Bonjour a tous, voila mon problème, je suis depuis quelques jours tracassé par la lenteur de ma connexion internet, jusqu'ici, j'utilisais internet explorer par défaut et de temps en temps google chrome que j'ai installé récemment. Mais depuis quelques jours, il m'est devenu impossible de lancer internet explorer et quand par chance j'y arrive, il prend un temps interminable pour charger quoi que ce soit, je me suis résigné a utiliser google chrome mais le problèème c'est que celui ci est presque aussi lent. J'utilise l'antivirus nod32 qui m'a signalé depuis la presence d'un virus http://rec2.faderups.com que j'ai bien sur mis en quarantaine, mais qui ne cessait de revenir a chaque connexion internet, j'ai donc procédé a un scan avec spy emergency qui me l'a apparemment viré et enfin un nettoyage du registre avec Ccleaner. Je ne recois plus de fenetres d'avertissement de la part de nod 32 mais internet explorer ne veut touours pas se lancer et ca commence a me gaver d'avoir a attendre 30 secondes a chaque fois juste pour ouvrir une simple page internet, ne parlons meme pas de youtube, c'est meme pas la peine d'essayer. J'espere recevoir vos reponses assez vite, merci d'avance Système: microsoft xp pro SP3 Ordinateur: Intel celeron M CPU 410 @ 1.46GHz 1.47 GHz, 896 Mo de RAM

Impossible de lancer IE

Réponse 21 / 53

JoKeR974
11 févr. 2009 à 15:04

et enfin le rapport findykill:

############################## [ FindyKill V4.716 ]

# User : Krystel (Administrateurs) # XPSP2-75E3DCA19
# Update on 10/02/09 by Chiquitine29
# Start at: 00:23:54 | 12/02/2009

# Intel(R) Celeron(R) M CPU 410 @ 1.46GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# H:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Krystel\Application Data ]

################## [ C:\DOCUME~1\Krystel\LOCALS~1\Temp ]

################## [ Registre / Clés infectieuses ]

################## [ Etat / Services ]

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio # Type de démarrage = 3

EapHost # Type de démarrage = 3

Ip6Fw # Type de démarrage = 3

SharedAccess # Type de démarrage = 2

wuauserv # Type de démarrage = 2

wscsvc # Type de démarrage = 2

################## [ Recherche dans supports amovibles]

# presence des fichiers :

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.716 ! ]

note: j'ai un disque dur externe, j'aurais peut etre du te le dire avant... oups. En tout cas, lorsque je le branche il n'y a plus d'execution auto et je suis obligé de choisir explorer pour pouvoir l'utiliser, mais bon , c'est pas trop grave, je veux pas t'embeter avec ca, tu m'as deja bien depanné, j'arrive a utiliser internet explorer maintenant, meme si il y a un truc que je ne comprends pas, dans le menu demarrer je vois internet explorer "sans module complementaire" est ce normal?

Réponse 22 / 53

Utilisateur anonyme
11 févr. 2009 à 15:09

sans module complementaire

on y vient on a pas fini :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Réponse 23 / 53

JoKeR974
12 févr. 2009 à 12:42

ok,pas de soucis...
voila findykill:

############################## [ FindyKill V4.716 ]

# User : Krystel (Administrateurs) # XPSP2-75E3DCA19
# Update on 10/02/09 by Chiquitine29
# Start at: 22:02:37 | 12/02/2009

# Intel(R) Celeron(R) M CPU 410 @ 1.46GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # NTFS
# F:\ # Disque CD-ROM
# H:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Krystel\Application Data ]

################## [ Cleaning Temp Files... ]

################## [ Registry / Infected keys ]

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio # Type of startup = 3

EapHost # Type of startup = 2

Ip6Fw # Type of startup = 2

SharedAccess # Type of startup = 2

wuauserv # Type of startup = 2

wscsvc # Type of startup = 2

################## [ Cleaning Removable drives ]

# Deleting files :

Deleted ! - E:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# -> Nothing found ! ..

################## [ ! End of Report # FindyKill V4.716 ! ]

Réponse 24 / 53

Utilisateur anonyme
12 févr. 2009 à 12:56

salut redemarre ton pc et renvoie un rsit s'il te plait(log.txt uniquement)

Réponse 25 / 53

JoKeR974
13 févr. 2009 à 14:43

salut hackman, voila le rapport rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-14 00:03:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:32, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krystel\Mes documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 26 / 53

Utilisateur anonyme
13 févr. 2009 à 17:48

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour DamonX, il n'est pas transposable sur un autre ordinateur !

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

Folder::
C:\Program Files\NETGATE
C:\Documents and Settings\Krystel\Application Data\NETGATE
C:\Documents and Settings\Krystel\Application Data\Spy Emergency
C:\Documents and Settings\All Users\Application Data\NETGATE
C:\Documents and Settings\All Users\Application Data\Spy Emergency
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

Réponse 27 / 53

JoKeR974
14 févr. 2009 à 03:38

salut , voila, j'ai fait exactement ce que tu m'as dit:

ComboFix 09-02-12.03 - Krystel 2009-02-14 12:46:10.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.894.596 [GMT 1:00]
Lancé depuis: c:\documents and settings\Krystel\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Krystel\Bureau\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\NETGATE
c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergency.pfa
c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergency.pfa.bak
c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergencySpam.pfa
c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\Infiltration\SpyEmergencySpam.pfa.bak
c:\documents and settings\All Users\Application Data\NETGATE\Spy Emergency\install.log
c:\documents and settings\Krystel\Application Data\Spy Emergency
c:\documents and settings\Krystel\Application Data\Spy Emergency\Cage\Cage.pfa
c:\documents and settings\Krystel\Application Data\Spy Emergency\Keeplist\Keeplist.pfa
c:\documents and settings\Krystel\Application Data\Spy Emergency\Log\LogFile_2009-02-13.txt
c:\documents and settings\Krystel\Application Data\Spy Emergency\Log\LogFile_2009-02-14.txt
c:\documents and settings\Krystel\Application Data\Spy Emergency\news.ini
c:\documents and settings\Krystel\Application Data\Spy Emergency\settings.ini
c:\program files\NETGATE
c:\program files\NETGATE\Spy Emergency 2008\gateway.pem
c:\program files\NETGATE\Spy Emergency 2008\Languages\Arabic\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\ChineseS\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\ChineseT\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Czech\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Dutch\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\English\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\French\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Hungarian\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Italiano\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Polish\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Portuguese\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Russian\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Slovak\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Slovenian\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Languages\Spanish\default.ini
c:\program files\NETGATE\Spy Emergency 2008\libeay32.dll
c:\program files\NETGATE\Spy Emergency 2008\License.txt
c:\program files\NETGATE\Spy Emergency 2008\manual.pdf
c:\program files\NETGATE\Spy Emergency 2008\menuext.dll
c:\program files\NETGATE\Spy Emergency 2008\Readme.txt
c:\program files\NETGATE\Spy Emergency 2008\semi.dll
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Blue\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Default\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Gold\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Green\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Red\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\bottom_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_about.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_help.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_large.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_max.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\button_min.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\check_button.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\check_button_list.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\default.ini
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\dialog.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\dialog_big.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\menu.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\right_center.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_back.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_down.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider1.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider2.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_slider3.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_tree.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\scrollbar_up.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_left.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_right.png
c:\program files\NETGATE\Spy Emergency 2008\Skins\Silver\top_title.png
c:\program files\NETGATE\Spy Emergency 2008\spyemergency.chm
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.mof
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyCmd.exe
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyDel.vbs
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyElevator.exe
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyEMI.exe
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyOff.vbs
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencyOn.vbs
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySkin.exe
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
c:\program files\NETGATE\Spy Emergency 2008\ssleay32.dll
c:\program files\NETGATE\Spy Emergency 2008\Tools\SeAnalyzerTool.exe
c:\program files\NETGATE\Spy Emergency 2008\Trial\tp.bmp
c:\program files\NETGATE\Spy Emergency 2008\Trial\tp.rtf
c:\program files\NETGATE\Spy Emergency 2008\unins000.dat
c:\program files\NETGATE\Spy Emergency 2008\unins000.exe
c:\program files\NETGATE\Spy Emergency 2008\unrar.dll
c:\program files\NETGATE\Spy Emergency 2008\warning.wav
c:\program files\NETGATE\Spy Emergency 2008\webspam.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
.

2009-02-14 00:22 . 2009-02-14 00:22 <REP> d-------- c:\documents and settings\Krystel\Application Data\Se Analyzer Tool SA
2009-02-13 23:31 . 2008-08-11 16:13 15,288 --a------ c:\windows\system32\drivers\spyemrg_access.sys
2009-02-13 23:31 . 2008-02-05 11:10 14,392 --a------ c:\windows\system32\drivers\spyemrg_guard.sys
2009-02-13 23:31 . 2008-02-05 11:10 12,344 --a------ c:\windows\system32\drivers\spyemrg.sys
2009-02-12 22:12 . 2009-02-12 22:12 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-12 22:11 . 2009-02-12 22:11 584 --a------ c:\windows\imsins.BAK
2009-02-12 00:22 . 2009-02-12 22:03 <REP> d-------- c:\program files\FindyKill
2009-02-09 19:48 . 2009-02-09 19:47 512,096 --a------ c:\windows\system32\drivers\amon.sys
2009-02-09 19:48 . 2009-02-09 19:47 298,104 --a------ c:\windows\system32\imon.dll
2009-02-09 19:48 . 2009-02-09 19:47 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2009-02-06 20:43 . 2009-02-06 20:43 0 --a------ c:\windows\nsreg.dat
2009-02-06 17:04 . 2009-02-06 17:04 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-06 17:01 . 2009-02-06 17:01 <REP> d-------- c:\windows\ERUNT
2009-02-06 14:28 . 2009-02-06 17:17 <REP> d-------- C:\SDFix
2009-02-06 14:18 . 2009-02-06 14:18 <REP> d-------- C:\_OTMoveIt
2009-02-06 13:06 . 2009-02-06 13:07 <REP> d-------- C:\rsit
2009-02-06 12:38 . 2009-02-06 12:38 <REP> d-------- c:\program files\Trend Micro
2009-02-06 11:51 . 2009-02-06 11:51 <REP> d-------- c:\windows\system32\config\systemprofile\Bureau
2009-02-06 11:45 . 2009-02-06 11:49 63 --a------ c:\windows\system\SysSD.dll
2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe.bak
2009-02-06 09:41 . 2008-05-03 16:15 23,096 --a------ c:\windows\system32\sremcon.exe
2009-02-02 15:07 . 2009-02-02 15:07 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-02 15:07 . 2009-02-02 15:07 1,409 --a------ c:\windows\QTFont.for
2009-02-01 18:57 . 2009-02-01 18:57 <REP> d-------- c:\documents and settings\Krystel\DoctorWeb
2009-02-01 18:48 . 2009-02-01 18:48 <REP> d-------- c:\program files\CCleaner
2009-02-01 13:55 . 2009-02-06 22:36 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-01 13:55 . 2009-02-01 13:57 37,888 --a------ c:\windows\system32\rar.exe
2009-02-01 13:55 . 2009-02-01 19:27 97 --a------ c:\windows\system32\Chan1.dat
2009-02-01 13:55 . 2009-02-01 13:55 0 --a------ c:\windows\system32\Installed.dat
2009-01-18 16:36 . 2009-01-18 16:36 <REP> d-------- c:\windows\system32\Lang
2009-01-18 16:20 . 2009-01-18 16:33 <REP> d-------- c:\documents and settings\Krystel\Application Data\Vso
2009-01-18 16:20 . 2009-01-18 16:20 94,208 --a------ c:\windows\system32\drivers\ezplay.sys
2009-01-18 16:20 . 2009-01-18 16:33 94,208 --a------ c:\documents and settings\Krystel\Application Data\ezplay.sys
2009-01-18 16:20 . 2009-01-18 16:20 47,360 --a------ c:\documents and settings\Krystel\Application Data\pcouffin.sys
2009-01-17 03:02 . 2009-01-17 03:02 <REP> d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2009-01-15 18:43 . 2009-01-15 18:43 51 --a------ c:\windows\system32\blue.SITENAME
2009-01-15 18:42 . 2002-09-24 11:12 2,653,888 --a------ c:\windows\system32\LTRDG13n.OCX
2009-01-15 18:42 . 2002-09-24 11:12 534,192 --a------ c:\windows\system32\LTRVW13N.OCX
2009-01-15 18:42 . 2002-09-24 11:12 466,624 --a------ c:\windows\system32\LTRPR13n.DLL
2009-01-15 18:42 . 2005-07-12 14:25 401,408 --a------ c:\windows\system32\pvmjpg30.dll
2009-01-15 18:42 . 2002-09-24 11:12 194,248 --a------ c:\windows\system32\LTRFD13n.DLL
2009-01-15 18:42 . 2002-09-24 11:12 185,856 --a------ c:\windows\system32\lfpng13s.dll
2009-01-15 18:42 . 2002-09-24 11:12 79,360 --a------ c:\windows\system32\lfeps13s.dll
2009-01-15 18:42 . 2002-09-24 11:12 74,752 --a------ c:\windows\system32\lfgif13s.dll
2009-01-15 18:42 . 2003-04-21 16:11 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-01-15 18:42 . 2009-01-15 18:43 404 --a------ c:\windows\VFO.VST
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.JP
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.IT
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.FR
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.ES
2009-01-15 18:40 . 2003-11-10 17:06 26,624 --------- c:\windows\system32\PSDrvCheck.DE
2009-01-15 18:40 . 2003-11-10 17:06 16,896 --------- c:\windows\system32\PSDrvCheck.NL
2009-01-15 18:40 . 2003-10-21 10:02 16,896 --------- c:\windows\system32\PSDrvCheck.KO
2009-01-15 18:38 . 2009-01-15 18:38 <REP> d-------- c:\program files\Microsoft SQL Server
2009-01-15 18:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-15 18:38 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll
2009-01-15 18:38 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll
2009-01-15 18:37 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll
2009-01-15 18:37 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll
2009-01-15 18:32 . 2009-01-15 18:34 <REP> d-------- c:\windows\system32\URTTemp
2009-01-15 18:27 . 2009-01-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-01-15 18:25 . 2009-01-15 18:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-15 18:24 . 2003-11-25 06:02 196,096 --a------ c:\windows\system32\macd32.dll
2009-01-15 18:24 . 2005-07-13 16:55 171,008 --a------ c:\windows\system32\drivers\MarvinBus.sys
2009-01-15 18:24 . 2003-11-25 06:02 138,752 --a------ c:\windows\system32\mase32.dll
2009-01-15 18:24 . 2003-11-25 06:02 136,192 --a------ c:\windows\system32\mamc32.dll
2009-01-15 18:24 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL
2009-01-15 18:24 . 2003-11-25 06:02 57,856 --a------ c:\windows\system32\masd32.dll
2009-01-15 18:24 . 2003-11-25 06:02 27,648 --a------ c:\windows\system32\ma32.dll
2009-01-15 18:24 . 2009-01-15 18:43 361 --a------ c:\windows\VFO.INI
2009-01-15 18:23 . 2004-02-24 13:04 41,219 --a------ c:\windows\RSETPATH.exe
2009-01-15 18:21 . 2009-01-15 18:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\windows\system\cmstp.exe
2009-01-15 18:06 . 2009-01-15 18:06 81,920 --a------ c:\documents and settings\Krystel\Application Data\spoolsv.exe
2009-01-15 17:58 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2009-01-14 20:47 . 2009-01-14 20:47 118 --a------ c:\windows\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 10:28 --------- d-----w c:\program files\eMule
2009-02-12 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-09 21:11 --------- d-----w c:\program files\ESET
2009-02-05 20:17 --------- d-----w c:\documents and settings\Krystel\Application Data\dvdcss
2009-02-01 15:09 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-18 15:34 --------- d-----w c:\program files\vso
2009-01-18 15:20 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-18 15:15 --------- d-----w c:\program files\QuickTime
2009-01-18 15:07 --------- d-----w c:\program files\Ashampoo
2009-01-16 23:17 --------- d-----w c:\documents and settings\Krystel\Application Data\VSO_HWE
2009-01-15 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-01-15 17:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 17:41 --------- d-----w c:\program files\Pinnacle
2009-01-08 10:15 --------- d-----w c:\program files\Microsoft Games
2009-01-07 19:36 --------- d-----w c:\program files\Google
2008-12-27 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-26 23:59 --------- d-----w c:\documents and settings\Krystel\Application Data\AdobeUM
2008-12-26 23:29 --------- d-----w c:\documents and settings\Krystel\Application Data\Steinberg
2008-12-26 23:23 --------- d-----w c:\program files\Syncrosoft
2008-12-26 23:18 --------- d-----w c:\program files\Steinberg
2008-12-26 18:38 --------- d-----w c:\program files\Microsoft Works
2008-12-26 18:37 --------- d-----w c:\program files\MSBuild
2008-12-26 11:32 --------- d-----w c:\program files\Larousse
2008-12-26 11:31 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Lite
2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools Pro
2008-12-26 11:28 --------- d-----w c:\documents and settings\Krystel\Application Data\DAEMON Tools
2008-12-26 11:27 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-26 11:27 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-26 11:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-26 02:37 --------- d-----w c:\documents and settings\Krystel\Application Data\InstallShield
2008-12-26 00:51 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-26 00:50 --------- d-----w c:\documents and settings\Krystel\Application Data\TuneUp Software
2008-12-26 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-26 00:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 13:15 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-23 02:35 --------- d-----w c:\program files\WebCamDV
2008-12-21 03:03 --------- d-----w c:\documents and settings\Krystel\Application Data\vlc
2008-12-21 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2008-12-21 02:49 --------- d-----w c:\documents and settings\Krystel\Application Data\Nero
2008-12-21 02:43 --------- d-----w c:\program files\Fichiers communs\Nero
2008-12-21 02:31 --------- d-----w c:\program files\Nero
2008-12-21 02:30 --------- d-----w c:\program files\Windows Sidebar
2008-12-21 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-21 00:54 --------- d-----w c:\program files\PSCS2
2008-12-21 00:53 --------- d-----w c:\program files\PSCS2Updater
2008-12-21 00:45 --------- d-----w c:\program files\Windows Resource Kits
2008-12-21 00:34 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2008-12-21 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-20 23:51 64,956 ----a-w c:\windows\BricoPackUninst.cmd
2008-12-20 23:51 6,118 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-12-19 23:39 --------- d-----w c:\program files\VideoLAN
2008-12-19 22:27 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-19 22:27 --------- d-----w c:\program files\Windows Live
2008-12-19 22:27 --------- d-----w c:\program files\Microsoft
2008-12-19 22:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-19 14:55 --------- d-----w c:\program files\Synaptics
2008-12-19 14:49 --------- d-----w c:\program files\ATI Technologies
2008-12-19 14:46 --------- d-----w c:\program files\DIFX
2008-12-19 14:29 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe

2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_19.39.32.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-25 16:44:10 57,344 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\osql.exe
+ 2008-05-25 16:44:10 163,840 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\replmerg.exe
+ 2008-05-25 16:44:10 315,392 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\replrec.dll
+ 2008-05-25 16:44:16 9,154,560 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\sqlservr.exe
+ 2008-12-18 09:49:42 2,322,432 -c----w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\PINNACLESYS\sqlstpcustomdll.dll
+ 2008-12-18 09:49:42 57,344 ----a-w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\OSQL.exe
+ 2008-12-07 18:46:12 213,216 ------w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe
+ 2008-12-18 09:49:42 2,322,432 ----a-w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
+ 2008-12-07 18:46:12 371,424 ------w c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\updspapi.dll
+ 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:37:56 3,866,112 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2009-01-15 10:43:28 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-12 21:11:55 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-15 10:43:28 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 21:11:56 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-15 10:43:28 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-12 21:11:55 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-15 10:43:28 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-12 21:11:56 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-15 10:43:28 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 21:11:56 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-15 10:43:28 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 21:11:56 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-15 10:43:29 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 21:11:56 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-15 10:43:28 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 21:11:56 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-15 10:43:28 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 21:11:56 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-15 10:43:28 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-12 21:11:56 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-15 10:43:29 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 21:11:56 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-15 10:43:28 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 21:11:55 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-26 23:58:07 23,558 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\ARPPRODUCTICON.exe
+ 2009-02-12 13:20:47 23,558 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\ARPPRODUCTICON.exe
- 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:18:31 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:18:31 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:46:49 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:12:20 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:46:54 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:18:36 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:18:40 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:18:40 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:47:01 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:18:41 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:47:02 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:47:02 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:18:41 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:47:02 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:47:03 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:18:43 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:47:04 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:18:31 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:18:31 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:46:49 133,120 ------w c:\windows\system32\extmgr.dll
- 2009-02-06 14:29:58 306,808 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-12 21:16:49 306,808 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:12:20 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:18:32 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:18:35 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:46:54 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:18:36 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 ------w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:37:56 3,866,112 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:18:40 477,696 ------w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:18:40 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-12-20 22:47:01 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 20:18:41 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-12-20 22:47:02 671,232 ------w c:\windows\system32\mstime.dll
- 2008-10-16 20:18:41 164,352 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll
- 2009-02-09 18:30:39 61,558 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-14 11:38:42 61,558 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-09 18:30:39 72,546 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-02-14 11:38:43 72,546 ----a-w c:\windows\system32\perfc00C.dat
- 2009-02-09 18:30:39 401,418 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-14 11:38:43 401,418 ----a-w c:\windows\system32\perfh009.dat
- 2009-02-09 18:30:39 466,258 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-02-14 11:38:43 466,258 ----a-w c:\windows\system32\perfh00C.dat
- 2008-10-16 20:18:41 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 ------w c:\windows\system32\pngfilt.dll
- 2008-10-16 20:18:41 62,464 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:18:42 1,233,920 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:18:42 394,240 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:18:43 817,152 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 22:47:04 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-14 11:50:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_290.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-11 133104]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-15 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-09 949376]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Krystel\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Hyperappel du Petit Larousse 2008.lnk - c:\program files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe [2008-12-26 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/usremcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-09 15424]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2009-02-13 12344]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-27 33792]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [2009-02-13 15288]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2009-02-13 14392]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NOD32krn
*Deregistered* - PinnacleSys.MediaServer
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - UxTuneUp
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-507921405-725345543-1003.job
- c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-11 09:54]

2009-02-14 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Krystel\Application Data\Mozilla\Firefox\Profiles\vgb8987j.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Krystel\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 12:52:01
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,86,e9,a9,a0,81,
8a,85,fd,2e,e8,e1,00,eb,16,2b,de,99,6d,c9,14,41,87,32,0e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c9,ff,1e,d0,d6,
96,6f,db,46,47,15,b0,92,4b,c7,ef,b1,ea,84,80,31,23,01,3c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,2c,96,22,db,a8,
29,32,b0,7a,45,05,fd,91,e8,6f,31,a9,3b,72,b4,4c,6a,3c,b7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,67,8b,45,20,30,
40,9f,53,6b,65,49,6a,7e,99,74,f7,92,bb,53,a0,83,d2,14,03,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,56,a1,44,46,03,
dc,cc,08,e9,02,6c,fa,fb,1d,47,57,92,62,09,75,63,04,0a,05,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,03,d2,90,2d,d0,
2f,50,4f,50,93,e5,ab,ec,6a,4e,ab,62,06,c7,f4,10,75,31,f8,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,94,16,30,a5,de,
10,77,55,97,20,4e,9a,c7,f1,35,ee,66,89,75,70,ca,98,bd,f8,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ef,78,ac,3d,08,
fd,4f,28,aa,52,c6,00,84,3c,26,64,38,35,dd,84,16,33,4d,e0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f5,0f,09,f9,a1,
39,da,fe,b2,46,9a,e2,1b,fe,1b,94,ec,ea,bb,30,e6,79,29,4b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,46,b1,7c,8b,0e,
8b,c6,9f,37,a4,aa,c3,a6,15,56,0a,85,44,27,08,d5,a9,17,7b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3d,a5,9a,2e,71,
19,1b,7f,f8,31,0f,a9,5f,a0,ec,fb,ca,f3,22,9c,da,9b,1d,e1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bd,21,16,ac,87,
15,68,68,05,73,21,dd,54,d8,4a,c5,e0,12,4b,f7,ca,a3,12,f3,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\scecli.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Ashampoo\Ashampoo Magic

Réponse 28 / 53

Utilisateur anonyme
14 févr. 2009 à 15:15

ok

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\windows\system32\drivers\spyemrg_guard.sys
c:\windows\system32\drivers\spyemrg_access.sys
c:\windows\system32\drivers\spyemrg.sys

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite relance le log.txt de rsit dtp

Réponse 29 / 53

JoKeR974
15 févr. 2009 à 01:28

salut, voila le rapport de OTmoveit3 après reboot:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\drivers\spyemrg_guard.sys moved successfully.
c:\windows\system32\drivers\spyemrg_access.sys moved successfully.
c:\windows\system32\drivers\spyemrg.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_1y1wYU01SYLuwcH scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_TWDs8pcJd1bSPrw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_290.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_104715

Files moved on Reboot...
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_1y1wYU01SYLuwcH not found!
File C:\DOCUME~1\Krystel\LOCALS~1\Temp\etilqs_TWDs8pcJd1bSPrw not found!
File C:\WINDOWS\temp\Perflib_Perfdata_290.dat not found!

Réponse 30 / 53

Utilisateur anonyme
15 févr. 2009 à 01:31

ok bonsoir renvoie rsit s'il te plait

Réponse 31 / 53

JoKeR974
15 févr. 2009 à 01:37

voila le log de rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-15 10:57:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:29, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Krystel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 32 / 53

Utilisateur anonyme
15 févr. 2009 à 01:45

Run by Krystel at 2009-02-15 10:57:34

lol

Réponse 33 / 53

JoKeR974
15 févr. 2009 à 01:56

lol...

Réponse 34 / 53

JoKeR974
15 févr. 2009 à 01:59

J'habite en Australie, je te l'ai dit non? c pour ca, il est 11h du mat ici, et ma femme c krystel, je squatte son ordi grave... lol

Réponse 35 / 53

Utilisateur anonyme
15 févr. 2009 à 02:07

non c'etait pas pour ca qu je rigolais c'etait parce que ton post n etait pas complet

lol

Réponse 36 / 53

JoKeR974
15 févr. 2009 à 02:14

hein? ah ouai? m....! lol, tu veux que je le renvoie? pourtant il s'affiche complet la...

Réponse 37 / 53

Utilisateur anonyme
15 févr. 2009 à 02:15

il sera complet quand je verrai EOF a la fin

lol

Réponse 38 / 53

JoKeR974
15 févr. 2009 à 02:27

scuse moi, je te le renvoie complet cette fois ci:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Krystel at 2009-02-15 10:57:34
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 25 GB (33%) free of 76 GB
Total RAM: 894 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:29, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Krystel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Krystel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Krystel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = C:\Program Files\Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 39 / 53

JoKeR974
15 févr. 2009 à 02:30

je comprends pas je copie tout pourtant, ta pis voila la suite, j'espere que ca va etre bon cete fois ci:
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-02-09 15424]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-02-09 512096]
R2 WebCamDV;WebCamDV DV to Webcam Converter; C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 212608]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-11 1414656]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-07-13 171008]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-01-18 47360]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-08-02 384384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-28 193056]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device; C:\WINDOWS\system32\drivers\wcdvaud.sys [2004-01-30 12672]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys []
S3 aps2vwli;aps2vwli; C:\WINDOWS\system32\drivers\aps2vwli.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2009-01-18 94208]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AshampooDefragService;Ashampoo Defrag Service; C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe [2008-04-18 746848]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-11 393216]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2008-12-18 9158656]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-02-09 552064]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-21 72704]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-26 355584]
S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

Réponse 40 / 53

Utilisateur anonyme
15 févr. 2009 à 02:32

relances Combofix stp

Impossible de lancer IE

53 réponses

Discussions similaires