Impossible de lancer IE

JoKeR974 -  
 gen-hackman -
Bonjour a tous, voila mon problème, je suis depuis quelques jours tracassé par la lenteur de ma connexion internet, jusqu'ici, j'utilisais internet explorer par défaut et de temps en temps google chrome que j'ai installé récemment. Mais depuis quelques jours, il m'est devenu impossible de lancer internet explorer et quand par chance j'y arrive, il prend un temps interminable pour charger quoi que ce soit, je me suis résigné a utiliser google chrome mais le problèème c'est que celui ci est presque aussi lent.
J'utilise l'antivirus nod32 qui m'a signalé depuis la presence d'un virus http://rec2.faderups.com que j'ai bien sur mis en quarantaine, mais qui ne cessait de revenir a chaque connexion internet, j'ai donc procédé a un scan avec spy emergency qui me l'a apparemment viré et enfin un nettoyage du registre avec Ccleaner.
Je ne recois plus de fenetres d'avertissement de la part de nod 32 mais internet explorer ne veut touours pas se lancer et ca commence a me gaver d'avoir a attendre 30 secondes a chaque fois juste pour ouvrir une simple page internet, ne parlons meme pas de youtube, c'est meme pas la peine d'essayer.

J'espere recevoir vos reponses assez vite, merci d'avance

Système:

microsoft xp pro
SP3

Ordinateur:

Intel celeron M CPU
410 @ 1.46GHz
1.47 GHz, 896 Mo de RAM

53 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

La lenteur de la connexion internet et l'impossibilité de lancer Internet Explorer, associées à une navigation lente sous Chrome sur un PC Windows XP Pro SP3, constituent la problématique centrale. Des signes d'infection ont été confirmés par Nod32 et des tentatives de nettoyage ont été menées, incluant un scan Spy Emergency et un nettoyage du registre face à un virus signalé. La meilleure réponse propose l'utilisation de ComboFix pour nettoyer le système et décrit un rapport montrant des éléments malveillants comme nod32drv.sys et spyemrg.sys.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    Intel celeron M CPU
    410 @ 1.46GHz

    bonsoir...un peu lège

    commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:

    Télécharges et installes le logiciel de diagnostic HijackThis :

    ici HijackThis
    ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    ou renommé :

    http://pagesperso-orange.fr/yo-sen/HJTNew.exe

    1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
    A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    tuto pour utilisation :
    Regardes ici, c'est parfaitement expliqué en images (merci balltrap34),
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    ( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement )

    2- !! Déconnectes toi et fermes toute tes applications en cours !!

    Cliques sur le raccourci du bureau pour lancer le prg :
    fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

    --->copies-colles le rapport généré pour analyse
    0
    1. JoKeR974
       
      Salut gen, merci pour la rapidité de ta reponsev voila mon rapport:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:45:32, on 06/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System\cmstp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
      C:\WINDOWS\system\wcdvtray.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
      C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      C:\Program Files\Eset\nod32krn.exe
      c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F3 - REG:win.ini: load=C:\DOCUME~1\Krystel\APPLIC~1\spoolsv.exe
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
      O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
      O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
      O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
      O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Krystel\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
      O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
      O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
      O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
      0
  2. JoKeR974
     
    Salut gen-hackman et merci pour la rapidité de ta réponse, j'ai donc fait un rapport hijack this que voici, mais je ne sais pas comment renommer ma page d'accueil Iexplorer qui d'ailleurs est msn:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:45:32, on 06/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System\cmstp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\DOCUME~1\Krystel\APPLIC~1\spoolsv.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
    O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Krystel\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  3. gen-hackman
     
    re,

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    -> http://images.malwareremoval.com/random/RSIT.exe

    ! Déconnecte toi et ferme toutes tes applications en cours !

    Double-clique sur " RSIT.exe " pour le lancer .

    -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    * Devant l'option "List files/folders created ..." , tu choisis : 2 months

    * clique ensuite sur " Continue " pour lancer l'analyse ...

    -> laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
    0
    1. JoKeR974
       
      Au fait merci pour ton aide, je ne m'attendais pas du tout a avoir une réponse aussi rapide...
      0
  4. JoKeR974
     
    Trop rapide pour moi ce gen-hackman.. j'ai fait exactement ce que tu m'as dit donc voici le log:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Krystel at 2009-02-06 13:13:45
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 27 GB (35%) free of 76 GB
    Total RAM: 894 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:49, on 06/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System\cmstp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Krystel.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\DOCUME~1\Krystel\APPLIC~1\spoolsv.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
    O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Krystel\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. JoKeR974
     
    Et voici l'info.txt:

    info.txt logfile of random's system information tool 1.05 2009-02-06 13:07:01

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
    Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Ashampoo Magical Defrag 2-->"C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\unins000.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
    DivxToDVD 1.99.24-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
    Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
    Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
    MasterCook 5 : LGLC-->C:\WINDOWS\IsUn040c.exe -f"C:\SIERRA\MasterCook 5\Uninst.isu" -c"C:\SIERRA\MasterCook 5\uninst32.DLL"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Ultimate 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
    Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
    Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    Petit Larousse 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{422FADA9-FED2-41D7-B5FA-472BB98B7784}\Setup.exe" -l0x40c
    Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL
    Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x40c UNINSTALL
    QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036
    RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
    REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Spy Emergency 2008-->"C:\Program Files\NETGATE\Spy Emergency 2008\unins000.exe"
    Steinberg Cubase SX 3-->"C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\install.log"
    Studio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x40c UNINSTALL
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Driver Package - Atheros (AR5211) Net (01/20/2006 4.2.2.7)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_0FDF15AF88D844288A8E3C4928B42B68066CD23C\net5211.inf
    Windows Driver Package - ATI Technologies Inc System (12/20/2004 5.10.1000.5)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\smbusati_9EFEB626B3AA84A38BE73D29FB04E5C8A1A6D299\smbusati.inf
    Windows Driver Package - Ralink Technology, Inc. (RT61) Net (08/02/2006 1.01.02.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rt61_735C21C954D92A4FB09BCB74A5A879FDC94C7E3C\rt61.inf
    Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
    Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: ESET NOD32 antivirus system 2.70
    AS: Spy Emergency
    AS: Spyware Doctor (disabled)

    System event log

    Computer Name: XPSP2-75E3DCA19
    Event Code: 4201
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était connectée au réseau,
    et a lancé une opération normale sur la carte réseau.

    Record Number: 1684
    Source Name: Tcpip
    Time Written: 20090103203346.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 1002
    Message: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 000DF02EC5B8
    a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).

    Record Number: 1683
    Source Name: Dhcp
    Time Written: 20090103200113.000000+060
    Event Type: erreur
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 4201
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était connectée au réseau,
    et a lancé une opération normale sur la carte réseau.

    Record Number: 1682
    Source Name: Tcpip
    Time Written: 20090103200056.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 4202
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{07F020AF-9BF5-4990-9E41-9FA2F64F6D6C} était déconnectée du réseau,
    et la configuration réseau de la carte a été abandonnée. Si la carte
    réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
    Contactez le fabricant pour des pilotes mis à jour.

    Record Number: 1681
    Source Name: Tcpip
    Time Written: 20090103200051.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 4202
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était déconnectée du réseau,
    et la configuration réseau de la carte a été abandonnée. Si la carte
    réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
    Contactez le fabricant pour des pilotes mis à jour.

    Record Number: 1680
    Source Name: Tcpip
    Time Written: 20090103200051.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: XPSP2-75E3DCA19
    Event Code: 0
    Message:
    Record Number: 293
    Source Name: gusvc
    Time Written: 20090101124347.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 0
    Message:
    Record Number: 292
    Source Name: gusvc
    Time Written: 20090101124147.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 291
    Source Name: SecurityCenter
    Time Written: 20090101051235.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 0
    Message:
    Record Number: 290
    Source Name: gusvc
    Time Written: 20090101013351.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-75E3DCA19
    Event Code: 0
    Message:
    Record Number: 289
    Source Name: gusvc
    Time Written: 20090101013151.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0e08
    "NUMBER_OF_PROCESSORS"=1
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------
    0
  7. gen-hackman
     
    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :


    :processes
    explorer.exe

    :files
    C:\Program Files\SpywareDetector
    C:\Documents and Settings\Krystel\Application Data\sessmgr.exe
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency
    C:\WINDOWS\mstinit.exe
    C:\Documents and Settings\Krystel\Application Data\inst.exe
    C:\Program Files\NETGATE

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "CmSTP"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "SessMgr"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ensuite :

    Télécharge SDFix sur ton bureau :
    ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
    ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe­
    ou ici http://sdfix.net/SDFix.exe

    --> Double-clique sur SDFix.exe et choisis "Install" .

    ( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

    Puis une fois l'installe faite ,

    Impératif : Démarrer en mode sans echec .

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Comment aller en Mode sans échec :
    1) Redémarre ton ordi .
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
    3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
    4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
    5) Choisis ton compte habituel ( et pas Administrateur ).
    attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

    Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
    -->Tapes Y pour lancer le script ...
    Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
    presses une touche pour redémarrer quand il te le sera demandé .

    Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

    Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
    C:\SDFix sous le nom "Report.txt".

    Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse

    0
  8. JoKeR974
     
    le rapport de OTMoveIt:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\Program Files\SpywareDetector\Setting moved successfully.
    C:\Program Files\SpywareDetector moved successfully.
    C:\Documents and Settings\Krystel\Application Data\sessmgr.exe moved successfully.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Log moved successfully.
    Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist scheduled to be moved on reboot.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Cage moved successfully.
    Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency scheduled to be moved on reboot.
    C:\WINDOWS\mstinit.exe moved successfully.
    C:\Documents and Settings\Krystel\Application Data\inst.exe moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\CmSTP deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\SessMgr deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_boAH9zpTydWYzlU scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_518.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_141808

    Files moved on Reboot...
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist moved successfully.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency moved successfully.
    File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_boAH9zpTydWYzlU not found!
    C:\WINDOWS\temp\Perflib_Perfdata_518.dat moved successfully.
    0
  9. JoKeR974
     
    désolé, fallait que je m'achete un nouveau clavier...
    voila le rapport de sdifx:

    [b]SDFix: Version 1.240 [/b]
    Run by Krystel on 06/02/2009 at 17:04

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-06 17:16:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    disk error: C:\WINDOWS\system32\config\system, 0
    scanning hidden registry entries ...

    disk error: C:\WINDOWS\system32\config\software, 0
    disk error: C:\Documents and Settings\Krystel\ntuser.dat, 0
    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Documents and Settings\\Krystel\\Local Settings\\Temp\\~tmp\\mdnk34\\mdmm.exe"="C:\\Documents and Settings\\Krystel\\Local Settings\\Temp\\~tmp\\mdnk34\\mdmm.exe:*:Disabled:mdmm"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    [b]Finished![/b]
    0
  10. JoKeR974
     
    Et enfin le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:24:35, on 06/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\TuneUpDefragService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  11. gen-hackman
     
    bonjour ,

    relance rsit stp(uniquement le log.txt)
    0
    1. JoKeR974
       
      salut, voila le log de rsit:


      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Krystel at 2009-02-07 12:32:58
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 27 GB (35%) free of 76 GB
      Total RAM: 894 MB (49% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:32:59, on 07/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
      C:\WINDOWS\system\wcdvtray.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
      C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      C:\Program Files\Eset\nod32krn.exe
      c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Krystel.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
      O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
      O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
      O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
      O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
      0
  12. gen-hackman
     
    -- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
    0
  13. JoKeR974
     
    Salut gen, voila le rapport de combofix (j'ai plané en le lancant, j'ai refusé d'installer la console de recuperation en pensant avoir besoin d'une connexion internet et comme mon antivirus et anti spyware etaient disabled, j'ai eu un peu peur):

    ComboFix 09-02-08.01 - Krystel 2009-02-09 19:37:38.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.566 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Krystel\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system\spoolsv.exe
    c:\windows\system32\drivers\gaopdxoecpcjtp.sys
    c:\windows\system32\gaopdxcounter
    c:\windows\system32\gaopdxvpwuntdg.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gaopdxserv.sys

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-06 20:43 . 2009-02-06 20:43 0 --a------ c:\windows\nsreg.dat
    2009-02-06 17:04 . 2009-02-06 17:04 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-02-06 17:01 . 2009-02-06 17:01 <REP> d-------- c:\windows\ERUNT
    2009-02-06 15:14 . 2009-02-07 09:48 <REP> d-------- c:\documents and settings\Krystel\Application Data\Spy Emergency
    2009-02-06 14:28 . 2009-02-06 17:17 <REP> d-------- C:\SDFix
    2009-02-06 14:18 . 2009-02-06 14:18 <REP> d-------- C:\_OTMoveIt
    2009-02-06 14:18 . 2009-01-15 18:06 81,920 --a------ c:\windows\sessmgr.exe
    2009-02-06 13:06 . 2009-02-06 13:07 <REP> d-------- C:\rsit
    2009-02-06 12:38 . 2009-02-06 12:38 <REP> d-------- c:\program files\Trend Micro
    2009-02-06 11:51 . 2009-02-06 11:51 <REP> d-------- c:\windows\system32\config\systemprofile\Bureau
    2009-02-06 11:45 . 2009-02-06 11:49 63 --a------ c:\windows\system\SysSD.dll
    2009-02-06 09:41 . 2009-02-06 09:41 <REP> d-------- c:\program files\NETGATE
    2009-02-06 09:41 . 2009-02-06 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\NETGATE
    2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe
    2009-02-06 09:41 . 2008-08-11 16:13 15,288 --a------ c:\windows\system32\drivers\spyemrg_access.sys
    2009-02-06 09:41 . 2008-02-05 11:10 14,392 --a------ c:\windows\system32\drivers\spyemrg_guard.sys
    2009-02-06 09:41 . 2008-02-05 11:10 12,344 --a------ c:\windows\system32\drivers\spyemrg.sys
    2009-02-02 15:07 . 2009-02-02 15:07 54,156 --ah----- c:\windows\QTFont.qfn
    2009-02-02 15:07 . 2009-02-02 15:07 1,409 --a------ c:\windows\QTFont.for
    2009-02-01 18:57 . 2009-02-01 18:57 <REP> d-------- c:\documents and settings\Krystel\DoctorWeb
    2009-02-01 18:48 . 2009-02-01 18:48 <REP> d-------- c:\program files\CCleaner
    2009-02-01 13:55 . 2009-02-06 22:36 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-02-01 13:55 . 2009-02-01 13:57 37,888 --a------ c:\windows\system32\rar.exe
    2009-02-01 13:55 . 2009-02-01 19:27 97 --a------ c:\windows\system32\Chan1.dat
    2009-02-01 13:55 . 2009-02-01 13:55 0 --a------ c:\windows\system32\Installed.dat
    2009-01-18 16:36 . 2009-01-18 16:36 <REP> d-------- c:\windows\system32\Lang
    2009-01-18 16:20 . 2009-01-18 16:33 <REP> d-------- c:\documents and settings\Krystel\Application Data\Vso
    2009-01-18 16:20 . 2009-01-18 16:20 94,208 --a------ c:\windows\system32\drivers\ezplay.sys
    2009-01-18 16:20 . 2009-01-18 16:33 94,208 --a------ c:\documents and settings\Krystel\Application Data\ezplay.sys
    2009-01-18 16:20 . 2009-01-18 16:20 47,360 --a------ c:\documents and settings\Krystel\Application Data\pcouffin.sys
    2009-01-17 03:02 . 2009-01-17 03:02 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
    2009-01-15 18:43 . 2009-01-15 18:43 51 --a------ c:\windows\system32\blue.SITENAME
    2009-01-15 18:42 . 2002-09-24 11:12 2,653,888 --a------ c:\windows\system32\LTRDG13n.OCX
    2009-01-15 18:42 . 2002-09-24 11:12 534,192 --a------ c:\windows\system32\LTRVW13N.OCX
    2009-01-15 18:42 . 2002-09-24 11:12 466,624 --a------ c:\windows\system32\LTRPR13n.DLL
    2009-01-15 18:42 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll
    2009-01-15 18:42 . 2002-09-24 11:12 194,248 --a------ c:\windows\system32\LTRFD13n.DLL
    2009-01-15 18:42 . 2002-09-24 11:12 185,856 --a------ c:\windows\system32\lfpng13s.dll
    2009-01-15 18:42 . 2002-09-24 11:12 79,360 --a------ c:\windows\system32\lfeps13s.dll
    2009-01-15 18:42 . 2002-09-24 11:12 74,752 --a------ c:\windows\system32\lfgif13s.dll
    2009-01-15 18:42 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll
    2009-01-15 18:42 . 2009-01-15 18:43 404 --a------ c:\windows\VFO.VST
    2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.JP
    2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.IT
    2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.FR
    2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.ES
    2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.DE
    2009-01-15 18:40 . 2003-11-10 17:06 16,896 --------- c:\windows\system32\PSDrvCheck.NL
    2009-01-15 18:40 . 2003-10-21 10:02 16,896 --------- c:\windows\system32\PSDrvCheck.KO
    2009-01-15 18:38 . 2009-01-15 18:38 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-15 18:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
    2009-01-15 18:38 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll
    2009-01-15 18:38 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll
    2009-01-15 18:37 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll
    2009-01-15 18:37 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll
    2009-01-15 18:32 . 2009-01-15 18:34 <REP> d-------- c:\windows\system32\URTTemp
    2009-01-15 18:27 . 2009-01-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
    2009-01-15 18:25 . 2009-01-15 18:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-15 18:24 . 2003-11-25 06:02 196,096 --a------ c:\windows\system32\macd32.dll
    2009-01-15 18:24 . 2005-07-13 16:55 171,008 --a------ c:\windows\system32\drivers\MarvinBus.sys
    2009-01-15 18:24 . 2003-11-25 06:02 138,752 --a------ c:\windows\system32\mase32.dll
    2009-01-15 18:24 . 2003-11-25 06:02 136,192 --a------ c:\windows\system32\mamc32.dll
    2009-01-15 18:24 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL
    2009-01-15 18:24 . 2003-11-25 06:02 57,856 --a------ c:\windows\system32\masd32.dll
    2009-01-15 18:24 . 2003-11-25 06:02 27,648 --a------ c:\windows\system32\ma32.dll
    2009-01-15 18:24 . 2009-01-15 18:43 361 --a------ c:\windows\VFO.INI
    2009-01-15 18:23 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe
    2009-01-15 18:21 . 2009-01-15 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio
    2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\windows\system\cmstp.exe
    2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\documents and settings\Krystel\Application Data\spoolsv.exe
    2009-01-15 17:58 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
    2009-01-14 20:47 . 2009-01-14 20:47 118 --a------ c:\windows\system32\MRT.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-09 18:25 --------- d-----w c:\program files\ESET
    2009-02-07 22:03 --------- d-----w c:\program files\eMule
    2009-02-05 20:17 --------- d-----w c:\documents and settings\Krystel\Application Data\dvdcss
    2009-02-01 15:09 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-18 15:34 --------- d-----w c:\program files\vso
    2009-01-18 15:20 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
    2009-01-18 15:15 --------- d-----w c:\program files\QuickTime
    2009-01-18 15:07 --------- d-----w c:\program files\Ashampoo
    2009-01-16 23:17 --------- d-----w c:\documents and settings\Krystel\Application Data\VSO_HWE
    2009-01-15 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
    2009-01-15 17:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-15 17:41 --------- d-----w c:\program files\Pinnacle
    2009-01-15 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-08 10:15 --------- d-----w c:\program files\Microsoft Games
    2009-01-07 19:36 --------- d-----w c:\program files\Google
    2008-12-27 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
    2008-12-26 23:59 --------- d-----w c:\documents and settings\Krystel\Application Data\AdobeUM
    2008-12-26 23:29 --------- d-----w c:\documents and settings\Krystel\Application Data\Steinberg
    2008-12-26 23:23 --------- d-----w c:\program files\Syncrosoft
    2008-12-26 23:18 --------- d-----w c:\program files\Steinberg
    2008-12-26 18:38 --------- d-----w c:\program files\Microsoft Works
    2008-12-26 18:37 --------- d-----w c:\program files\MSBuild
    2008-12-26 11:32 --------- d-----w c:\program files\Larousse
    2008-12-26 11:31 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Lite
    2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Pro
    2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools
    2008-12-26 11:27 --------- d-----w c:\program files\DAEMON Tools Lite
    2008-12-26 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2008-12-26 11:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
    2008-12-26 02:37 --------- d-----w c:\documents and settings\Krystel\Application Data\InstallShield
    2008-12-26 00:51 --------- d-----w c:\program files\TuneUp Utilities 2008
    2008-12-26 00:50 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
    2008-12-26 00:50 --------- d-----w c:\documents and settings\Krystel\Application Data\TuneUp Software
    2008-12-26 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
    2008-12-26 00:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-12-26 00:29 --------- d-----w c:\program files\Driver-Soft
    2008-12-23 13:15 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-12-23 02:35 --------- d-----w c:\program files\WebCamDV
    2008-12-21 03:03 --------- d-----w c:\documents and settings\Krystel\Application Data\vlc
    2008-12-21 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
    2008-12-21 02:49 --------- d-----w c:\documents and settings\Krystel\Application Data\Nero
    2008-12-21 02:43 --------- d-----w c:\program files\Fichiers communs\Nero
    2008-12-21 02:31 --------- d-----w c:\program files\Nero
    2008-12-21 02:30 --------- d-----w c:\program files\Windows Sidebar
    2008-12-21 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2008-12-21 00:54 --------- d-----w c:\program files\PSCS2
    2008-12-21 00:53 --------- d-----w c:\program files\PSCS2Updater
    2008-12-21 00:45 --------- d-----w c:\program files\Windows Resource Kits
    2008-12-21 00:34 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
    2008-12-21 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
    2008-12-20 23:51 64,956 ----a-w c:\windows\BricoPackUninst.cmd
    2008-12-20 23:51 6,118 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-12-20 23:51 219,648 ----a-w c:\windows\system32\uxtheme.dll
    2008-12-19 23:39 --------- d-----w c:\program files\VideoLAN
    2008-12-19 22:27 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-19 22:27 --------- d-----w c:\program files\Windows Live
    2008-12-19 22:27 --------- d-----w c:\program files\Microsoft
    2008-12-19 22:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-19 14:55 --------- d-----w c:\program files\Synaptics
    2008-12-19 14:49 --------- d-----w c:\program files\ATI Technologies
    2008-12-19 14:46 --------- d-----w c:\program files\DIFX
    2008-12-19 14:29 --------- d-----w c:\program files\microsoft frontpage
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    .

    ------- Sigcheck -------

    2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    2008-10-16 02:01 670208 05033943ff61abd13b93c00337d04e92 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
    2008-10-16 02:04 671232 1c6e9fdab1f4cb983a39efba6f131acc c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
    2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    2006-04-12 19:13 667648 241dbc4c2714b2f39afded49459ed420 c:\windows\$NtUninstallKB958215$\wininet.dll
    2008-10-16 11:23 671744 f9ae6dbb4ec5b4d1a82bf2f0cb7ee200 c:\windows\ie7\wininet.dll
    2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
    2008-08-26 09:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\ie7updates\KB958215-IE7\wininet.dll
    2008-10-16 21:18 817152 812b055b0a0192fb08cdde968df7cc62 c:\windows\ServicePackFiles\i386\wininet.dll
    2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2GDR\wininet.dll
    2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2QFE\wininet.dll
    2008-08-26 09:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2GDR\wininet.dll
    2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2QFE\wininet.dll
    2008-10-16 21:18 817152 812b055b0a0192fb08cdde968df7cc62 c:\windows\system32\wininet.dll
    2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\system32\dllcache\wininet.dll

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe

    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Google Update"="c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-12 119280]
    "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368]
    "SpyEmergency"="c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [2008-10-16 1985080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
    "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408]
    "OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-15 282624]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="move" [X]
    "Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\Krystel\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2008-12-26 237568]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/usremcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=

    R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2009-02-06 12344]
    R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe [2009-02-06 727608]
    R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-27 33792]
    R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2009-02-06 15288]
    R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2009-02-06 14392]
    R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}]
    \Shell\AutoRun\command - E:\MobileLaunch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-725345543-1003.job
    - c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 18:39]

    2009-02-09 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\Krystel\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - plugin: c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-09 19:39:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,86,e9,a9,a0,81,
    8a,85,fd,2e,e8,e1,00,eb,16,2b,de,99,6d,c9,14,41,87,32,0e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c9,ff,1e,d0,d6,
    96,6f,db,46,47,15,b0,92,4b,c7,ef,b1,ea,84,80,31,23,01,3c,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,2c,96,22,db,a8,
    29,32,b0,7a,45,05,fd,91,e8,6f,31,a9,3b,72,b4,4c,6a,3c,b7,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,67,8b,45,20,30,
    40,9f,53,6b,65,49,6a,7e,99,74,f7,92,bb,53,a0,83,d2,14,03,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,56,a1,44,46,03,
    dc,cc,08,e9,02,6c,fa,fb,1d,47,57,92,62,09,75,63,04,0a,05,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,03,d2,90,2d,d0,
    2f,50,4f,50,93,e5,ab,ec,6a,4e,ab,62,06,c7,f4,10,75,31,f8,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,94,16,30,a5,de,
    10,77,55,97,20,4e,9a,c7,f1,35,ee,66,89,75,70,ca,98,bd,f8,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ef,78,ac,3d,08,
    fd,4f,28,aa,52,c6,00,84,3c,26,64,38,35,dd,84,16,33,4d,e0,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f5,0f,09,f9,a1,
    39,da,fe,b2,46,9a,e2,1b,fe,1b,94,ec,ea,bb,30,e6,79,29,4b,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,46,b1,7c,8b,0e,
    8b,c6,9f,37,a4,aa,c3,a6,15,56,0a,85,44,27,08,d5,a9,17,7b,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3d,a5,9a,2e,71,
    19,1b,7f,f8,31,0f,a9,5f,a0,ec,fb,ca,f3,22,9c,da,9b,1d,e1,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bd,21,16,ac,87,
    15,68,68,05,73,21,dd,54,d8,4a,c5,e0,12,4b,f7,ca,a3,12,f3,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(820)
    c:\windows\system32\scecli.dll
    .
    Heure de fin: 2009-02-09 19:40:28
    ComboFix-quarantined-files.txt 2009-02-09 18:40:24

    Avant-CF: 27,578,687,488 octets libres
    Après-CF: 27,603,013,632 octets libres

    354 --- E O F --- 2009-01-17 02:03:20
    0
  14. gen-hackman
     
    ok relance rsit stp (uniquement le log.txt)
    0
  15. JoKeR974
     
    ok, voila le rapport RSIT:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Krystel at 2009-02-10 22:59:32
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 26 GB (34%) free of 76 GB
    Total RAM: 894 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:39, on 10/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system\wcdvtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Krystel.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  16. gen-hackman
     
    Run by Krystel at 2009-02-10 22:59:32

    salut c est quoi cette horloge ?
    0
  17. gen-hackman
     
    bon je pense qu on va l avoir la :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal : C:\WINDOWS\vb.ini

    http://www.virustotal.com/flash/index_en.html

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : Chemin\Fichier
    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    * Fais la même chose avec ces fichiers :

    C:\WINDOWS\owcdvtxt.txt
    C:\pnp
    C:\WINDOWS\OPTIONS
    C:\SDSignature.txt

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

    ensuite :

    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :


    :processes
    explorer.exe

    :services
    Spy Emergency Engine Service

    :files
    C:\WINDOWS\System32\Drivers\spyemrg.sys
    C:\WINDOWS\System32\Drivers\spyemrg_access.sys
    C:\WINDOWS\System32\Drivers\spyemrg_guard.sys
    C:\WINDOWS\sessmgr.exe
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency
    C:\Program Files\NETGATE
    C:\Documents and Settings\All Users\Application Data\NETGATE

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0fa051b-cdda-11dd-8c3b-001636699601}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}]

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ensuite :

    Telecharge maintenant FindyKill sur ton bureau :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  18. JoKeR974
     
    Salut gen, voila le premier rapport pour vb.ini:

    Fichier vb.ini reçu le 2009.02.11 14:12:35 (CET)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.11 -
    AhnLab-V3 2009.2.11.0 2009.02.11 -
    AntiVir 7.9.0.76 2009.02.11 -
    Authentium 5.1.0.4 2009.02.11 -
    Avast 4.8.1335.0 2009.02.10 -
    AVG 8.0.0.229 2009.02.11 -
    BitDefender 7.2 2009.02.11 -
    CAT-QuickHeal 10.00 2009.02.11 -
    ClamAV 0.94.1 2009.02.11 -
    Comodo 973 2009.02.11 -
    DrWeb 4.44.0.09170 2009.02.11 -
    eSafe 7.0.17.0 2009.02.11 -
    eTrust-Vet 31.6.6350 2009.02.11 -
    F-Prot 4.4.4.56 2009.02.10 -
    F-Secure 8.0.14470.0 2009.02.11 -
    Fortinet 3.117.0.0 2009.02.11 -
    GData 19 2009.02.11 -
    Ikarus T3.1.1.45.0 2009.02.11 -
    K7AntiVirus 7.10.582 2009.01.09 -
    Kaspersky 7.0.0.125 2009.02.11 -
    McAfee 5522 2009.02.10 -
    McAfee+Artemis 5522 2009.02.10 -
    Microsoft 1.4306 2009.02.11 -
    NOD32 3845 2009.02.11 -
    Norman 6.00.02 2009.02.11 -
    nProtect 2009.1.8.0 2009.02.11 -
    Panda 9.4.3.20 2009.02.11 -
    PCTools 4.4.2.0 2009.02.11 -
    Prevx1 V2 2009.02.11 -
    Rising 21.16.22.00 2009.02.11 -
    SecureWeb-Gateway 6.7.6 2009.02.11 -
    Sophos 4.38.0 2009.02.11 -
    Sunbelt 3.2.1851.2 2009.02.11 -
    Symantec 10 2009.02.11 -
    TheHacker 6.3.1.85.252 2009.02.11 -
    TrendMicro 8.700.0.1004 2009.02.11 -
    VBA32 3.12.8.12 2009.02.11 -
    ViRobot 2009.2.11.1600 2009.02.11 -
    VirusBuster 4.5.11.0 2009.02.10 -
    Information additionnelle
    File size: 36 bytes
    MD5...: 487403459f0b2f1a3adeef02496bd80e
    SHA1..: aa5e14c491d9ea5fea18e8736dcb9a0fe03ecc10
    SHA256: 6ab8e6e2446ab45d2f7843f63481b4508f97952cf549a25d91a1a8c137d242a4
    SHA512: 1e314ea79a59df929e0e55f1c595e64567b040c1a1e0ceecfee34d2769245b66<br>bb51b0086d0cc683285e90acfae080ccdb873d37f37940113eaaa9a4e28812ec
    ssdeep: 3:lB2l31WKp:lB2l31F<br>
    PEiD..: -
    TrID..: File type identification<br>Generic INI configuration (100.0%)
    PEInfo: -

    celui de owcdvtxt.txt:

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.11 -
    AhnLab-V3 2009.2.11.0 2009.02.11 -
    AntiVir 7.9.0.76 2009.02.11 -
    Authentium 5.1.0.4 2009.02.11 -
    Avast 4.8.1335.0 2009.02.10 -
    AVG 8.0.0.229 2009.02.11 -
    BitDefender 7.2 2009.02.11 -
    CAT-QuickHeal 10.00 2009.02.11 -
    ClamAV 0.94.1 2009.02.11 -
    Comodo 973 2009.02.11 -
    DrWeb 4.44.0.09170 2009.02.11 -
    eSafe 7.0.17.0 2009.02.11 -
    eTrust-Vet 31.6.6350 2009.02.11 -
    F-Prot 4.4.4.56 2009.02.10 -
    F-Secure 8.0.14470.0 2009.02.11 -
    Fortinet 3.117.0.0 2009.02.11 -
    GData 19 2009.02.11 -
    Ikarus T3.1.1.45.0 2009.02.11 -
    K7AntiVirus 7.10.582 2009.01.09 -
    Kaspersky 7.0.0.125 2009.02.11 -
    McAfee 5522 2009.02.10 -
    McAfee+Artemis 5522 2009.02.10 -
    Microsoft 1.4306 2009.02.11 -
    NOD32 3845 2009.02.11 -
    Norman 6.00.02 2009.02.11 -
    nProtect 2009.1.8.0 2009.02.11 -
    Panda 9.4.3.20 2009.02.11 -
    PCTools 4.4.2.0 2009.02.11 -
    Prevx1 V2 2009.02.11 -
    Rising 21.16.22.00 2009.02.11 -
    SecureWeb-Gateway 6.7.6 2009.02.11 -
    Sophos 4.38.0 2009.02.11 -
    Sunbelt 3.2.1851.2 2009.02.11 -
    Symantec 10 2009.02.11 -
    TheHacker 6.3.1.85.252 2009.02.11 -
    TrendMicro 8.700.0.1004 2009.02.11 -
    VBA32 3.12.8.12 2009.02.11 -
    ViRobot 2009.2.11.1600 2009.02.11 -
    VirusBuster 4.5.11.0 2009.02.10 -
    Information additionnelle
    File size: 18 bytes
    MD5...: cebf648aa394ba563ee84cf89174c41b
    SHA1..: ac6ab9e815e48b2ac307b0c7fa2ac3bb8b07fb4e
    SHA256: 3fe2e2c3bfe4d6e121683437188b9012017f14c66bd3b421a4fcd2d671a13c5b
    SHA512: db286c64d3c2750b8ce10285297cc0cb9f0121f74a5db6675ec7bce6da82f873<br>dbeab7a74f60dfcacdb2029fc83fe6a7b3f5905dbe73dbf0ce222b069531736b
    ssdeep: 3:5hGVUVY:/XC<br>
    PEiD..: -
    TrID..: File type identification<br>Unknown!
    PEInfo: -

    et celui de SDSignature.txt

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.11 -
    AhnLab-V3 5.0.0.2 2009.02.11 -
    AntiVir 7.9.0.76 2009.02.11 -
    Authentium 5.1.0.4 2009.02.11 -
    Avast 4.8.1335.0 2009.02.10 -
    AVG 8.0.0.229 2009.02.11 -
    BitDefender 7.2 2009.02.11 -
    CAT-QuickHeal 10.00 2009.02.11 -
    ClamAV 0.94.1 2009.02.11 -
    Comodo 974 2009.02.11 -
    DrWeb 4.44.0.09170 2009.02.11 -
    eSafe 7.0.17.0 2009.02.11 -
    eTrust-Vet 31.6.6350 2009.02.11 -
    F-Prot 4.4.4.56 2009.02.10 -
    F-Secure 8.0.14470.0 2009.02.11 -
    Fortinet 3.117.0.0 2009.02.11 -
    GData 19 2009.02.11 -
    Ikarus T3.1.1.45.0 2009.02.11 -
    K7AntiVirus 7.10.626 2009.02.10 -
    Kaspersky 7.0.0.125 2009.02.11 -
    McAfee 5522 2009.02.10 -
    McAfee+Artemis 5522 2009.02.10 -
    Microsoft 1.4306 2009.02.11 -
    NOD32 3845 2009.02.11 -
    Norman 6.00.02 2009.02.11 -
    nProtect 2009.1.8.0 2009.02.11 -
    Panda 10.0.0.10 2009.02.11 -
    PCTools 4.4.2.0 2009.02.11 -
    Prevx1 V2 2009.02.11 -
    Rising 21.16.22.00 2009.02.11 -
    SecureWeb-Gateway 6.7.6 2009.02.11 -
    Sophos 4.38.0 2009.02.11 -
    Sunbelt 3.2.1851.2 2009.02.11 -
    Symantec 10 2009.02.11 -
    TheHacker 6.3.1.85.252 2009.02.11 -
    TrendMicro 8.700.0.1004 2009.02.11 -
    VBA32 3.12.8.12 2009.02.11 -
    ViRobot 2009.2.11.1600 2009.02.11 -
    VirusBuster 4.5.11.0 2009.02.10 -
    Information additionnelle
    File size: 4 bytes
    MD5...: f1d3ff8443297732862df21dc4e57262
    SHA1..: 9069ca78e7450a285173431b3e52c5c25299e473
    SHA256: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119
    SHA512: ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041e<br>ff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3<br>
    ssdeep: 3::<br>
    PEiD..: -
    TrID..: File type identification<br>Unknown!
    PEInfo: -
    CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f1d3ff8443297732862df21dc4e57262' target='_blank'>http://research.sunbelt-software.com/...

    Je ne peux pas faire analyser C:\pnp et C:\WINDOWS\OPTIONS car ce sont des dossiers et non des fichiers.
    0
  19. JoKeR974
     
    le rapport de OTMoveit:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service Spy Emergency Engine Service .
    ========== FILES ==========
    C:\WINDOWS\System32\Drivers\spyemrg.sys moved successfully.
    C:\WINDOWS\System32\Drivers\spyemrg_access.sys moved successfully.
    C:\WINDOWS\System32\Drivers\spyemrg_guard.sys moved successfully.
    C:\WINDOWS\sessmgr.exe moved successfully.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Log moved successfully.
    Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist scheduled to be moved on reboot.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Cage moved successfully.
    Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency scheduled to be moved on reboot.
    C:\Program Files\NETGATE\Spy Emergency 2008\Trial moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Tools moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Silver moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Red moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Green moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Gold moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Default moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Blue moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Skins moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Spanish moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Slovenian moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Slovak moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Russian moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Portuguese moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Polish moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Italiano moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Hungarian moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\French moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\English moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Dutch moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Czech moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\ChineseT moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\ChineseS moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Arabic moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008\Languages moved successfully.
    Folder move failed. C:\Program Files\NETGATE\Spy Emergency 2008 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\NETGATE scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE scheduled to be moved on reboot.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0fa051b-cdda-11dd-8c3b-001636699601}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}\\ deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_gqNwWElyTOzGxR85IM6V scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_000820

    Files moved on Reboot...
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist moved successfully.
    C:\Documents and Settings\Krystel\Application Data\Spy Emergency moved successfully.
    C:\Program Files\NETGATE\Spy Emergency 2008 moved successfully.
    C:\Program Files\NETGATE moved successfully.
    C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration moved successfully.
    C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency moved successfully.
    C:\Documents and Settings\All Users\Application Data\NETGATE moved successfully.
    File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_gqNwWElyTOzGxR85IM6V not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat not found!
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\XUL.mfl moved successfully.
    0
  • 1
  • 2
  • 3