Impossible de lancer IE Fermé

Question

Bonjour a tous, voila mon problème, je suis depuis quelques jours tracassé par la lenteur de ma connexion internet, jusqu'ici, j'utilisais internet explorer par défaut et de temps en temps google chrome que j'ai installé récemment. Mais  depuis quelques jours, il m'est devenu impossible de lancer internet explorer et quand par chance j'y arrive, il prend un temps interminable pour charger quoi que ce soit, je me suis résigné a utiliser google chrome mais le problèème c'est que celui ci est presque aussi lent.
J'utilise l'antivirus nod32 qui m'a signalé depuis la presence d'un virus http://rec2.faderups.com que j'ai bien sur mis en quarantaine, mais qui ne cessait de revenir a chaque connexion internet, j'ai donc procédé a un scan avec spy emergency qui me l'a apparemment viré et enfin un nettoyage du registre avec Ccleaner.
Je ne recois plus de fenetres d'avertissement de la part de nod 32 mais internet explorer ne veut touours pas se lancer et ca commence a me gaver d'avoir a attendre 30 secondes a chaque fois juste pour ouvrir une simple page internet, ne parlons meme pas de youtube, c'est meme pas la peine d'essayer.

J'espere recevoir vos reponses assez vite, merci d'avance

Système:

microsoft xp pro
SP3

Ordinateur:

Intel celeron M CPU
410 @ 1.46GHz
1.47 GHz, 896 Mo de RAM

gen-hackman · Answer

Intel celeron M CPU 
410 @ 1.46GHz 

bonsoir...un peu lège


commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser: 


Télécharges et installes le logiciel de diagnostic HijackThis : 

ici HijackThis 
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html 

ou renommé :

http://pagesperso-orange.fr/yo-sen/HJTNew.exe

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

tuto pour utilisation : 
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34), 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement ) 

2- !! Déconnectes toi et fermes toute tes applications en cours !! 

Cliques sur le raccourci du bureau pour lancer le prg : 
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile" 

--->copies-colles le rapport généré pour analyse

JoKeR974 · Answer

Salut gen-hackman et merci pour la rapidité de ta réponse, j'ai donc fait un rapport hijack this que voici, mais je ne sais pas comment renommer ma page d'accueil Iexplorer qui d'ailleurs est msn:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:32, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System\cmstp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\Krystel\APPLIC~1\spoolsv.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Krystel\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

gen-hackman · Answer

re,

 Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer . 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum 


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

JoKeR974 · Answer

Trop rapide pour moi ce gen-hackman.. j'ai fait exactement ce que tu m'as dit donc voici le log:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-06 13:13:45
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 894 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:49, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System\cmstp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\Krystel\APPLIC~1\spoolsv.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\Krystel\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Krystel\LOCALS~1\Temp\cmstp.exe /waitservice (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

JoKeR974 · Answer

Et voici l'info.txt:

info.txt logfile of random's system information tool 1.05 2009-02-06 13:07:01

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5} 
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ashampoo Magical Defrag 2-->"C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivxToDVD 1.99.24-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
MasterCook 5 : LGLC-->C:\WINDOWS\IsUn040c.exe -f"C:\SIERRA\MasterCook 5\Uninst.isu" -c"C:\SIERRA\MasterCook 5\uninst32.DLL"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
Petit Larousse 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{422FADA9-FED2-41D7-B5FA-472BB98B7784}\Setup.exe" -l0x40c 
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x40c UNINSTALL
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036 
RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} 
Spy Emergency 2008-->"C:\Program Files\NETGATE\Spy Emergency 2008\unins000.exe"
Steinberg Cubase SX 3-->"C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\install.log"
Studio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x40c  UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Atheros (AR5211) Net  (01/20/2006 4.2.2.7)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE
et5211_0FDF15AF88D844288A8E3C4928B42B68066CD23C
et5211.inf
Windows Driver Package - ATI Technologies Inc System  (12/20/2004 5.10.1000.5)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\smbusati_9EFEB626B3AA84A38BE73D29FB04E5C8A1A6D299\smbusati.inf
Windows Driver Package - Ralink Technology, Inc. (RT61) Net  (08/02/2006 1.01.02.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTOREt61_735C21C954D92A4FB09BCB74A5A879FDC94C7E3Ct61.inf
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======



127.0.0.1       localhost


======Security center information======

AV: ESET NOD32 antivirus system 2.70
AS: Spy Emergency
AS: Spyware Doctor (disabled)

System event log

Computer Name: XPSP2-75E3DCA19
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 1684
Source Name: Tcpip
Time Written: 20090103203346.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.1.5 pour la carte réseau dont l'adresse réseau est 000DF02EC5B8
a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).

Record Number: 1683
Source Name: Dhcp
Time Written: 20090103200113.000000+060
Event Type: erreur
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 1682
Source Name: Tcpip
Time Written: 20090103200056.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 4202
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{07F020AF-9BF5-4990-9E41-9FA2F64F6D6C} était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.

Record Number: 1681
Source Name: Tcpip
Time Written: 20090103200051.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 4202
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{562AE5EC-8BB3-4256-A9A1-4A3517976A4E} était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.

Record Number: 1680
Source Name: Tcpip
Time Written: 20090103200051.000000+060
Event Type: Informations
User: 

Application event log

Computer Name: XPSP2-75E3DCA19
Event Code: 0
Message: 
Record Number: 293
Source Name: gusvc
Time Written: 20090101124347.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 0
Message: 
Record Number: 292
Source Name: gusvc
Time Written: 20090101124147.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 291
Source Name: SecurityCenter
Time Written: 20090101051235.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 0
Message: 
Record Number: 290
Source Name: gusvc
Time Written: 20090101013351.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-75E3DCA19
Event Code: 0
Message: 
Record Number: 289
Source Name: gusvc
Time Written: 20090101013151.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

gen-hackman · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort. 

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe 

:files 
C:\Program Files\SpywareDetector
C:\Documents and Settings\Krystel\Application Data\sessmgr.exe 
C:\Documents and Settings\Krystel\Application Data\Spy Emergency 
C:\WINDOWS\mstinit.exe  
C:\Documents and Settings\Krystel\Application Data\inst.exe 
C:\Program Files\NETGATE   

:reg 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 
"CmSTP"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 
"SessMgr"=-




:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :


Télécharge SDFix sur ton bureau : 
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe. 
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe­ 
ou ici http://sdfix.net/SDFix.exe 

--> Double-clique sur SDFix.exe et choisis "Install" . 

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ ) 

Puis une fois l'installe faite , 

Impératif : Démarrer en mode sans echec . 

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec : 
1) Redémarre ton ordi . 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" . 
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] . 
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ... 


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil . 
-->Tapes Y pour lancer le script ... 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc : 
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche . 

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier 
C:\SDFix sous le nom "Report.txt". 

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse

JoKeR974 · Answer

le rapport de OTMoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\SpywareDetector\Setting moved successfully.
C:\Program Files\SpywareDetector moved successfully.
C:\Documents and Settings\Krystel\Application Data\sessmgr.exe moved successfully.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Log moved successfully.
Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist scheduled to be moved on reboot.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Cage moved successfully.
Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency scheduled to be moved on reboot.
C:\WINDOWS\mstinit.exe moved successfully.
C:\Documents and Settings\Krystel\Application Data\inst.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SessMgr deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_boAH9zpTydWYzlU scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_518.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_141808

Files moved on Reboot...
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist moved successfully.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency moved successfully.
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_boAH9zpTydWYzlU not found!
C:\WINDOWS	emp\Perflib_Perfdata_518.dat moved successfully.

gen-hackman · Answer

ok la suite :)

JoKeR974 · Answer

désolé, fallait que je m'achete un nouveau clavier...
voila le rapport de sdifx:

[b]SDFix: Version 1.240 [/b]
Run by Krystel on 06/02/2009 at 17:04

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 17:16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Krystel
tuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\Krystel\Local Settings\Temp\~tmp\mdnk34\mdmm.exe"="C:\Documents and Settings\Krystel\Local Settings\Temp\~tmp\mdnk34\mdmm.exe:*:Disabled:mdmm"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

JoKeR974 · Answer

Et enfin le rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:35, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

gen-hackman · Answer

bonjour ,

relance rsit stp(uniquement le log.txt)

gen-hackman · Answer

-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

JoKeR974 · Answer

Salut gen, voila le rapport de combofix (j'ai plané en le lancant, j'ai refusé d'installer la console de recuperation en pensant avoir besoin d'une connexion internet et comme mon antivirus et anti spyware etaient disabled, j'ai eu un peu peur):

ComboFix 09-02-08.01 - Krystel 2009-02-09 19:37:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.566 [GMT 1:00]
Lancé depuis: c:\documents and settings\Krystel\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\spoolsv.exe
c:\windows\system32\drivers\gaopdxoecpcjtp.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxvpwuntdg.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 20:43 . 2009-02-06 20:43 0 --a------ c:\windows\nsreg.dat
2009-02-06 17:04 . 2009-02-06 17:04 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-06 17:01 . 2009-02-06 17:01 <REP> d-------- c:\windows\ERUNT
2009-02-06 15:14 . 2009-02-07 09:48 <REP> d-------- c:\documents and settings\Krystel\Application Data\Spy Emergency
2009-02-06 14:28 . 2009-02-06 17:17 <REP> d-------- C:\SDFix
2009-02-06 14:18 . 2009-02-06 14:18 <REP> d-------- C:\_OTMoveIt
2009-02-06 14:18 . 2009-01-15 18:06 81,920 --a------ c:\windows\sessmgr.exe
2009-02-06 13:06 . 2009-02-06 13:07 <REP> d-------- C:\rsit
2009-02-06 12:38 . 2009-02-06 12:38 <REP> d-------- c:\program files\Trend Micro
2009-02-06 11:51 . 2009-02-06 11:51 <REP> d-------- c:\windows\system32\config\systemprofile\Bureau
2009-02-06 11:45 . 2009-02-06 11:49 63 --a------ c:\windows\system\SysSD.dll
2009-02-06 09:41 . 2009-02-06 09:41 <REP> d-------- c:\program files\NETGATE
2009-02-06 09:41 . 2009-02-06 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\NETGATE
2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe
2009-02-06 09:41 . 2008-08-11 16:13 15,288 --a------ c:\windows\system32\drivers\spyemrg_access.sys
2009-02-06 09:41 . 2008-02-05 11:10 14,392 --a------ c:\windows\system32\drivers\spyemrg_guard.sys
2009-02-06 09:41 . 2008-02-05 11:10 12,344 --a------ c:\windows\system32\drivers\spyemrg.sys
2009-02-02 15:07 . 2009-02-02 15:07 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-02 15:07 . 2009-02-02 15:07 1,409 --a------ c:\windows\QTFont.for
2009-02-01 18:57 . 2009-02-01 18:57 <REP> d-------- c:\documents and settings\Krystel\DoctorWeb
2009-02-01 18:48 . 2009-02-01 18:48 <REP> d-------- c:\program files\CCleaner
2009-02-01 13:55 . 2009-02-06 22:36 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-01 13:55 . 2009-02-01 13:57 37,888 --a------ c:\windows\system32\rar.exe
2009-02-01 13:55 . 2009-02-01 19:27 97 --a------ c:\windows\system32\Chan1.dat
2009-02-01 13:55 . 2009-02-01 13:55 0 --a------ c:\windows\system32\Installed.dat
2009-01-18 16:36 . 2009-01-18 16:36 <REP> d-------- c:\windows\system32\Lang
2009-01-18 16:20 . 2009-01-18 16:33 <REP> d-------- c:\documents and settings\Krystel\Application Data\Vso
2009-01-18 16:20 . 2009-01-18 16:20 94,208 --a------ c:\windows\system32\drivers\ezplay.sys
2009-01-18 16:20 . 2009-01-18 16:33 94,208 --a------ c:\documents and settings\Krystel\Application Data\ezplay.sys
2009-01-18 16:20 . 2009-01-18 16:20 47,360 --a------ c:\documents and settings\Krystel\Application Data\pcouffin.sys
2009-01-17 03:02 . 2009-01-17 03:02 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2009-01-15 18:43 . 2009-01-15 18:43 51 --a------ c:\windows\system32\blue.SITENAME
2009-01-15 18:42 . 2002-09-24 11:12 2,653,888 --a------ c:\windows\system32\LTRDG13n.OCX
2009-01-15 18:42 . 2002-09-24 11:12 534,192 --a------ c:\windows\system32\LTRVW13N.OCX
2009-01-15 18:42 . 2002-09-24 11:12 466,624 --a------ c:\windows\system32\LTRPR13n.DLL
2009-01-15 18:42 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll
2009-01-15 18:42 . 2002-09-24 11:12 194,248 --a------ c:\windows\system32\LTRFD13n.DLL
2009-01-15 18:42 . 2002-09-24 11:12 185,856 --a------ c:\windows\system32\lfpng13s.dll
2009-01-15 18:42 . 2002-09-24 11:12 79,360 --a------ c:\windows\system32\lfeps13s.dll
2009-01-15 18:42 . 2002-09-24 11:12 74,752 --a------ c:\windows\system32\lfgif13s.dll
2009-01-15 18:42 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-01-15 18:42 . 2009-01-15 18:43 404 --a------ c:\windows\VFO.VST
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.JP
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.IT
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.FR
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.ES
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.DE
2009-01-15 18:40 . 2003-11-10 17:06 16,896 --------- c:\windows\system32\PSDrvCheck.NL
2009-01-15 18:40 . 2003-10-21 10:02 16,896 --------- c:\windows\system32\PSDrvCheck.KO
2009-01-15 18:38 . 2009-01-15 18:38 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-15 18:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-15 18:38 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll
2009-01-15 18:38 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll
2009-01-15 18:37 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll
2009-01-15 18:37 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll
2009-01-15 18:32 . 2009-01-15 18:34 <REP> d-------- c:\windows\system32\URTTemp
2009-01-15 18:27 . 2009-01-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-01-15 18:25 . 2009-01-15 18:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-15 18:24 . 2003-11-25 06:02 196,096 --a------ c:\windows\system32\macd32.dll
2009-01-15 18:24 . 2005-07-13 16:55 171,008 --a------ c:\windows\system32\drivers\MarvinBus.sys
2009-01-15 18:24 . 2003-11-25 06:02 138,752 --a------ c:\windows\system32\mase32.dll
2009-01-15 18:24 . 2003-11-25 06:02 136,192 --a------ c:\windows\system32\mamc32.dll
2009-01-15 18:24 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL
2009-01-15 18:24 . 2003-11-25 06:02 57,856 --a------ c:\windows\system32\masd32.dll
2009-01-15 18:24 . 2003-11-25 06:02 27,648 --a------ c:\windows\system32\ma32.dll
2009-01-15 18:24 . 2009-01-15 18:43 361 --a------ c:\windows\VFO.INI
2009-01-15 18:23 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe
2009-01-15 18:21 . 2009-01-15 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\windows\system\cmstp.exe
2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\documents and settings\Krystel\Application Data\spoolsv.exe
2009-01-15 17:58 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2009-01-14 20:47 . 2009-01-14 20:47 118 --a------ c:\windows\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 18:25 --------- d-----w c:\program files\ESET
2009-02-07 22:03 --------- d-----w c:\program files\eMule
2009-02-05 20:17 --------- d-----w c:\documents and settings\Krystel\Application Data\dvdcss
2009-02-01 15:09 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-18 15:34 --------- d-----w c:\program files\vso
2009-01-18 15:20 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-18 15:15 --------- d-----w c:\program files\QuickTime
2009-01-18 15:07 --------- d-----w c:\program files\Ashampoo
2009-01-16 23:17 --------- d-----w c:\documents and settings\Krystel\Application Data\VSO_HWE
2009-01-15 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-01-15 17:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 17:41 --------- d-----w c:\program files\Pinnacle
2009-01-15 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-08 10:15 --------- d-----w c:\program files\Microsoft Games
2009-01-07 19:36 --------- d-----w c:\program files\Google
2008-12-27 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-26 23:59 --------- d-----w c:\documents and settings\Krystel\Application Data\AdobeUM
2008-12-26 23:29 --------- d-----w c:\documents and settings\Krystel\Application Data\Steinberg
2008-12-26 23:23 --------- d-----w c:\program files\Syncrosoft
2008-12-26 23:18 --------- d-----w c:\program files\Steinberg
2008-12-26 18:38 --------- d-----w c:\program files\Microsoft Works
2008-12-26 18:37 --------- d-----w c:\program files\MSBuild
2008-12-26 11:32 --------- d-----w c:\program files\Larousse
2008-12-26 11:31 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Lite
2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Pro
2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools
2008-12-26 11:27 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-26 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-26 11:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-26 02:37 --------- d-----w c:\documents and settings\Krystel\Application Data\InstallShield
2008-12-26 00:51 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-26 00:50 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-26 00:50 --------- d-----w c:\documents and settings\Krystel\Application Data\TuneUp Software
2008-12-26 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-26 00:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-26 00:29 --------- d-----w c:\program files\Driver-Soft
2008-12-23 13:15 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-23 02:35 --------- d-----w c:\program files\WebCamDV
2008-12-21 03:03 --------- d-----w c:\documents and settings\Krystel\Application Data\vlc
2008-12-21 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2008-12-21 02:49 --------- d-----w c:\documents and settings\Krystel\Application Data\Nero
2008-12-21 02:43 --------- d-----w c:\program files\Fichiers communs\Nero
2008-12-21 02:31 --------- d-----w c:\program files\Nero
2008-12-21 02:30 --------- d-----w c:\program files\Windows Sidebar
2008-12-21 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-21 00:54 --------- d-----w c:\program files\PSCS2
2008-12-21 00:53 --------- d-----w c:\program files\PSCS2Updater
2008-12-21 00:45 --------- d-----w c:\program files\Windows Resource Kits
2008-12-21 00:34 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2008-12-21 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-20 23:51 64,956 ----a-w c:\windows\BricoPackUninst.cmd
2008-12-20 23:51 6,118 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-12-20 23:51 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-12-19 23:39 --------- d-----w c:\program files\VideoLAN
2008-12-19 22:27 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-19 22:27 --------- d-----w c:\program files\Windows Live
2008-12-19 22:27 --------- d-----w c:\program files\Microsoft
2008-12-19 22:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-19 14:55 --------- d-----w c:\program files\Synaptics
2008-12-19 14:49 --------- d-----w c:\program files\ATI Technologies
2008-12-19 14:46 --------- d-----w c:\program files\DIFX
2008-12-19 14:29 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 02:01 670208 05033943ff61abd13b93c00337d04e92 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
2008-10-16 02:04 671232 1c6e9fdab1f4cb983a39efba6f131acc c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2006-04-12 19:13 667648 241dbc4c2714b2f39afded49459ed420 c:\windows\$NtUninstallKB958215$\wininet.dll
2008-10-16 11:23 671744 f9ae6dbb4ec5b4d1a82bf2f0cb7ee200 c:\windows\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 09:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 21:18 817152 812b055b0a0192fb08cdde968df7cc62 c:\windows\ServicePackFiles\i386\wininet.dll
2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2GDR\wininet.dll
2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\SoftwareDistribution\Download\9be74ccf2e967ebc45085789ed7bfc38\SP2QFE\wininet.dll
2008-08-26 09:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2GDR\wininet.dll
2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2QFE\wininet.dll
2008-10-16 21:18 817152 812b055b0a0192fb08cdde968df7cc62 c:\windows\system32\wininet.dll
2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\system32\dllcache\wininet.dll

2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-12 119280]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [2008-10-16 1985080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-15 282624]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Krystel\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2008-12-26 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/usremcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2009-02-06 12344]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe [2009-02-06 727608]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-27 33792]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2009-02-06 15288]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2009-02-06 14392]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}]
\Shell\AutoRun\command - E:\MobileLaunch.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-725345543-1003.job
- c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-12 18:39]

2009-02-09 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Krystel\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 19:39:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,86,e9,a9,a0,81,
8a,85,fd,2e,e8,e1,00,eb,16,2b,de,99,6d,c9,14,41,87,32,0e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c9,ff,1e,d0,d6,
96,6f,db,46,47,15,b0,92,4b,c7,ef,b1,ea,84,80,31,23,01,3c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,2c,96,22,db,a8,
29,32,b0,7a,45,05,fd,91,e8,6f,31,a9,3b,72,b4,4c,6a,3c,b7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,67,8b,45,20,30,
40,9f,53,6b,65,49,6a,7e,99,74,f7,92,bb,53,a0,83,d2,14,03,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,56,a1,44,46,03,
dc,cc,08,e9,02,6c,fa,fb,1d,47,57,92,62,09,75,63,04,0a,05,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,03,d2,90,2d,d0,
2f,50,4f,50,93,e5,ab,ec,6a,4e,ab,62,06,c7,f4,10,75,31,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,94,16,30,a5,de,
10,77,55,97,20,4e,9a,c7,f1,35,ee,66,89,75,70,ca,98,bd,f8,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ef,78,ac,3d,08,
fd,4f,28,aa,52,c6,00,84,3c,26,64,38,35,dd,84,16,33,4d,e0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f5,0f,09,f9,a1,
39,da,fe,b2,46,9a,e2,1b,fe,1b,94,ec,ea,bb,30,e6,79,29,4b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,46,b1,7c,8b,0e,
8b,c6,9f,37,a4,aa,c3,a6,15,56,0a,85,44,27,08,d5,a9,17,7b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3d,a5,9a,2e,71,
19,1b,7f,f8,31,0f,a9,5f,a0,ec,fb,ca,f3,22,9c,da,9b,1d,e1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bd,21,16,ac,87,
15,68,68,05,73,21,dd,54,d8,4a,c5,e0,12,4b,f7,ca,a3,12,f3,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-02-09 19:40:28
ComboFix-quarantined-files.txt 2009-02-09 18:40:24

Avant-CF: 27,578,687,488 octets libres
Après-CF: 27,603,013,632 octets libres

354 --- E O F --- 2009-01-17 02:03:20

gen-hackman · Answer

ok relance rsit stp (uniquement le log.txt)

JoKeR974 · Answer

ok, voila le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-10 22:59:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 26 GB (34%) free of 76 GB
Total RAM: 894 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:39, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

gen-hackman · Answer

Run by Krystel at 2009-02-10 22:59:32 

salut c est quoi cette horloge ?

JoKeR974 · Answer

J'habite en Australie...

gen-hackman · Answer

bon je pense qu on va l avoir la :

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
  - Coche    Afficher les fichiers et dossiers cachés
  - Décoche Masquer les extensions des fichiers dont le type est connu
  - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal : C:\WINDOWS\vb.ini 

http://www.virustotal.com/flash/index_en.html

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : Chemin\Fichier
    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.


    * Fais la même chose avec ces fichiers : 


C:\WINDOWS\owcdvtxt.txt 
C:\pnp
C:\WINDOWS\OPTIONS
C:\SDSignature.txt 

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort. 

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe

:services
Spy Emergency Engine Service

:files 
C:\WINDOWS\System32\Drivers\spyemrg.sys
C:\WINDOWS\System32\Drivers\spyemrg_access.sys
C:\WINDOWS\System32\Drivers\spyemrg_guard.sys
C:\WINDOWS\sessmgr.exe 
C:\Documents and Settings\Krystel\Application Data\Spy Emergency 
C:\Program Files\NETGATE 
C:\Documents and Settings\All Users\Application Data\NETGATE 


:reg 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0fa051b-cdda-11dd-8c3b-001636699601}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}] 

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :


Telecharge maintenant FindyKill sur ton bureau : 

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

JoKeR974 · Answer

Salut gen, voila le premier rapport pour vb.ini: Fichier vb.ini reçu le 2009.02.11 14:12:35 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 2009.2.11.0 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 973 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.10 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.582 2009.01.09 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3845 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 9.4.3.20 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.10 - Information additionnelle File size: 36 bytes MD5...: 487403459f0b2f1a3adeef02496bd80e SHA1..: aa5e14c491d9ea5fea18e8736dcb9a0fe03ecc10 SHA256: 6ab8e6e2446ab45d2f7843f63481b4508f97952cf549a25d91a1a8c137d242a4 SHA512: 1e314ea79a59df929e0e55f1c595e64567b040c1a1e0ceecfee34d2769245b66
bb51b0086d0cc683285e90acfae080ccdb873d37f37940113eaaa9a4e28812ec ssdeep: 3:lB2l31WKp:lB2l31F
PEiD..: - TrID..: File type identification
Generic INI configuration (100.0%) PEInfo: - celui de owcdvtxt.txt: Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 2009.2.11.0 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 973 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.10 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.582 2009.01.09 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3845 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 9.4.3.20 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.10 - Information additionnelle File size: 18 bytes MD5...: cebf648aa394ba563ee84cf89174c41b SHA1..: ac6ab9e815e48b2ac307b0c7fa2ac3bb8b07fb4e SHA256: 3fe2e2c3bfe4d6e121683437188b9012017f14c66bd3b421a4fcd2d671a13c5b SHA512: db286c64d3c2750b8ce10285297cc0cb9f0121f74a5db6675ec7bce6da82f873
dbeab7a74f60dfcacdb2029fc83fe6a7b3f5905dbe73dbf0ce222b069531736b ssdeep: 3:5hGVUVY:/XC
PEiD..: - TrID..: File type identification
Unknown! PEInfo: - et celui de SDSignature.txt Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 5.0.0.2 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 974 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.10 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.626 2009.02.10 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3845 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 10.0.0.10 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.10 - Information additionnelle File size: 4 bytes MD5...: f1d3ff8443297732862df21dc4e57262 SHA1..: 9069ca78e7450a285173431b3e52c5c25299e473 SHA256: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 SHA512: ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041e
ff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3
ssdeep: 3::
PEiD..: - TrID..: File type identification
Unknown! PEInfo: - CWSandbox info: http://research.sunbelt-software.com/... Je ne peux pas faire analyser C:\pnp et C:\WINDOWS\OPTIONS car ce sont des dossiers et non des fichiers.

JoKeR974 · Answer

le rapport de OTMoveit:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service Spy Emergency Engine Service .
========== FILES ==========
C:\WINDOWS\System32\Drivers\spyemrg.sys moved successfully.
C:\WINDOWS\System32\Drivers\spyemrg_access.sys moved successfully.
C:\WINDOWS\System32\Drivers\spyemrg_guard.sys moved successfully.
C:\WINDOWS\sessmgr.exe moved successfully.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Log moved successfully.
Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist scheduled to be moved on reboot.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Cage moved successfully.
Folder move failed. C:\Documents and Settings\Krystel\Application Data\Spy Emergency scheduled to be moved on reboot.
C:\Program Files\NETGATE\Spy Emergency 2008\Trial moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Tools moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Silver moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Red moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Green moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Gold moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Default moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins\Blue moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Skins moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Spanish moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Slovenian moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Slovak moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Russian moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Portuguese moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Polish moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Italiano moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Hungarian moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\French moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\English moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Dutch moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Czech moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\ChineseT moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\ChineseS moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages\Arabic moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008\Languages moved successfully.
Folder move failed. C:\Program Files\NETGATE\Spy Emergency 2008 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\NETGATE scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\NETGATE scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0fa051b-cdda-11dd-8c3b-001636699601}\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fa264a-e576-11dd-8c75-001636699601}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_gqNwWElyTOzGxR85IM6V scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_2d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_000820

Files moved on Reboot...
C:\Documents and Settings\Krystel\Application Data\Spy Emergency\Keeplist moved successfully.
C:\Documents and Settings\Krystel\Application Data\Spy Emergency moved successfully.
C:\Program Files\NETGATE\Spy Emergency 2008 moved successfully.
C:\Program Files\NETGATE moved successfully.
C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration moved successfully.
C:\Documents and Settings\All Users\Application Data\NETGATE\Spy Emergency moved successfully.
C:\Documents and Settings\All Users\Application Data\NETGATE moved successfully.
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_gqNwWElyTOzGxR85IM6V not found!
File C:\WINDOWS	emp\Perflib_Perfdata_2d0.dat not found!
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Krystel\Local Settings\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\XUL.mfl moved successfully.

JoKeR974 · Answer

et enfin le rapport findykill:

############################## [ FindyKill V4.716 ] 

# User : Krystel (Administrateurs) # XPSP2-75E3DCA19
# Update on 10/02/09 by Chiquitine29
# Start at: 00:23:54 | 12/02/2009

# Intel(R) Celeron(R) M CPU        410  @ 1.46GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
 
############################## [ Processus actifs ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\Prefetch ] 
 
 
################## [ C:\WINDOWS\system32 ] 
 
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\Documents and Settings\Krystel\Application Data ] 
 
 
################## [ C:\DOCUME~1\Krystel\LOCALS~1\Temp ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Etat / Services ] 
 
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ] 

Ndisuio # Type de démarrage = 3 
 
EapHost # Type de démarrage = 3 
 
Ip6Fw # Type de démarrage = 3 
 
SharedAccess # Type de démarrage = 2 
 
wuauserv # Type de démarrage = 2 
 
wscsvc # Type de démarrage = 2 
 
 
################## [ Recherche dans supports amovibles] 
 
# presence des fichiers :  

 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.716 ! ]  
 

note: j'ai un disque dur externe, j'aurais peut etre du te le dire avant... oups. En tout cas, lorsque je le branche il n'y a plus d'execution auto et je suis obligé de choisir explorer pour pouvoir l'utiliser, mais bon , c'est pas trop grave, je veux pas t'embeter avec ca, tu m'as deja bien depanné, j'arrive a utiliser internet explorer maintenant, meme si il y a un truc que je ne comprends pas, dans le menu demarrer je vois internet explorer "sans module complementaire" est ce normal?

gen-hackman · Answer

sans module complementaire

on y vient on a pas fini :


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Fais clic droit sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

JoKeR974 · Answer

ok,pas de soucis...
voila findykill:

############################## [ FindyKill V4.716 ] 

# User : Krystel (Administrateurs) # XPSP2-75E3DCA19
# Update on 10/02/09 by Chiquitine29
# Start at: 22:02:37 | 12/02/2009

# Intel(R) Celeron(R) M CPU        410  @ 1.46GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # NTFS
# F:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
 
############################## [ Active Processes ]  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\Prefetch ] 
 
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf 
 
################## [ C:\WINDOWS\system32 ] 
 
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\Documents and Settings\Krystel\Application Data ] 
 
 
################## [ Cleaning Temp Files... ] 
 
 
################## [  Registry / Infected keys ]  
 
 
################## [ States / Restarting of services ]  
 
# Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio # Type of startup  = 3 
 
EapHost # Type of startup  = 2 
 
Ip6Fw # Type of startup  = 2 
 
SharedAccess # Type of startup  = 2 
 
wuauserv # Type of startup  = 2 
 
wscsvc # Type of startup  = 2 
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
Deleted ! - E:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found ! ..  
 
################## [ ! End of Report # FindyKill V4.716 ! ]

gen-hackman · Answer

salut redemarre ton pc et renvoie un rsit s'il te plait(log.txt uniquement)

JoKeR974 · Answer

salut hackman, voila le rapport rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-14 00:03:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:32, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

gen-hackman · Answer

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour DamonX, il n'est pas transposable sur un autre ordinateur ! 


Toujours avec toutes les protections désactivées, fais ceci : 

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) 
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : 

---------------------------------------------------------- 
File:: 
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe 

Folder::
C:\Program Files\NETGATE
C:\Documents and Settings\Krystel\Application Data\NETGATE 
C:\Documents and Settings\Krystel\Application Data\Spy Emergency 
C:\Documents and Settings\All Users\Application Data\NETGATE 
C:\Documents and Settings\All Users\Application Data\Spy Emergency 
------------------------------------------------------------------ 

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt 
• Quitte le Bloc Notes 

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif 

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. 
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

JoKeR974 · Answer

salut , voila, j'ai fait exactement ce que tu m'as dit: ComboFix 09-02-12.03 - Krystel 2009-02-14 12:46:10.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.596 [GMT 1:00] Lancé depuis: c:\documents and settings\Krystel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Krystel\Bureau\CFScript.txt AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\NETGATE c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergency.pfa c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergency.pfa.bak c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergencySpam.pfa c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergencySpam.pfa.bak c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\install.log c:\documents and settings\Krystel\Application Data\Spy Emergency c:\documents and settings\Krystel\Application Data\Spy Emergency\Cage\Cage.pfa c:\documents and settings\Krystel\Application Data\Spy Emergency\Keeplist\Keeplist.pfa c:\documents and settings\Krystel\Application Data\Spy Emergency\Log\LogFile_2009-02-13.txt c:\documents and settings\Krystel\Application Data\Spy Emergency\Log\LogFile_2009-02-14.txt c:\documents and settings\Krystel\Application Data\Spy Emergency\news.ini c:\documents and settings\Krystel\Application Data\Spy Emergency\settings.ini c:\program files\NETGATE c:\program files\NETGATE\Spy Emergency 2008\gateway.pem c:\program files\NETGATE\Spy Emergency 2008\Languages\Arabic\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\ChineseS\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\ChineseT\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Czech\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Dutch\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\English\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\French\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Hungarian\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Italiano\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Polish\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Portuguese\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Russian\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Slovak\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Slovenian\default.ini c:\program files\NETGATE\Spy Emergency 2008\Languages\Spanish\default.ini c:\program files\NETGATE\Spy Emergency 2008\libeay32.dll c:\program files\NETGATE\Spy Emergency 2008\License.txt c:\program files\NETGATE\Spy Emergency 2008\manual.pdf c:\program files\NETGATE\Spy Emergency 2008\menuext.dll c:\program files\NETGATE\Spy Emergency 2008\Readme.txt c:\program files\NETGATE\Spy Emergency 2008\semi.dll c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_title.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_title.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_title.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_title.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_title.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_about.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_help.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_large.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_max.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_min.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\check_button.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\check_button_list.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\default.ini c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\dialog.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\dialog_big.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\menu.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\right_center.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_back.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_down.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider1.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider2.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider3.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_tree.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_up.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_left.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_right.png c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_title.png c:\program files\NETGATE\Spy Emergency 2008\spyemergency.chm c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.mof c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyCmd.exe c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyDel.vbs c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyElevator.exe c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyEMI.exe c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyOff.vbs c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyOn.vbs c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySkin.exe c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe c:\program files\NETGATE\Spy Emergency 2008\ssleay32.dll c:\program files\NETGATE\Spy Emergency 2008\Tools\SeAnalyzerTool.exe c:\program files\NETGATE\Spy Emergency 2008\Trial\tp.bmp c:\program files\NETGATE\Spy Emergency 2008\Trial\tp.rtf c:\program files\NETGATE\Spy Emergency 2008\unins000.dat c:\program files\NETGATE\Spy Emergency 2008\unins000.exe c:\program files\NETGATE\Spy Emergency 2008\unrar.dll c:\program files\NETGATE\Spy Emergency 2008\warning.wav c:\program files\NETGATE\Spy Emergency 2008\webspam.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 )))))))))))))))))))))))))))))))))))) . 2009-02-14 00:22 . 2009-02-14 00:22 d-------- c:\documents and settings\Krystel\Application Data\Se Analyzer Tool SA 2009-02-13 23:31 . 2008-08-11 16:13 15,288 --a------ c:\windows\system32\drivers\spyemrg_access.sys 2009-02-13 23:31 . 2008-02-05 11:10 14,392 --a------ c:\windows\system32\drivers\spyemrg_guard.sys 2009-02-13 23:31 . 2008-02-05 11:10 12,344 --a------ c:\windows\system32\drivers\spyemrg.sys 2009-02-12 22:12 . 2009-02-12 22:12 d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$ 2009-02-12 22:11 . 2009-02-12 22:11 584 --a------ c:\windows\imsins.BAK 2009-02-12 00:22 . 2009-02-12 22:03 d-------- c:\program files\FindyKill 2009-02-09 19:48 . 2009-02-09 19:47 512,096 --a------ c:\windows\system32\drivers\amon.sys 2009-02-09 19:48 . 2009-02-09 19:47 298,104 --a------ c:\windows\system32\imon.dll 2009-02-09 19:48 . 2009-02-09 19:47 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2009-02-06 20:43 . 2009-02-06 20:43 0 --a------ c:\windows\nsreg.dat 2009-02-06 17:04 . 2009-02-06 17:04 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-06 17:01 . 2009-02-06 17:01 d-------- c:\windows\ERUNT 2009-02-06 14:28 . 2009-02-06 17:17 d-------- C:\SDFix 2009-02-06 14:18 . 2009-02-06 14:18 d-------- C:\_OTMoveIt 2009-02-06 13:06 . 2009-02-06 13:07 d-------- C:\rsit 2009-02-06 12:38 . 2009-02-06 12:38 d-------- c:\program files\Trend Micro 2009-02-06 11:51 . 2009-02-06 11:51 d-------- c:\windows\system32\config\systemprofile\Bureau 2009-02-06 11:45 . 2009-02-06 11:49 63 --a------ c:\windows\system\SysSD.dll 2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe.bak 2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe 2009-02-02 15:07 . 2009-02-02 15:07 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-02 15:07 . 2009-02-02 15:07 1,409 --a------ c:\windows\QTFont.for 2009-02-01 18:57 . 2009-02-01 18:57 d-------- c:\documents and settings\Krystel\DoctorWeb 2009-02-01 18:48 . 2009-02-01 18:48 d-------- c:\program files\CCleaner 2009-02-01 13:55 . 2009-02-06 22:36 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-01 13:55 . 2009-02-01 13:57 37,888 --a------ c:\windows\system32\rar.exe 2009-02-01 13:55 . 2009-02-01 19:27 97 --a------ c:\windows\system32\Chan1.dat 2009-02-01 13:55 . 2009-02-01 13:55 0 --a------ c:\windows\system32\Installed.dat 2009-01-18 16:36 . 2009-01-18 16:36 d-------- c:\windows\system32\Lang 2009-01-18 16:20 . 2009-01-18 16:33 d-------- c:\documents and settings\Krystel\Application Data\Vso 2009-01-18 16:20 . 2009-01-18 16:20 94,208 --a------ c:\windows\system32\drivers\ezplay.sys 2009-01-18 16:20 . 2009-01-18 16:33 94,208 --a------ c:\documents and settings\Krystel\Application Data\ezplay.sys 2009-01-18 16:20 . 2009-01-18 16:20 47,360 --a------ c:\documents and settings\Krystel\Application Data\pcouffin.sys 2009-01-17 03:02 . 2009-01-17 03:02 d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2009-01-15 18:43 . 2009-01-15 18:43 51 --a------ c:\windows\system32\blue.SITENAME 2009-01-15 18:42 . 2002-09-24 11:12 2,653,888 --a------ c:\windows\system32\LTRDG13n.OCX 2009-01-15 18:42 . 2002-09-24 11:12 534,192 --a------ c:\windows\system32\LTRVW13N.OCX 2009-01-15 18:42 . 2002-09-24 11:12 466,624 --a------ c:\windows\system32\LTRPR13n.DLL 2009-01-15 18:42 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll 2009-01-15 18:42 . 2002-09-24 11:12 194,248 --a------ c:\windows\system32\LTRFD13n.DLL 2009-01-15 18:42 . 2002-09-24 11:12 185,856 --a------ c:\windows\system32\lfpng13s.dll 2009-01-15 18:42 . 2002-09-24 11:12 79,360 --a------ c:\windows\system32\lfeps13s.dll 2009-01-15 18:42 . 2002-09-24 11:12 74,752 --a------ c:\windows\system32\lfgif13s.dll 2009-01-15 18:42 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll 2009-01-15 18:42 . 2009-01-15 18:43 404 --a------ c:\windows\VFO.VST 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.JP 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.IT 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.FR 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.ES 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.DE 2009-01-15 18:40 . 2003-11-10 17:06 16,896 --------- c:\windows\system32\PSDrvCheck.NL 2009-01-15 18:40 . 2003-10-21 10:02 16,896 --------- c:\windows\system32\PSDrvCheck.KO 2009-01-15 18:38 . 2009-01-15 18:38 d-------- c:\program files\Microsoft SQL Server 2009-01-15 18:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-15 18:38 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll 2009-01-15 18:38 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll 2009-01-15 18:37 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll 2009-01-15 18:37 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll 2009-01-15 18:32 . 2009-01-15 18:34 d-------- c:\windows\system32\URTTemp 2009-01-15 18:27 . 2009-01-15 18:27 d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-01-15 18:25 . 2009-01-15 18:25 d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-15 18:24 . 2003-11-25 06:02 196,096 --a------ c:\windows\system32\macd32.dll 2009-01-15 18:24 . 2005-07-13 16:55 171,008 --a------ c:\windows\system32\drivers\MarvinBus.sys 2009-01-15 18:24 . 2003-11-25 06:02 138,752 --a------ c:\windows\system32\mase32.dll 2009-01-15 18:24 . 2003-11-25 06:02 136,192 --a------ c:\windows\system32\mamc32.dll 2009-01-15 18:24 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL 2009-01-15 18:24 . 2003-11-25 06:02 57,856 --a------ c:\windows\system32\masd32.dll 2009-01-15 18:24 . 2003-11-25 06:02 27,648 --a------ c:\windows\system32\ma32.dll 2009-01-15 18:24 . 2009-01-15 18:43 361 --a------ c:\windows\VFO.INI 2009-01-15 18:23 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe 2009-01-15 18:21 . 2009-01-15 18:21 d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio 2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\windows\system\cmstp.exe 2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\documents and settings\Krystel\Application Data\spoolsv.exe 2009-01-15 17:58 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys 2009-01-14 20:47 . 2009-01-14 20:47 118 --a------ c:\windows\system32\MRT.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 10:28 --------- d-----w c:\program files\eMule 2009-02-12 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-09 21:11 --------- d-----w c:\program files\ESET 2009-02-05 20:17 --------- d-----w c:\documents and settings\Krystel\Application Data\dvdcss 2009-02-01 15:09 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-18 15:34 --------- d-----w c:\program files\vso 2009-01-18 15:20 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-18 15:15 --------- d-----w c:\program files\QuickTime 2009-01-18 15:07 --------- d-----w c:\program files\Ashampoo 2009-01-16 23:17 --------- d-----w c:\documents and settings\Krystel\Application Data\VSO_HWE 2009-01-15 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle 2009-01-15 17:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 17:41 --------- d-----w c:\program files\Pinnacle 2009-01-08 10:15 --------- d-----w c:\program files\Microsoft Games 2009-01-07 19:36 --------- d-----w c:\program files\Google 2008-12-27 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-26 23:59 --------- d-----w c:\documents and settings\Krystel\Application Data\AdobeUM 2008-12-26 23:29 --------- d-----w c:\documents and settings\Krystel\Application Data\Steinberg 2008-12-26 23:23 --------- d-----w c:\program files\Syncrosoft 2008-12-26 23:18 --------- d-----w c:\program files\Steinberg 2008-12-26 18:38 --------- d-----w c:\program files\Microsoft Works 2008-12-26 18:37 --------- d-----w c:\program files\MSBuild 2008-12-26 11:32 --------- d-----w c:\program files\Larousse 2008-12-26 11:31 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Lite 2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Pro 2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools 2008-12-26 11:27 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-26 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-26 11:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-26 02:37 --------- d-----w c:\documents and settings\Krystel\Application Data\InstallShield 2008-12-26 00:51 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-12-26 00:50 --------- d-----w c:\documents and settings\Krystel\Application Data\TuneUp Software 2008-12-26 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-26 00:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-23 13:15 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-12-23 02:35 --------- d-----w c:\program files\WebCamDV 2008-12-21 03:03 --------- d-----w c:\documents and settings\Krystel\Application Data\vlc 2008-12-21 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo 2008-12-21 02:49 --------- d-----w c:\documents and settings\Krystel\Application Data\Nero 2008-12-21 02:43 --------- d-----w c:\program files\Fichiers communs\Nero 2008-12-21 02:31 --------- d-----w c:\program files\Nero 2008-12-21 02:30 --------- d-----w c:\program files\Windows Sidebar 2008-12-21 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-12-21 00:54 --------- d-----w c:\program files\PSCS2 2008-12-21 00:53 --------- d-----w c:\program files\PSCS2Updater 2008-12-21 00:45 --------- d-----w c:\program files\Windows Resource Kits 2008-12-21 00:34 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared 2008-12-21 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-20 23:51 64,956 ----a-w c:\windows\BricoPackUninst.cmd 2008-12-20 23:51 6,118 ----a-w c:\windows\BricoPackFoldersDelete.cmd 2008-12-19 23:39 --------- d-----w c:\program files\VideoLAN 2008-12-19 22:27 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-19 22:27 --------- d-----w c:\program files\Windows Live 2008-12-19 22:27 --------- d-----w c:\program files\Microsoft 2008-12-19 22:08 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-19 14:55 --------- d-----w c:\program files\Synaptics 2008-12-19 14:49 --------- d-----w c:\program files\ATI Technologies 2008-12-19 14:46 --------- d-----w c:\program files\DIFX 2008-12-19 14:29 --------- d-----w c:\program files\microsoft frontpage . ------- Sigcheck ------- 2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-09_19.39.32.87 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-25 16:44:10 57,344 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\osql.exe + 2008-05-25 16:44:10 163,840 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\replmerg.exe + 2008-05-25 16:44:10 315,392 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\replrec.dll + 2008-05-25 16:44:16 9,154,560 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\sqlservr.exe + 2008-12-18 09:49:42 2,322,432 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\sqlstpcustomdll.dll + 2008-12-18 09:49:42 57,344 ----a-w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\OSQL.exe + 2008-12-07 18:46:12 213,216 ------w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe + 2008-12-18 09:49:42 2,322,432 ----a-w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\SQLSTPCustomDLL.dll + 2008-12-07 18:46:12 371,424 ------w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\updspapi.dll + 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:37:56 3,866,112 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2009-01-15 10:43:28 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe + 2009-02-12 21:11:55 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe - 2009-01-15 10:43:28 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe + 2009-02-12 21:11:56 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe - 2009-01-15 10:43:28 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe + 2009-02-12 21:11:55 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe - 2009-01-15 10:43:28 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe + 2009-02-12 21:11:56 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe - 2009-01-15 10:43:28 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe + 2009-02-12 21:11:56 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe - 2009-01-15 10:43:28 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe + 2009-02-12 21:11:56 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe - 2009-01-15 10:43:29 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe + 2009-02-12 21:11:56 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe - 2009-01-15 10:43:28 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe + 2009-02-12 21:11:56 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe - 2009-01-15 10:43:28 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe + 2009-02-12 21:11:56 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe - 2009-01-15 10:43:28 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe + 2009-02-12 21:11:56 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe - 2009-01-15 10:43:29 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe + 2009-02-12 21:11:56 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe - 2009-01-15 10:43:28 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe + 2009-02-12 21:11:55 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe - 2008-12-26 23:58:07 23,558 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\ARPPRODUCTICON.exe + 2009-02-12 13:20:47 23,558 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\ARPPRODUCTICON.exe - 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:18:31 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 22:46:48 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:18:31 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 22:46:48 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:18:31 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 22:46:49 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:12:20 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:11:12 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 22:46:49 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:18:32 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 22:46:50 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 22:46:54 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:18:36 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 22:46:56 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll + 2009-01-16 20:15:42 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:18:40 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 22:47:01 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:18:40 193,024 -c----w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 22:47:01 193,024 -c----w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:18:41 671,232 -c----w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 22:47:02 671,232 -c----w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 22:47:02 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:18:41 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 22:47:02 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll - 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 22:47:02 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 22:47:03 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 22:47:03 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 20:18:43 826,368 -c----w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 22:47:04 826,368 -c----w c:\windows\system32\dllcache\wininet.dll - 2008-10-16 20:18:31 347,136 ------w c:\windows\system32\dxtmsft.dll + 2008-12-20 22:46:48 347,136 ------w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:18:31 214,528 ------w c:\windows\system32\dxtrans.dll + 2008-12-20 22:46:48 214,528 ------w c:\windows\system32\dxtrans.dll - 2008-10-16 20:18:31 133,120 ------w c:\windows\system32\extmgr.dll + 2008-12-20 22:46:49 133,120 ------w c:\windows\system32\extmgr.dll - 2009-02-06 14:29:58 306,808 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-12 21:16:49 306,808 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:12:20 70,656 ------w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:11:12 70,656 ------w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:18:32 153,088 ------w c:\windows\system32\ieakeng.dll + 2008-12-20 22:46:49 153,088 ------w c:\windows\system32\ieakeng.dll - 2008-10-16 20:18:32 230,400 ------w c:\windows\system32\ieaksie.dll + 2008-12-20 22:46:49 230,400 ------w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll - 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:18:32 384,512 ------w c:\windows\system32\iedkcs32.dll + 2008-12-20 22:46:50 384,512 ------w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:18:35 44,544 ------w c:\windows\system32\iernonce.dll + 2008-12-20 22:46:54 44,544 ------w c:\windows\system32\iernonce.dll - 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-10-16 20:18:36 27,648 ------w c:\windows\system32\jsproxy.dll + 2008-12-20 22:46:56 27,648 ------w c:\windows\system32\jsproxy.dll - 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe - 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:37:56 3,866,112 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:18:40 477,696 ------w c:\windows\system32\mshtmled.dll + 2008-12-20 22:47:01 477,696 ------w c:\windows\system32\mshtmled.dll - 2008-10-16 20:18:40 193,024 ------w c:\windows\system32\msrating.dll + 2008-12-20 22:47:01 193,024 ------w c:\windows\system32\msrating.dll - 2008-10-16 20:18:41 671,232 ------w c:\windows\system32\mstime.dll + 2008-12-20 22:47:02 671,232 ------w c:\windows\system32\mstime.dll - 2008-10-16 20:18:41 164,352 ----a-w c:\windows\system32\occache.dll + 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll - 2009-02-09 18:30:39 61,558 ----a-w c:\windows\system32\perfc009.dat + 2009-02-14 11:38:42 61,558 ----a-w c:\windows\system32\perfc009.dat - 2009-02-09 18:30:39 72,546 ----a-w c:\windows\system32\perfc00C.dat + 2009-02-14 11:38:43 72,546 ----a-w c:\windows\system32\perfc00C.dat - 2009-02-09 18:30:39 401,418 ----a-w c:\windows\system32\perfh009.dat + 2009-02-14 11:38:43 401,418 ----a-w c:\windows\system32\perfh009.dat - 2009-02-09 18:30:39 466,258 ----a-w c:\windows\system32\perfh00C.dat + 2009-02-14 11:38:43 466,258 ----a-w c:\windows\system32\perfh00C.dat - 2008-10-16 20:18:41 44,544 ------w c:\windows\system32\pngfilt.dll + 2008-12-20 22:47:02 44,544 ------w c:\windows\system32\pngfilt.dll - 2008-10-16 20:18:41 62,464 ----a-w c:\windows\system32\url.dll + 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:18:42 1,233,920 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:18:42 394,240 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-10-16 20:18:43 817,152 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 22:47:04 826,368 ----a-w c:\windows\system32\wininet.dll + 2009-02-14 11:50:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_290.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-11 133104] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408] "OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-15 282624] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-09 949376] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Krystel\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2008-12-26 237568] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/usremcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "c:\Program Files\Pinnacle\Studio 10\programs\RM.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\umi.exe"= "c:\Program Files\eMule\emule.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-09 15424] R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2009-02-13 12344] R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-27 33792] R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672] S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2009-02-13 15288] S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2009-02-13 14392] --- Autres Services/Pilotes en mémoire --- *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NOD32krn *Deregistered* - PinnacleSys.MediaServer *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - UxTuneUp *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-725345543-1003.job - c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 09:54] 2009-02-14 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Krystel\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 12:52:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,86,e9,a9,a0,81, 8a,85,fd,2e,e8,e1,00,eb,16,2b,de,99,6d,c9,14,41,87,32,0e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c9,ff,1e,d0,d6, 96,6f,db,46,47,15,b0,92,4b,c7,ef,b1,ea,84,80,31,23,01,3c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,2c,96,22,db,a8, 29,32,b0,7a,45,05,fd,91,e8,6f,31,a9,3b,72,b4,4c,6a,3c,b7,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,67,8b,45,20,30, 40,9f,53,6b,65,49,6a,7e,99,74,f7,92,bb,53,a0,83,d2,14,03,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,56,a1,44,46,03, dc,cc,08,e9,02,6c,fa,fb,1d,47,57,92,62,09,75,63,04,0a,05,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,03,d2,90,2d,d0, 2f,50,4f,50,93,e5,ab,ec,6a,4e,ab,62,06,c7,f4,10,75,31,f8,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,94,16,30,a5,de, 10,77,55,97,20,4e,9a,c7,f1,35,ee,66,89,75,70,ca,98,bd,f8,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ef,78,ac,3d,08, fd,4f,28,aa,52,c6,00,84,3c,26,64,38,35,dd,84,16,33,4d,e0,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f5,0f,09,f9,a1, 39,da,fe,b2,46,9a,e2,1b,fe,1b,94,ec,ea,bb,30,e6,79,29,4b,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,46,b1,7c,8b,0e, 8b,c6,9f,37,a4,aa,c3,a6,15,56,0a,85,44,27,08,d5,a9,17,7b,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3d,a5,9a,2e,71, 19,1b,7f,f8,31,0f,a9,5f,a0,ec,fb,ca,f3,22,9c,da,9b,1d,e1,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bd,21,16,ac,87, 15,68,68,05,73,21,dd,54,d8,4a,c5,e0,12,4b,f7,ca,a3,12,f3,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(824) c:\windows\system32\scecli.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\ESET\nod32krn.exe c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe c:\program files\Ashampoo\Ashampoo Magic

gen-hackman · Answer

ok 

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort. 

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe 

:files 
c:\windows\system32\drivers\spyemrg_guard.sys 
c:\windows\system32\drivers\spyemrg_access.sys 
c:\windows\system32\drivers\spyemrg.sys   

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite relance le log.txt de rsit dtp

JoKeR974 · Answer

salut, voila le rapport de OTmoveit3 après reboot:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\drivers\spyemrg_guard.sys moved successfully.
c:\windows\system32\drivers\spyemrg_access.sys moved successfully.
c:\windows\system32\drivers\spyemrg.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_1y1wYU01SYLuwcH scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_TWDs8pcJd1bSPrw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_290.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_104715

Files moved on Reboot...
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_1y1wYU01SYLuwcH not found!
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_TWDs8pcJd1bSPrw not found!
File C:\WINDOWS	emp\Perflib_Perfdata_290.dat not found!

gen-hackman · Answer

ok bonsoir renvoie rsit s'il te plait

JoKeR974 · Answer

voila le log de rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-15 10:57:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:29, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Krystel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

gen-hackman · Answer

Run by Krystel at 2009-02-15 10:57:34 

lol

JoKeR974 · Answer

lol...

JoKeR974 · Answer

J'habite en Australie, je te l'ai dit non? c pour ca, il est 11h du mat ici, et ma femme c krystel, je squatte son ordi grave... lol

gen-hackman · Answer

non c'etait pas pour ca qu je rigolais c'etait parce que ton post n etait pas complet 

lol

JoKeR974 · Answer

hein? ah ouai? m....! lol, tu veux que je le renvoie? pourtant il s'affiche complet la...

gen-hackman · Answer

il sera complet quand je verrai EOF a la fin 


lol

JoKeR974 · Answer

scuse moi, je te le renvoie complet cette fois ci:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-15 10:57:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:29, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Krystel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

JoKeR974 · Answer

je comprends pas je copie tout pourtant, ta pis voila la suite, j'espere que ca va etre bon cete fois ci:
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers
od32drv.sys [2009-02-09 15424]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-02-09 512096]
R2 WebCamDV;WebCamDV DV to Webcam Converter; C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-11 1414656]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-01-18 47360]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-08-02 384384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-28 193056]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device; C:\WINDOWS\system32\drivers\wcdvaud.sys [2004-01-30 12672]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys []
S3 aps2vwli;aps2vwli; C:\WINDOWS\system32\drivers\aps2vwli.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2009-01-18 94208]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AshampooDefragService;Ashampoo Defrag Service; C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe [2008-04-18 746848]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-11 393216]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset
od32krn.exe [2009-02-09 552064]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-21 72704]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-26 355584]
S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

gen-hackman · Answer

relances Combofix stp

JoKeR974 · Answer

combofix? avec plaisir: ComboFix 09-02-12.03 - Krystel 2009-02-15 12:06:40.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.590 [GMT 1:00] Lancé depuis: c:\documents and settings\Krystel\Bureau\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 )))))))))))))))))))))))))))))))))))) . 2009-02-14 00:22 . 2009-02-14 00:22 d-------- c:\documents and settings\Krystel\Application Data\Se Analyzer Tool SA 2009-02-12 22:12 . 2009-02-12 22:12 d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$ 2009-02-12 22:11 . 2009-02-12 22:11 584 --a------ c:\windows\imsins.BAK 2009-02-12 00:22 . 2009-02-12 22:03 d-------- c:\program files\FindyKill 2009-02-09 19:48 . 2009-02-09 19:47 512,096 --a------ c:\windows\system32\drivers\amon.sys 2009-02-09 19:48 . 2009-02-09 19:47 298,104 --a------ c:\windows\system32\imon.dll 2009-02-09 19:48 . 2009-02-09 19:47 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2009-02-06 20:43 . 2009-02-06 20:43 0 --a------ c:\windows\nsreg.dat 2009-02-06 17:04 . 2009-02-06 17:04 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-06 17:01 . 2009-02-06 17:01 d-------- c:\windows\ERUNT 2009-02-06 14:28 . 2009-02-06 17:17 d-------- C:\SDFix 2009-02-06 14:18 . 2009-02-06 14:18 d-------- C:\_OTMoveIt 2009-02-06 13:06 . 2009-02-06 13:07 d-------- C:\rsit 2009-02-06 12:38 . 2009-02-06 12:38 d-------- c:\program files\Trend Micro 2009-02-06 11:51 . 2009-02-06 11:51 d-------- c:\windows\system32\config\systemprofile\Bureau 2009-02-06 11:45 . 2009-02-06 11:49 63 --a------ c:\windows\system\SysSD.dll 2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe.bak 2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe 2009-02-02 15:07 . 2009-02-02 15:07 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-02 15:07 . 2009-02-02 15:07 1,409 --a------ c:\windows\QTFont.for 2009-02-01 18:57 . 2009-02-01 18:57 d-------- c:\documents and settings\Krystel\DoctorWeb 2009-02-01 18:48 . 2009-02-01 18:48 d-------- c:\program files\CCleaner 2009-02-01 13:55 . 2009-02-06 22:36 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-01 13:55 . 2009-02-01 13:57 37,888 --a------ c:\windows\system32\rar.exe 2009-02-01 13:55 . 2009-02-01 19:27 97 --a------ c:\windows\system32\Chan1.dat 2009-02-01 13:55 . 2009-02-01 13:55 0 --a------ c:\windows\system32\Installed.dat 2009-01-18 16:36 . 2009-01-18 16:36 d-------- c:\windows\system32\Lang 2009-01-18 16:20 . 2009-01-18 16:33 d-------- c:\documents and settings\Krystel\Application Data\Vso 2009-01-18 16:20 . 2009-01-18 16:20 94,208 --a------ c:\windows\system32\drivers\ezplay.sys 2009-01-18 16:20 . 2009-01-18 16:33 94,208 --a------ c:\documents and settings\Krystel\Application Data\ezplay.sys 2009-01-18 16:20 . 2009-01-18 16:20 47,360 --a------ c:\documents and settings\Krystel\Application Data\pcouffin.sys 2009-01-17 03:02 . 2009-01-17 03:02 d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2009-01-15 18:43 . 2009-01-15 18:43 51 --a------ c:\windows\system32\blue.SITENAME 2009-01-15 18:42 . 2002-09-24 11:12 2,653,888 --a------ c:\windows\system32\LTRDG13n.OCX 2009-01-15 18:42 . 2002-09-24 11:12 534,192 --a------ c:\windows\system32\LTRVW13N.OCX 2009-01-15 18:42 . 2002-09-24 11:12 466,624 --a------ c:\windows\system32\LTRPR13n.DLL 2009-01-15 18:42 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll 2009-01-15 18:42 . 2002-09-24 11:12 194,248 --a------ c:\windows\system32\LTRFD13n.DLL 2009-01-15 18:42 . 2002-09-24 11:12 185,856 --a------ c:\windows\system32\lfpng13s.dll 2009-01-15 18:42 . 2002-09-24 11:12 79,360 --a------ c:\windows\system32\lfeps13s.dll 2009-01-15 18:42 . 2002-09-24 11:12 74,752 --a------ c:\windows\system32\lfgif13s.dll 2009-01-15 18:42 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll 2009-01-15 18:42 . 2009-01-15 18:43 404 --a------ c:\windows\VFO.VST 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.JP 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.IT 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.FR 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.ES 2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.DE 2009-01-15 18:40 . 2003-11-10 17:06 16,896 --------- c:\windows\system32\PSDrvCheck.NL 2009-01-15 18:40 . 2003-10-21 10:02 16,896 --------- c:\windows\system32\PSDrvCheck.KO 2009-01-15 18:38 . 2009-01-15 18:38 d-------- c:\program files\Microsoft SQL Server 2009-01-15 18:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-15 18:38 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll 2009-01-15 18:38 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll 2009-01-15 18:37 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll 2009-01-15 18:37 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll 2009-01-15 18:32 . 2009-01-15 18:34 d-------- c:\windows\system32\URTTemp 2009-01-15 18:27 . 2009-01-15 18:27 d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-01-15 18:25 . 2009-01-15 18:25 d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-15 18:24 . 2003-11-25 06:02 196,096 --a------ c:\windows\system32\macd32.dll 2009-01-15 18:24 . 2005-07-13 16:55 171,008 --a------ c:\windows\system32\drivers\MarvinBus.sys 2009-01-15 18:24 . 2003-11-25 06:02 138,752 --a------ c:\windows\system32\mase32.dll 2009-01-15 18:24 . 2003-11-25 06:02 136,192 --a------ c:\windows\system32\mamc32.dll 2009-01-15 18:24 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL 2009-01-15 18:24 . 2003-11-25 06:02 57,856 --a------ c:\windows\system32\masd32.dll 2009-01-15 18:24 . 2003-11-25 06:02 27,648 --a------ c:\windows\system32\ma32.dll 2009-01-15 18:24 . 2009-01-15 18:43 361 --a------ c:\windows\VFO.INI 2009-01-15 18:23 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe 2009-01-15 18:21 . 2009-01-15 18:21 d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio 2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\windows\system\cmstp.exe 2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\documents and settings\Krystel\Application Data\spoolsv.exe 2009-01-15 17:58 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 21:15 --------- d-----w c:\program files\eMule 2009-02-12 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-09 21:11 --------- d-----w c:\program files\ESET 2009-02-05 20:17 --------- d-----w c:\documents and settings\Krystel\Application Data\dvdcss 2009-02-01 15:09 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-01-18 15:34 --------- d-----w c:\program files\vso 2009-01-18 15:20 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-18 15:15 --------- d-----w c:\program files\QuickTime 2009-01-18 15:07 --------- d-----w c:\program files\Ashampoo 2009-01-16 23:17 --------- d-----w c:\documents and settings\Krystel\Application Data\VSO_HWE 2009-01-15 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle 2009-01-15 17:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 17:41 --------- d-----w c:\program files\Pinnacle 2009-01-08 10:15 --------- d-----w c:\program files\Microsoft Games 2009-01-07 19:36 --------- d-----w c:\program files\Google 2008-12-27 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-26 23:59 --------- d-----w c:\documents and settings\Krystel\Application Data\AdobeUM 2008-12-26 23:29 --------- d-----w c:\documents and settings\Krystel\Application Data\Steinberg 2008-12-26 23:23 --------- d-----w c:\program files\Syncrosoft 2008-12-26 23:18 --------- d-----w c:\program files\Steinberg 2008-12-26 18:38 --------- d-----w c:\program files\Microsoft Works 2008-12-26 18:37 --------- d-----w c:\program files\MSBuild 2008-12-26 11:32 --------- d-----w c:\program files\Larousse 2008-12-26 11:31 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Lite 2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Pro 2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools 2008-12-26 11:27 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-26 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-26 11:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-26 02:37 --------- d-----w c:\documents and settings\Krystel\Application Data\InstallShield 2008-12-26 00:51 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-12-26 00:50 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-12-26 00:50 --------- d-----w c:\documents and settings\Krystel\Application Data\TuneUp Software 2008-12-26 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-26 00:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-23 13:15 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-12-23 02:35 --------- d-----w c:\program files\WebCamDV 2008-12-21 03:03 --------- d-----w c:\documents and settings\Krystel\Application Data\vlc 2008-12-21 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo 2008-12-21 02:49 --------- d-----w c:\documents and settings\Krystel\Application Data\Nero 2008-12-21 02:43 --------- d-----w c:\program files\Fichiers communs\Nero 2008-12-21 02:31 --------- d-----w c:\program files\Nero 2008-12-21 02:30 --------- d-----w c:\program files\Windows Sidebar 2008-12-21 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-12-21 00:54 --------- d-----w c:\program files\PSCS2 2008-12-21 00:53 --------- d-----w c:\program files\PSCS2Updater 2008-12-21 00:45 --------- d-----w c:\program files\Windows Resource Kits 2008-12-21 00:34 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared 2008-12-21 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-20 23:51 64,956 ----a-w c:\windows\BricoPackUninst.cmd 2008-12-20 23:51 6,118 ----a-w c:\windows\BricoPackFoldersDelete.cmd 2008-12-20 23:51 219,648 ----a-w c:\windows\system32\uxtheme.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-19 23:39 --------- d-----w c:\program files\VideoLAN 2008-12-19 22:27 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-19 22:27 --------- d-----w c:\program files\Windows Live 2008-12-19 22:27 --------- d-----w c:\program files\Microsoft 2008-12-19 22:08 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-19 14:55 --------- d-----w c:\program files\Synaptics 2008-12-19 14:49 --------- d-----w c:\program files\ATI Technologies 2008-12-19 14:46 --------- d-----w c:\program files\DIFX 2008-12-19 14:29 --------- d-----w c:\program files\microsoft frontpage 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll . ------- Sigcheck ------- 2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe 2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot_2009-02-14_12.55.45.10 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-14 11:38:42 61,558 ----a-w c:\windows\system32\perfc009.dat + 2009-02-15 09:53:43 61,558 ----a-w c:\windows\system32\perfc009.dat - 2009-02-14 11:38:43 72,546 ----a-w c:\windows\system32\perfc00C.dat + 2009-02-15 09:53:43 72,546 ----a-w c:\windows\system32\perfc00C.dat - 2009-02-14 11:38:43 401,418 ----a-w c:\windows\system32\perfh009.dat + 2009-02-15 09:53:43 401,418 ----a-w c:\windows\system32\perfh009.dat - 2009-02-14 11:38:43 466,258 ----a-w c:\windows\system32\perfh00C.dat + 2009-02-15 09:53:43 466,258 ----a-w c:\windows\system32\perfh00C.dat + 2009-02-15 09:49:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-11 133104] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041] "DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408] "OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-15 282624] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-09 949376] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Krystel\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2008-12-26 237568] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/usremcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "c:\Program Files\Pinnacle\Studio 10\programs\RM.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"= "c:\Program Files\Pinnacle\Studio 10\programs\umi.exe"= "c:\Program Files\eMule\emule.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-09 15424] R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-27 33792] R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672] S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?] S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe --> c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe [?] S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys --> c:\windows\system32\Drivers\spyemrg_access.sys [?] S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys --> c:\windows\system32\Drivers\spyemrg_guard.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-725345543-1003.job - c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 09:54] 2009-02-15 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Krystel\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 12:08:39 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,86,e9,a9,a0,81, 8a,85,fd,2e,e8,e1,00,eb,16,2b,de,99,6d,c9,14,41,87,32,0e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c9,ff,1e,d0,d6, 96,6f,db,46,47,15,b0,92,4b,c7,ef,b1,ea,84,80,31,23,01,3c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,2c,96,22,db,a8, 29,32,b0,7a,45,05,fd,91,e8,6f,31,a9,3b,72,b4,4c,6a,3c,b7,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,67,8b,45,20,30, 40,9f,53,6b,65,49,6a,7e,99,74,f7,92,bb,53,a0,83,d2,14,03,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,56,a1,44,46,03, dc,cc,08,e9,02,6c,fa,fb,1d,47,57,92,62,09,75,63,04,0a,05,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,03,d2,90,2d,d0, 2f,50,4f,50,93,e5,ab,ec,6a,4e,ab,62,06,c7,f4,10,75,31,f8,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,94,16,30,a5,de, 10,77,55,97,20,4e,9a,c7,f1,35,ee,66,89,75,70,ca,98,bd,f8,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ef,78,ac,3d,08, fd,4f,28,aa,52,c6,00,84,3c,26,64,38,35,dd,84,16,33,4d,e0,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f5,0f,09,f9,a1, 39,da,fe,b2,46,9a,e2,1b,fe,1b,94,ec,ea,bb,30,e6,79,29,4b,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,46,b1,7c,8b,0e, 8b,c6,9f,37,a4,aa,c3,a6,15,56,0a,85,44,27,08,d5,a9,17,7b,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3d,a5,9a,2e,71, 19,1b,7f,f8,31,0f,a9,5f,a0,ec,fb,ca,f3,22,9c,da,9b,1d,e1,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\WINDOWS\system32\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bd,21,16,ac,87, 15,68,68,05,73,21,dd,54,d8,4a,c5,e0,12,4b,f7,ca,a3,12,f3,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(816) c:\windows\system32\scecli.dll . Heure de fin: 2009-02-15 12:10:07 ComboFix-quarantined-files.txt 2009-02-15 11:09:55 ComboFix2.txt 2009-02-14 11:56:53 ComboFix3.txt 2009-02-09 20:19:48 ComboFix4.txt 2009-02-09 20:14:16 ComboFix5.txt 2009-02-15 11:06:12 Avant-CF: 26 584 317 952 octets libres Après-CF: 26,574,000,128 octets libres 345 --- E O F --- 2009-02-12 21:15:06

gen-hackman · Answer

merde !!!!!!!!!!

relances rsit car la ca devient diffficile !!!!!!!!!!!!!!!!(que le log.txt stp )

gen-hackman · Answer

inscris-toi sur le site aussi ca me permettra de te donner des directives qui sont costauds..................lol

JoKeR974 · Answer

voila le rapport rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-15 13:19:44
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:46, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Krystel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) -   - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

JoKeR974 · Answer

la suite de rsit, je comprends pas quand je colle le fichier sur ma fenetre de essage je le vois en entier et apres sur le site, il manque toujours la fin que je t'envoie maintenant:
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers
od32drv.sys [2009-02-09 15424]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-02-09 512096]
R2 WebCamDV;WebCamDV DV to Webcam Converter; C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-11 1414656]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-01-18 47360]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-08-02 384384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-28 193056]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device; C:\WINDOWS\system32\drivers\wcdvaud.sys [2004-01-30 12672]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys []
S3 aps2vwli;aps2vwli; C:\WINDOWS\system32\drivers\aps2vwli.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2009-01-18 94208]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AshampooDefragService;Ashampoo Defrag Service; C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe [2008-04-18 746848]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-11 393216]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset
od32krn.exe [2009-02-09 552064]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-21 72704]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-26 355584]
S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

gen-hackman · Answer

--
On vous aide ailleurs ? signalez-le !!!!!
Mettre en resolu pour les autres  Merci
     &#174;&#169; ----&#8482g3&#1080;-&#1085;@¢&#1082;&#1084;@&#1080;&#8482---- &#169;&#174;

JoKeR974 · Answer

euh... je vais avoir l'air bete, comment on s'inscrit sur le site?

gen-hackman · Answer

euh je vais avoir l air plus con que toi ..................j'en sais rien ..............lol

JoKeR974 · Answer

lol...

gen-hackman · Answer

je sais pas serieux y'apas un choix quelque chose ?

JoKeR974 · Answer

c'est ok, je suis inscrit

JoKeR974 · Answer

le rapport de USBfix:
-------------- UsbFix V2.395 ---------------

* User : Krystel - XPSP2-75E3DCA19
* Outils mis a jours le 26/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:38:47 le 15/02/2009
* Windows Xp - Internet Explorer 7.0.5730.13 
  
  
--------------- [ Processus actifs ] ----------------   
  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\Krystel\LOCALS~1\Temp\1.tmp\b2e.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Lecteur fixe

E: - Lecteur fixe

  
--------------- [ Registre / Startup ] ----------------   
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    ATIPTA	REG_SZ	"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    SkyTel	REG_SZ	SkyTel.EXE
    RTHDCPL	REG_SZ	RTHDCPL.EXE
    SynTPEnh	REG_SZ	C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    DefragTaskBar	REG_SZ	"C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    OWCWebCamDV	REG_SZ	C:\WINDOWS\system\wcdvtray.exe
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    H2O	REG_SZ	C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    PinnacleDriverCheck	REG_SZ	C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    QuickTime Task	REG_SZ	"C:\Program Files\QuickTime\qttask.exe" -atboottime
    nod32kui	REG_SZ	"C:\Program Files\Eset
od32kui.exe" /WAITSERVICE

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    swg	REG_SZ	C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    MSMSGS	REG_SZ	"C:\Program Files\Messenger\msmsgs.exe" /background
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    Google Update	REG_SZ	"C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    TuneUp MemOptimizer	REG_SZ	"C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
  
--------------- [ Registre / Mountpoint2 ] ----------------   
  
 
 -> Recherche négative. 
  
--------------- [ Nettoyage des disques ] ----------------   
   
 
--------------- ! Fin du rapport ! ----------------

gen-hackman · Answer

Salut :


Toujours avec toutes les protections désactivées, fais ceci : 

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) 
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : 

---------------------------------------------------------- 
File:: 
C:\Boot.bak
C:\SDSignature.txt 
C:\WINDOWS\system32ar.exe
C:\WINDOWS\system32\LTRPR13n.DLL 
C:\WINDOWS\system32\LTRFD13n.DLL 
C:\WINDOWS\system32\pvmjpg30.dll 
C:\WINDOWS\system32\lfpng13s.dll 
C:\WINDOWS\system32\lfgif13s.dll 
C:\WINDOWS\system32\lfeps13s.dll 
C:\WINDOWS\system32\lfpng13s.dll 
C:\WINDOWS\system32\lfgif13s.dll 
C:\WINDOWS\system32\lfeps13s.dll 
C:\WINDOWS\system32\MMAviAx.dll 
C:\WINDOWS\system32\MLPagAx.dll 
C:\WINDOWS\system32\AVIPrAx.dll 
2C:\WINDOWS\system32\RALMain.dll 
C:\WINDOWS\system32\DiskIO.dll 
C:\WINDOWS\system32\Ltwvc13n.dll 
C:\WINDOWS\system32\Ltrio13n.dll 
C:\WINDOWS\system32\Ltr13n.dll 
C:\WINDOWS\system32\LTCLR13s.dll   

Registry:: 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m] 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m.sys] 


------------------------------------------------------------------ 

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt 
• Quitte le Bloc Notes 

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif 

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. 
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

Impossible de lancer IE

53 réponses

Discussions similaires