Slt

tu post depuis un autre pc?


tu as quel antivirus?

Ouep je post depuis un autre pc.

Le pc concerné par le problème est un pc d'entreprise, le seul antivirus protège le réseau mais pas la machine même. Je ne peux pas encore te dire de quel antivirus il s'agit.

Il est connécté au net ou pas?

Ouep

Scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php­­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit


________________________

il faudra mettre a jour open office: le lancer puis AIDE puis MISE A JOUR

et remplacer la version d'adobe par la version 9

Oké je m'occupes de ça et je te poste les rapports.

J'ai lancé l'analyse mais cela risque de prendre un peu de temps.

Non un scan rapide mets moins d'une heure voire moins de 10 minutes

Effectivement j'suis partis trop tôt.

Alors donc, l'analyse avec malwarebyte n'a rien donné :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1947
Windows 5.1.2600 Service Pack 2

07/04/2009 13:44:31
mbam-log-2009-04-07 (13-44-31).txt

Type de recherche: Examen rapide
Eléments examinés: 82433
Temps écoulé: 6 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Ensuite voila les rapports récupérés avec RSIT :

log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by ldy at 2009-04-07 13:47:10
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 70 GB (88%) free of 80 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:15, on 07/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vim\vim72\gvim.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Vim\vim72\gvim.exe
D:\AVG Anti-Spyware 7.5\guard.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ldy\Bureau\RSIT.exe
G:\ldy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e8-server/~twiki/bin/view/Main/WebHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e8-server/~twiki/bin/view/Main/WebHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=squid.f4-toys.com:3128;https=squid.f4-toys.com:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;beta.exalight.fr;e8-server;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://e8-server/~twiki/bin/view/Main/WebHome
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = F4-toys.com
O17 - HKLM\Software\..\Telephony: DomainName = f4-toys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = F4-toys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = F4-toys.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
End of file - 6630 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SogouImeMgr.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [2005-02-07 203464]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"!AVG Anti-Spyware"=D:\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

C:\Documents and Settings\ldy\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=D:\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Psi\psi.exe"="C:\Program Files\Psi\psi.exe:*:Enabled:psi"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-04-07 13:47:10 ----D---- C:\rsit
2009-04-07 13:05:47 ----D---- C:\Documents and Settings\ldy\Application Data\Malwarebytes
2009-04-07 13:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-07 11:28:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 11:04:03 ----D---- C:\Documents and Settings\ldy\Application Data\Grisoft
2009-04-07 11:03:56 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-04-06 16:17:52 ----D---- C:\Documents and Settings\ldy\Application Data\PSpad
2009-04-06 16:17:39 ----A---- C:\WINDOWS\isRS-000.tmp
2009-04-06 16:02:27 ----D---- C:\Documents and Settings\ldy\Application Data\Notepad++
2009-04-06 16:00:01 ----D---- C:\Documents and Settings\ldy\Application Data\SogouPY.users
2009-04-06 14:56:29 ----D---- C:\Documents and Settings\ldy\Application Data\F4
2009-04-06 14:56:14 ----D---- C:\Program Files\Empire of Sports
2009-04-06 11:22:28 ----D---- C:\Documents and Settings\ldy\Application Data\OpenOffice.org2
2009-04-06 11:15:23 ----D---- C:\Documents and Settings\ldy\Application Data\Subversion
2009-04-06 11:04:46 ----D---- C:\Documents and Settings\ldy\Application Data\Thunderbird
2009-04-06 11:04:46 ----D---- C:\Documents and Settings\ldy\Application Data\Mozilla
2009-04-06 11:02:41 ----D---- C:\Documents and Settings\ldy\Application Data\ATI
2009-04-06 11:02:35 ----D---- C:\Documents and Settings\ldy\Application Data\Identities
2009-04-06 11:02:28 ----SD---- C:\Documents and Settings\ldy\Application Data\Microsoft
2009-04-06 11:02:28 ----ASH---- C:\Documents and Settings\ldy\Application Data\desktop.ini

======List of files/folders modified in the last 1 months======

2009-04-07 13:46:53 ----D---- C:\WINDOWS\Prefetch
2009-04-07 13:05:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-07 11:47:19 ----D---- C:\WINDOWS\Temp
2009-04-07 11:41:24 ----D---- C:\Program Files\Mozilla Firefox
2009-04-07 11:26:38 ----D---- C:\Program Files\OCS Inventory Agent
2009-04-07 11:13:23 ----D---- C:\Program Files\Mozilla Thunderbird
2009-04-07 11:02:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-07 09:56:52 ----D---- C:\WINDOWS
2009-04-07 09:49:48 ----D---- C:\WINDOWS\security
2009-04-07 09:43:59 ----D---- C:\ocs-ng
2009-04-07 09:43:38 ----D---- C:\Program Files\PSPad editor
2009-04-06 19:35:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-06 15:17:52 ----SHD---- C:\RECYCLER
2009-04-06 15:11:59 ----D---- C:\WINDOWS\system32
2009-04-06 14:56:14 ----D---- C:\Program Files
2009-04-06 14:53:38 ----D---- C:\Program Files\Fichiers communs
2009-04-06 11:03:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-06 11:02:38 ----SHD---- C:\WINDOWS\Installer
2009-04-06 11:02:29 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-06 11:02:27 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\D:\AVG Anti-Spyware 7.5\guard.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 RTL8023xp;D-Link DGE-528T Gigabit Ethernet Adapter NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\DLKRTXP.SYS [2007-08-28 83456]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-06 242320]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; D:\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 OCS INVENTORY;OCS INVENTORY SERVICE; C:\Program Files\OCS Inventory Agent\ocsservice.exe [2007-02-27 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-09 2814264]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]

-----------------EOF-----------------

info :
info.txt logfile of random's system information tool 1.06 2009-04-07 13:47:18

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5-->D:\AVG Anti-Spyware 7.5\Uninstall.exe
Beyond Compare Version 2.5.3-->"C:\Program Files\Beyond Compare 2\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Empire of Sports 1.306-->C:\Program Files\Empire of Sports\Uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"G:\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Network Connections 13.2.8.0-->MsiExec.exe /i{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} ARPREMOVE=1
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Malwarebytes' Anti-Malware-->"D:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Toolbar-->C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\mtbs.exe c
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OCS Inventory Agent 4.0.3.2-->C:\Program Files\OCS Inventory Agent\uninst.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.0-->MsiExec.exe /I{E2C356F6-84B5-4CCB-8FED-12E0F1C2E97B}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Poedit-->"C:\Program Files\Poedit\unins000.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Sogou Pinyin 4.0 Final Version-->"C:\Program Files\SogouInput\4.0.0.2093\Uninstall.exe"
Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy\unins000.exe"
TortoiseSVN 1.4.7.11792 (32 bit)-->MsiExec.exe /X{0CEBB8A4-8057-4823-8746-95ABBBE2F40E}
UniRed-->C:\Program Files\UniRed\inst.exe /u
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vim 7.2 (self-installing)-->C:\Program Files\Vim\vim72\uninstall-gui.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

======System event log======

Computer Name: LJA
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 14
Source Name: Service Control Manager
Time Written: 20090105140257.000000+060
Event Type: Informations
User:

Computer Name: LJA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 13
Source Name: Service Control Manager
Time Written: 20090105140257.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LJA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Téléphonie.

Record Number: 12
Source Name: Service Control Manager
Time Written: 20090105140257.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LJA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Lanceur de processus serveur DCOM.

Record Number: 11
Source Name: Service Control Manager
Time Written: 20090105140257.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LJA
Event Code: 115
Message: Le suivi de la Restauration système a été activé sur tous les lecteurs.

Record Number: 10
Source Name: SRService
Time Written: 20090105140254.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LJA
Event Code: 1704
Message: La stratégie de sécurité dans les objets Stratégie de groupe a été appliquée correctement.

Record Number: 912
Source Name: SceCli
Time Written: 20090225094536.000000+060
Event Type: Informations
User:

Computer Name: LJA
Event Code: 19
Message: OCS INFO: Service started successfully with parameters FREQ: 24, OLD_FREQ: 24, TTO_WAIT: 45900.

Record Number: 911
Source Name: OCS INVENTORY SERVICE
Time Written: 20090225094520.000000+060
Event Type: Informations
User:

Computer Name: LJA
Event Code: 20
Message: OCS ERROR: Can't get private profile string.

Record Number: 910
Source Name: OCS INVENTORY SERVICE
Time Written: 20090225094520.000000+060
Event Type: erreur
User:

Computer Name: LJA
Event Code: 20
Message: OCS ERROR: Can't get private profile string.

Record Number: 909
Source Name: OCS INVENTORY SERVICE
Time Written: 20090225094520.000000+060
Event Type: erreur
User:

Computer Name: LJA
Event Code: 20
Message: OCS ERROR: Can't get private profile string.

Record Number: 908
Source Name: OCS INVENTORY SERVICE
Time Written: 20090225094520.000000+060
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Merci pour ton aide =)

Merci pour le conseil.

Effectivement j'avais chercher de ce côté là puisque c'etait l'un des process qui prenait le plus de mémoire. Je vais regarder si il y a possibilité de paramétrer la gestion du cache pour qu'il gonfle moins rapidement.

Pas d'antivirus? mets antivir et colle un rapport avec:


antivir: http://www.01net.com/...


manuel
http://www.libellules.ch/tuto_antivir.php