85D6000 - \SystemRoot\system32\DRIVERS\amdk7.sys
F73EB000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F73D7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F85E6000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F889E000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7ECD000 - \SystemRoot\system32\drivers\pfc.sys
F85F6000 - \SystemRoot\System32\Drivers\AFS2K.SYS
F8606000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8616000 - \SystemRoot\system32\DRIVERS\redbook.sys
F73B4000 - \SystemRoot\system32\DRIVERS\ks.sys
F8626000 - \SystemRoot\system32\DRIVERS\imapi.sys
F72FB000 - \SystemRoot\system32\drivers\cmuda.sys
F72D7000 - \SystemRoot\system32\drivers\portcls.sys
F8636000 - \SystemRoot\system32\drivers\drmk.sys
F88A6000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F72B4000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F88AE000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F88B6000 - \SystemRoot\system32\DRIVERS\sisnic.sys
F88BE000 - \SystemRoot\system32\DRIVERS\fdc.sys
F72A3000 - \SystemRoot\system32\DRIVERS\serial.sys
F7EC1000 - \SystemRoot\system32\DRIVERS\serenum.sys
F728F000 - \SystemRoot\system32\DRIVERS\parport.sys
F7EBD000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F8B18000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8646000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8A02000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F7278000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8656000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F784B000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7267000 - \SystemRoot\system32\DRIVERS\psched.sys
F783B000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F88C6000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F88CE000 - \SystemRoot\system32\DRIVERS\raspti.sys
F782B000 - \SystemRoot\System32\Drivers\pcouffin.sys
F7236000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F781B000 - \SystemRoot\system32\DRIVERS\termdd.sys
F88D6000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8A90000 - \SystemRoot\system32\DRIVERS\swenum.sys
F7202000 - \SystemRoot\system32\DRIVERS\update.sys
F8A1A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8686000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F86A6000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8AA0000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F87F6000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F8ABA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8C08000 - \SystemRoot\System32\Drivers\Null.SYS
F8ABC000 - \SystemRoot\System32\Drivers\Beep.SYS
F8806000 - \SystemRoot\System32\drivers\vga.sys
F8ABE000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8AC0000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F880E000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8816000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7FBF000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F4C51000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F4BF9000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F4BD1000 - \SystemRoot\system32\DRIVERS\netbt.sys
F4BAF000 - \SystemRoot\System32\drivers\afd.sys
F8766000 - \SystemRoot\system32\DRIVERS\netbios.sys
F4B83000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F4AEC000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F4AB1000 - \??\C:\WINDOWS\system32\drivers\klif.sys
F8776000 - \SystemRoot\System32\Drivers\Fips.SYS
F4A90000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F8796000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F8846000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F414B000 - \SystemRoot\system32\DRIVERS\VX3000.sys
F5944000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F5934000 - \SystemRoot\system32\drivers\usbaudio.sys
F5E04000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F5527000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F8886000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F5DFC000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F87A6000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EC94A000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8AF4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F3B1F000 - \SystemRoot\System32\watchdog.sys
ED87C000 - \SystemRoot\System32\drivers\Dxapi.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
ED076000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
F0B0A000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
EBA0D000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
EB9D0000 - \SystemRoot\system32\drivers\wdmaud.sys
F54F7000 - \SystemRoot\system32\drivers\sysaudio.sys
EDBB2000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EB822000 - \SystemRoot\System32\Drivers\HTTP.sys
ECB54000 - \SystemRoot\system32\DRIVERS\srv.sys
EC991000 - \SystemRoot\system32\DRIVERS\secdrv.sys
ECB2D000 - \SystemRoot\System32\Drivers\Fastfat.SYS
EB9A6000 - \SystemRoot\system32\drivers\kmixer.sys
F8BD7000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 123

Liste des programmes installes

-(/'|'\)- DivX Codec 3.11a Codec -(/'|'\)-
5500
5500_Help
5500Tour
5500Trb
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan
AIOMinimal
AiOSoftware
Anti-Pub 2003.03
Archiveur WinRAR
Audacity 1.2.6
Axis & Allies
Battlefield Vietnam Server
Battlefield Vietnam(TM)
BeClean
Browser Mouse Browser Mouse 1.0
C-Media 3D Audio
CamStudio
Car Tycoon
Car Tycoon 1.28
Casino Inc
Casino Inc Demo
Casino Tycoon
CCleaner (remove only)
ConvertXtoDVD 2.1.18.242
Copy
CreativeProjects
Direct Show Ogg Vorbis Filter (remove only)
Director
DocProc
Dofus 1.15.4
DVD Shrink 3.2
eMule
EVEREST Home Edition v2.20
Fax
FlashGet 1.9.0.1012
FlashGet(JetCar)
Golf Resort Tycoon
Google Earth
Google Toolbar for Internet Explorer
GUILD WARS
HijackThis 2.0.0
Hotel Giant Demo
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HPSystemDiagnostics
HyperCam 2
IncrediMail Xe
InstantShare
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
Lecteur Windows Media 11
LimeWire PRO 4.12.6
Magentic
Mall Tycoon 3
Memories Disc Creator 2.0
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeCam
Microsoft Office XP Professional avec FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour pour Windows XP (KB898461)
MUSK Codec Pack v5
Nero Suite
NVIDIA Drivers
Overland
PhotoGallery
PowerDVD
PrintScreen
Procesor Driver
PunkBuster pour Battlefield Vietnam
QFolder
QuickProjects
QuickTime
Railroad Tycoon II
Readme
RealPlayer
Scan
School Tycoon
Shangri La Deluxe
Shareaza version 2.2.3.0
Shopping Centre Tycoon
SiS Audio Driver
SkinsHP1
SkinsHP2
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Steam
Super Gemdrop Deluxe
Talismania Deluxe
TeamSpeak 2 RC2
The 4th Coming v1.61 by Dialsoft
TrayApp
Trivial Pursuit(TM) Genus Edition Deluxe
Unload
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Xfire (remove only)
Xvid 1.1.2 final uninstall



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\Program Files

17/07/2007 12:19 <REP> .
17/07/2007 12:19 <REP> ..
09/05/2007 21:55 <REP> Activision Value
28/04/2007 18:49 <REP> Adobe
21/11/2006 16:43 <REP> Ahead
25/03/2007 23:09 <REP> Alwil Software
27/11/2006 23:52 <REP> Antipub
15/04/2007 00:42 <REP> AresFlashDownloader
16/07/2007 17:29 <REP> a-squared Free
17/07/2007 12:19 <REP> Atari
21/11/2006 17:04 <REP> Audacity
19/06/2007 09:49 <REP> AviCh
04/12/2006 19:00 <REP> AVOne
14/04/2007 02:48 <REP> BeClean
10/11/2006 16:13 <REP> Browser Mouse
16/06/2007 14:55 <REP> Bullfrog
10/01/2007 23:36 <REP> Camfrog
12/02/2007 14:04 <REP> CamStudio
09/05/2007 18:03 <REP> Cat Daddy Games
26/12/2006 05:28 <REP> CCleaner
16/03/2007 19:05 <REP> C-Media
11/01/2007 23:42 <REP> C-Media 3D Audio
10/11/2006 15:50 <REP> ComPlus Applications
11/12/2006 22:29 <REP> CyberLink
10/05/2007 11:02 <REP> Deep Silver
16/03/2007 18:55 <REP> Dial-Messenger
22/04/2007 16:50 <REP> Dialsoft
17/11/2006 00:12 <REP> directx
01/07/2007 12:21 <REP> Dofus
10/11/2006 16:00 <REP> DVD Shrink
25/11/2006 12:51 <REP> EA GAMES
19/05/2007 01:10 <REP> eMule
16/07/2007 17:23 <REP> Fichiers communs
15/07/2007 11:10 <REP> Fishtank Interactive
23/07/2007 11:17 <REP> FlashGet
29/04/2007 23:36 <REP> Global Star
18/07/2007 23:23 <REP> Google
16/11/2006 22:13 <REP> GUILD WARS
10/11/2006 16:24 <REP> HP
29/03/2007 00:16 <REP> HyCam2
17/01/2007 00:46 <REP> IncrediMail
10/11/2006 16:20 <REP> Internet Explorer
19/07/2007 12:30 <REP> Java
06/12/2006 22:19 <REP> Kaspersky Lab
09/05/2007 19:02 <REP> Konami
14/04/2007 02:30 <REP> Lavalys
05/03/2007 18:55 <REP> LimeWire
28/04/2007 02:08 <REP> Magentic
19/06/2007 09:47 <REP> Messenger Plus! Live
10/11/2006 15:53 <REP> microsoft frontpage
15/01/2007 20:35 <REP> Microsoft LifeCam
11/11/2006 02:50 <REP> Microsoft Office
09/01/2007 01:44 <REP> MobeeSoft
08/05/2007 20:43 <REP> Monte Cristo
10/11/2006 15:53 <REP> movie maker
10/11/2006 15:53 <REP> msn gaming zone
19/06/2007 09:47 <REP> MSN Messenger
14/04/2007 13:51 <REP> MUSK Codec Pack v5
10/11/2006 15:51 <REP> NetMeeting
10/11/2006 15:51 <REP> Outlook Express
05/05/2007 12:16 <REP> QuickTime
19/06/2007 09:51 <REP> Railroad Tycoon II
17/11/2006 00:12 <REP> Real
10/11/2006 15:52 <REP> Services en ligne
18/11/2006 02:55 <REP> Shareaza
11/01/2007 22:27 <REP> SiS7012
16/07/2007 17:56 <REP> SlySoft
12/12/2006 21:12 <REP> Sony
12/12/2006 14:15 <REP> SourceTec
24/04/2007 17:40 <REP> SpeedFan
05/07/2007 09:55 <REP> Spybot - Search & Destroy
22/07/2007 18:36 <REP> Steam
02/01/2007 01:47 <REP> Teamspeak2_RC2
06/05/2007 17:23 <REP> Trymedia
09/01/2007 01:28 <REP> VideoCap
23/11/2006 12:09 <REP> vso
23/08/2004 16:38 <REP> WINAMP
19/06/2007 09:51 <REP> Windows Live
19/01/2007 21:38 <REP> Windows Live Safety Center
12/02/2007 00:07 <REP> Windows Media Components
11/12/2006 17:56 <REP> Windows Media Connect 2
11/12/2006 17:56 <REP> Windows Media Player
10/11/2006 15:53 <REP> Windows NT
10/05/2007 13:15 <REP> WinRAR
10/11/2006 15:53 <REP> xerox
12/07/2007 15:58 <REP> Xvid
11/05/2007 00:06 <REP> Zylom Games
0 fichier(s) 0 octets
87 Rép(s) 8 497 446 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\Program Files\fichiers communs

16/07/2007 17:23 <REP> .
16/07/2007 17:23 <REP> ..
28/04/2007 18:46 <REP> Adobe
16/11/2006 22:02 <REP> Adobe Systems Shared
10/11/2006 16:31 <REP> Ahead
11/11/2006 02:50 <REP> Designer
10/11/2006 16:24 <REP> Hewlett-Packard
10/11/2006 16:22 <REP> HP
12/07/2007 16:29 <REP> InstallShield
10/11/2006 16:00 <REP> Java
17/11/2006 00:12 <REP> Logitech
09/05/2007 18:21 <REP> Microsoft Shared
10/11/2006 15:51 <REP> MSSoap
10/11/2006 16:47 <REP> ODBC
27/02/2007 16:52 <REP> Real
10/11/2006 15:51 <REP> Services
10/11/2006 16:47 <REP> SpeechEngines
11/11/2006 02:50 <REP> System
27/02/2007 16:46 <REP> xing shared
0 fichier(s) 0 octets
19 Rép(s) 8 497 446 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

11/11/2006 02:50 <REP> .
11/11/2006 02:50 <REP> ..
11/11/2006 02:50 <REP> 1033
11/11/2006 02:50 <REP> 1036
15/02/2001 06:45 1 318 912 MSONSEXT.DLL
13/02/2001 09:23 58 784 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
06/08/2000 10:04 401 462 MSVCP60.DLL
22/01/2001 04:25 69 632 PKMAXCTL.DLL
22/01/2001 04:25 872 448 PKMCDO.DLL
22/01/2001 04:25 159 744 PKMCORE.DLL
07/02/2001 10:59 106 496 PKMFORMS.DLL
12/02/2001 05:03 684 032 PKMRES.DLL
22/01/2001 04:25 28 672 PKMSSTLB.DLL
22/01/2001 04:25 40 960 PKMTEMPL.DLL
22/01/2001 04:25 24 576 PKMTRACE.DLL
22/01/2001 04:25 86 016 PKMWS.DLL
22/01/2001 04:25 237 568 PROMDEMO.DLL
22/01/2001 04:25 184 320 SECMGR.DLL
22/01/2001 04:25 323 584 VAIDDMGR.DLL
22/01/2001 04:25 32 768 VAIMEM.DLL
18 fichier(s) 4 879 944 octets
4 Rép(s) 8 497 442 816 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
31/10/2005 17:56 700 416 StubInstaller.exe
04/08/2004 02:55 261 351 winlogon.exe
4 fichier(s) 1 133 287 octets
0 Rép(s) 8 497 442 816 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A049-6532

Répertoire de C:\

c:\Documents and Settings\Geoffrey\.limewire\.NetworkShare\LimeWireWinInstaller 1.exe
c:\Documents and Settings\Geoffrey\Application Data\ezpinst.exe
c:\Documents and Settings\Geoffrey\Application Data\inst.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{205140F6-F3AC-45CE-9627-9CF35C6E1C2E}\app_icon.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{70900903-3F7E-45EF-B5D7-9738FCC17381}\_9E92871EEFD4_44B2_BE21_E096A6703E87.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{839EC4E8-A591-47D6-9A32-E861AF08CB9F}\_CE8509BD69DA_41B8_BA6E_1225A01CD478.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{DF2A237A-3D61-11D5-888A-005004D128A9}\Copy(2)ofweb.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{DF2A237A-3D61-11D5-888A-005004D128A9}\CopyofHelp.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{DF2A237A-3D61-11D5-888A-005004D128A9}\CopyofReadme.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{DF2A237A-3D61-11D5-888A-005004D128A9}\GolfGame.exe
c:\Documents and Settings\Geoffrey\Application Data\Microsoft\Installer\{DF2A237A-3D61-11D5-888A-005004D128A9}\GolfTycoon.exe
c:\Documents and Settings\Geoffrey\Bureau\ComboFix.exe
c:\Documents and Settings\Geoffrey\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Geoffrey\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Geoffrey\Local Settings\Temporary Internet Files\Content.IE5\CTENOHQZ\lcweb[1].exe
c:\Documents and Settings\Geoffrey\Local Settings\Temporary Internet Files\Content.IE5\CTENOHQZ\lcweb[3].exe
c:\Documents and Settings\Geoffrey\Local Settings\Temporary Internet Files\Content.IE5\OTQZYZST\eMule0.48a-Installer[1].exe
c:\Documents and Settings\Geoffrey\Local Settings\Temporary Internet Files\Content.IE5\SHS56V8T\DofusInstaller_v1_16_4[1].exe
c:\Documents and Settings\Geoffrey\Mes documents\Kazaa\Shareaza_2.1.0.0.exe
c:\Documents and Settings\Geoffrey\Mes documents\Mes fichiers reçus\ATro55en.exe
c:\Documents and Settings\Geoffrey\Mes documents\Mes fichiers reçus\LimeWire.Pro.v4.12.6.Multilingual.Retail-ZWT\LimeWire.Pro.v4.12.6.Multilingual.Retail-ZWT\setup.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\bejeweled2\fr-FR\Bejeweled2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\chainz2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\core.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\file.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\gfx2d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\gfx2d_dd7.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\imglib.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\jpeg.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\logger.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\msvcr71.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\snd3d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\snd3d_fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\ui2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\Eldorado.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MumboJumboExtension\MumboJumboExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PopcapExtension\PopcapExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll
c:\Documents and Settings\Geoffrey\Application Data\Identities\{000HQ7FF-AD7A-3FG2-LS5J-229F8D9V0VVC}\xmlparse.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\7zAes.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\Aes.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\Branch.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\Copy.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\LZMA.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Codecs\Swap.dll
c:\Documents and Settings\Geoffrey\Local Settings\Application Data\Seven Zip\Formats\7z.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
24 Juillet 2007 13:15:42

Bonjour Chercheur_

Ca a prit du tps, mais voici le rapport de Panda:


Incident Statut Analyse

Outil indésirable:Application/NirCmd.A No Désinfecté C:\ComboFix\nircmd.cfexe
Outil indésirable:Application/NirCmd.A No Désinfecté C:\ComboFix\nircmd.exe
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\Geoffrey\Bureau\ComboFix.exe[nircmd.exe]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@247realmedia[2].txt
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@2o7[2].txt
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@ads.pointroll[2].txt
Spyware:Cookie/Adserver No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@adserver.filefront[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@adtech[2].txt
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@adultfriendfinder[2].txt
Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@atwola[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@bs.serving-sys[2].txt
Spyware:Cookie/Casinotropez No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@casinotropez[1].txt
Spyware:Cookie/Ccbill No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@ccbill[1].txt
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@com[1].txt
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@cs.sexcounter[2].txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@fe.lea.lycos[1].txt
Spyware:Cookie/Go No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@go[2].txt
Spyware:Cookie/Itrack No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@ilead.itrack[1].txt
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@metriweb[1].txt
Spyware:Cookie/Outster No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@outster[2].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@overture[1].txt
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@perf.overture[1].txt
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@searchportal.information[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@serving-sys[1].txt
Spyware:Cookie/Smartadserver No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@smartadserver[2].txt
Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@toplist[1].txt
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@tribalfusion[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@weborama[1].txt
Spyware:Cookie/WebPower No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@webpower[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@xiti[1].txt
Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Geoffrey\Cookies\geoffrey@yadro[1].txt
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@adultfriendfinder[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@bluestreak[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[1].txt
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@metriweb[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@serving-sys[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@weborama[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Patrick\Cookies\patrick@xiti[1].txt
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@ad.yieldmanager[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@bluestreak[2].txt
Spyware:Cookie/Clickbank No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@clickbank[2].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@mediaplex[1].txt
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@metriweb[1].txt
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@statcounter[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Patrick\Local Settings\Temp\Cookies\patrick@xiti[2].txt
Spyware:Cookie/Statcounter No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc10.txt
Spyware:Cookie/YieldManager No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc118.txt
Spyware:Cookie/Advertising No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc126.txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc129.txt
Spyware:Cookie/Bluestreak No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc137.txt
Spyware:Cookie/Serving-sys No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc138.txt
Spyware:Cookie/2o7 No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc139.txt
Spyware:Cookie/WebtrendsLive No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc14.txt
Spyware:Cookie/888 No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc141.txt
Spyware:Cookie/888 No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc142.txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc15.txt
Spyware:Cookie/Weborama No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc20.txt
Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc40.txt
Spyware:Cookie/Mediaplex No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc43.txt
Spyware:Cookie/MetriWeb No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc45.txt
Spyware:Cookie/Overture No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc56.txt
Spyware:Cookie/Hitbox No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc61.txt
Spyware:Cookie/RealMedia No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc67.txt
Spyware:Cookie/WUpd No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc68.txt
Spyware:Cookie/Searchportal No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc71.txt
Spyware:Cookie/Serving-sys No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc73.txt
Spyware:Cookie/Smartadserver No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc77.txt
Spyware:Cookie/Casalemedia No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc80.txt
Spyware:Cookie/Cassava No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc81.txt
Spyware:Cookie/Doubleclick No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc87.txt
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\RECYCLER\S-1-5-21-746137067-448539723-839522115-1004\Dc96.txt
Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
Virus:Trj/Qhost.gen Désinfecté C:\WINDOWS\system32\drivers\etc\hosts.20070716-165412.backup
24 Juillet 2007 14:41:57

Bonjour


Pas grand chose dans ce rapport.

Supprime ce fichier
C:\WINDOWS\nircmd.exe

Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Lance le nettoyage.

As tu encore des dysfonctionnements ?
24 Juillet 2007 15:35:11

Malheureusement oui, il est tjs aussi lent au démarrage et a la fermeture et a l'ouverture des programmes...
24 Juillet 2007 16:52:40

Poste un nouveau Hijackthis.
24 Juillet 2007 19:11:49

Le voici:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:11, on 24/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A828F0B-8A2C-B476-B753-45C5D0389A27} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7215 bytes
24 Juillet 2007 21:13:04

Quelques lignes inutiles.
Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A828F0B-8A2C-B476-B753-45C5D0389A27} - (no file)
O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - (no file)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse
25 Juillet 2007 10:12:53

CODE

2007-07-25,10:11:45

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<LWBMOUSE><C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe> []
<DXDllRegExe><dxdllreg.exe> [N/A]
<nwiz><nwiz.exe /install> []
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<LifeCam><"C:\Program Files\Microsoft LifeCam\LifeExp.exe"> [(Verified)Microsoft Corporation]
<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CloneCDTray><; "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<HP Component Manager><; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"> [Hewlett-Packard Company]
<HP Software Update><; "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"> [Hewlett-Packard]
<LVCOMS><; C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE> [(Verified)Microsoft Windows Publisher]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<SDR6V_Check><; "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Steam><; > [N/A]
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<WA6PV_Check><; "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"> [N/A]

==================================
Startup Folders
N/A

==================================
Services
[a-squared Free Service / a2free][Stopped/Auto Start]
<c:\program files\a-squared free\a2service.exe><Emsi Software GmbH>
[Adobe LM Service / Adobe LM Service][Stopped/Disabled]
<"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ares Chatroom server / AresChatServer][Stopped/Disabled]
<C:\Program Files\Ares\chatServer.exe><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Kaspersky Anti-Virus 6.0 / AVP][Stopped/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>

==================================
Drivers
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\Geoffrey\Local Settings\Temp\catchme.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[giveio / giveio][Running/Boot Start]
<\SystemRoot\system32\giveio.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[VSO Software pcouffin / pcouffin][Running/Manual Start]
<System32\Drivers\pcouffin.sys><VSO Software>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Logitech QuickCam Express(PID_0920) / PID_0920][Stopped/Manual Start]
<system32\DRIVERS\LV532AV.SYS><Logitech Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[Service for AC'97 Sample Driver (WDM) / SiS7012][Stopped/Manual Start]
<system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[Pilote de carte Fast Ethernet PCI SiS / SISNIC][Running/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[speedfan / speedfan][Running/Boot Start]
<\SystemRoot\system32\speedfan.sys><Windows (R) 2000 DDK provider>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Skype add-on (mastermind)]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com&gt;
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, www.flashget.com&gt;
[Antivirus Internet]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\FlashGet.exe, FlashGet.com>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Microsoft HTML Document 6.0]
{25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com&gt;
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com&gt;
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, www.flashget.com&gt;
[FGAutoLive]
{F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\PROGRA~1\FlashGet\fgupdate.dll, www.flashget.com&gt;
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com&gt;
[&Tout télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[&Télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_link.htm, N/A>

==================================
Running Processes
[PID: 552 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 680 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.240.0.0]
[PID: 1480 / SYSTEM][C:\Program Files\Microsoft LifeCam\MSCamS32.exe] [Microsoft Corporation, 1.21.113.0]
[PID: 1504 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[PID: 1664 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 308 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1688 / Geoffrey][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11060]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[PID: 672 / Geoffrey][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.6]
[PID: 1752 / Geoffrey][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11060]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[PID: 2480 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[PID: 3176 / Geoffrey][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11060]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll] [Skype Technologies S.A., 2, 2, 0, 98]
[C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll] [Skype Technologies, 1, 0, 1, 157]
[C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 4, 1007]
[C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.20.6]
[C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\PROGRA~1\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 4, 1003]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.4r20]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371]
[PID: 3344 / Geoffrey][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11060]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\vVX3000.dll] [Microsoft Corporation, 1, 1, 4, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.4r20]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 3992 / Geoffrey][C:\Documents and Settings\Geoffrey\Bureau\sreng\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11060]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371]
[C:\Documents and Settings\Geoffrey\Bureau\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1688, C:\WINDOWS\EXPLORER.EXE]

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================


CODE
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS