message d'erreur: wscript.exeRésolu/Fermé

Question

Bonjour,
à chaque fois que j'essaie d'ouvrir  par double clic un lecteur du disque dur un message d'erreur apparait:

windows ne trouve pas "wscript.exe" . vérifiez que vous avez entré le nom correctement et essayez de nouveau. pour rechercher un fichier,cliquez sur le bouton démarrer, puis sur rechercher

par contre ça s'ouvre quand je clique sur le bouton droit puis sur ouvrir

nb: j'avais juste avant un problème de trojan/dropper.gem j'ai scanné avec malawarbytes antimalaware et jé supprimé les fichiers détéctés et sur hijacktkis aussi, mon antivirus c'est  antivir, jé aussi spybot sd et zone alarm pro
merci d'avance

V-X · Accepted Answer

Salut,

Poste ton rapport hijackthis STP.

narcis6 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:11, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

V-X · Answer

Re,

Fait sa ,

&#x25B6 Démarre Spybot, clique sur Mode, coche Mode avancé
 
&#x25B6A gauche, clique sur Outils, puis sur Résident

&#x25B6 Décoche la case devant Résident "TeaTimer" :

http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
 
&#x25B6Quitte Spybot

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

&#x25B6 Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

&#x25B6 Double clique sur RSIT.exe pour lancer l'outil.

&#x25B6 Clique sur ' continue ' à l'écran Disclaimer.

&#x25B6 Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

&#x25B6 Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

narcis6 · Answer

d'abord merci d'avoir répondu aussitôt

le rapport



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-20 21:28:56
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:12, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Program Files\Real\RealPlayer\RecordingManager.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

narcis6 · Answer

mais pas de rapport "info.text"!!!

V-X · Answer

Re,

&#x25B6 Telecharge et install UsbFix de C_XX & Chiquitine29

&#x25B6 Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#x25B6 Double clic sur le raccourci UsbFix présent sur ton bureau .

&#x25B6 Choisi l option 1 ( Recherche )

&#x25B6 Laisse travailler l outil.

&#x25B6 Ensuite post le rapport UsbFix.txt qui apparaitra.

&#x25B6 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

narcis6 · Answer

############################## [ UsbFix V3.010 ] 

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 08:56:26 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# C:\ # Disque amovible # 3,78 Go (3,78 Go free) [USB DISK] # FAT32
# D:\ # Disque amovible # 123,36 Mo (20 Mo free) [MOHAMMEDIA] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (46,07 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (48,58 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,75 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM
 
############################## [ Processus actifs ] 
 
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ] 

HKCU_Main:  "Local Page"="H:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="about:blank" 
HKLM_logon: "Userinit"="H:\WINDOWS\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="administrateur" 
HKLM_logon: "AltDefaultUserName"="administrateur" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit 
HKLM_Run:    RTHDCPL=RTHDCPL.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe 
HKLM_Run:    NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
HKLM_Run:    Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
HKLM_Run:    ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" 
HKLM_Run:    PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray 
HKLM_Run:    DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE 
HKLM_Run:    RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe" 
HKLM_Run:    TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"  
HKCU_Run:    uTorrent="H:\Program Files\uTorrent\uTorrent.exe"  
HKCU_Run:    PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog  
HKCU_Run:    Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  
HKCU_Run:    autoclk=autoclk.exe  
HKCU_Run:    L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m  
HKCU_Run:    MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  

################## [ Informations ] 
 
# Contenu de l'autorun C:\autorun.inf 
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
 
# Contenu de l'autorun H:\autorun.inf 
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
 
# Contenu de l'autorun I:\autorun.inf 
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
 
# Contenu de l'autorun J:\autorun.inf 
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
 
# Contenu de l'autorun K:\autorun.inf 
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg
 

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 

################## [ Fichiers # Dossiers infectieux ] 

Found ! C:\winfile.jpg  
Found ! C:\autorun.inf  
Found ! H:\Administrateur.exe  
Found ! H:\autorun.inf  
Found ! I:\winfile.jpg  
Found ! I:\autorun.inf  
Found ! J:\winfile.jpg  
Found ! J:\autorun.inf  
Found ! K:\winfile.jpg  
Found ! K:\autorun.inf  
 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
HKCU\Software\Microsoft\....\MountPoints2\{2e0cf896-253b-11de-a6c8-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{592adf2a-9e54-11dd-8e45-0018370a5e26}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{9e7d50c4-2c36-11de-a6d6-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d2-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d3-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d4-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d5-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

V-X · Answer

Re,

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#x25B6 Double clic sur le raccourci UsbFix présent sur ton bureau
 
&#x25B6 Choisi l option 2 ( Suppression )

&#x25B6 Ton bureau disparaitra et le pc redémarrera .

&#x25B6 Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

&#x25B6 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

&#x25B6 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

narcis6 · Answer

############################## [ UsbFix V3.010 ] 

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 16:53:01 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# C:\ # Disque amovible # 3,78 Go (3,78 Go free) [USB DISK] # FAT32
# D:\ # Disque amovible # 123,36 Mo (20 Mo free) [MOHAMMEDIA] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (46,08 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (48,58 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,75 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM
 
############################## [ Processus actifs ] 
 
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\userinit.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ] 

Deleted ! C:\winfile.jpg    
Deleted ! C:\autorun.inf    
Deleted ! H:\Administrateur.exe    
Deleted ! H:\autorun.inf    
Deleted ! I:\winfile.jpg    
Deleted ! I:\autorun.inf    
Deleted ! J:\winfile.jpg    
Deleted ! J:\autorun.inf    
Deleted ! K:\winfile.jpg    
Deleted ! K:\autorun.inf    
 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  

################## [  Registre # Startup ] 

HKCU_Main:  "Local Page"="H:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" 
HKCU_Main:  "Window Title"="" 
HKLM_logon: "Userinit"="H:\WINDOWS\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="" 
HKLM_logon: "AltDefaultUserName"="administrateur" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit 
HKLM_Run:    RTHDCPL=RTHDCPL.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe 
HKLM_Run:    NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
HKLM_Run:    Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
HKLM_Run:    ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" 
HKLM_Run:    PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray 
HKLM_Run:    DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE 
HKLM_Run:    RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe" 
HKLM_Run:    TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"  
HKCU_Run:    uTorrent="H:\Program Files\uTorrent\uTorrent.exe"  
HKCU_Run:    PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog  
HKCU_Run:    Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  
HKCU_Run:    autoclk=autoclk.exe  
HKCU_Run:    L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m  
HKCU_Run:    MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  
 
################## [ Registre # Mountpoints2 ] 
 
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2e0cf896-253b-11de-a6c8-00730446a1b6}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{592adf2a-9e54-11dd-8e45-0018370a5e26}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command   
 
################## [ Listing des fichiers présent ] 

H:\NTDETECT.COM  
H:\HijackThis.exe  
H:\boot.ini  
I:\antivir_workstation_winu_fr_h.exe  
I:\Firefox Setup 3.0.5.exe  
I:\freelang_freelang_-_dictionnaire_anglais-francais_francais_13765.exe  
I:\freelang_freelang_3.72_-_le_programme_francais_13765.exe  
I:
l_2010_mon.exe  
I:\setupfre.exe  
I:\zapSetup_70_462_000_fr.exe  
J:\HJTInstall.exe  
K:\DivXInstaller.exe  
K:\RealPlayer11GOLD_fr(2).exe  
K:\RealPlayer11GOLD_fr.exe  
K:\setupfrepro.exe  
K:\VLC_Portable_0.9.8a.paf.exe  
K:\vpsupd.exe  
K:\desktop.ini  

################## [ Vaccination ] 
 
# D:\autorun.inf -> Folder created by UsbFix.  
# H:\autorun.inf -> Folder created by UsbFix.  
# I:\autorun.inf -> Folder created by UsbFix.  
# J:\autorun.inf -> Folder created by UsbFix.  
# K:\autorun.inf -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

V-X · Answer

Re,

Désinstalle usbfix =>option 4.

Refait un log avec RSIT.

merci

narcis6 · Answer

merci à vous surtout
au fait le problème est reglé grace à vous
bonne journée



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

narcis6 · Answer

merci à vous surtout, le problème est réglé,
le rapport:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

narcis6 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

narcis6 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 17:58:32
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:54, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

narcis6 · Answer

le problème est résolu merci beaucoup à vous

V-X · Answer

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
h:\administrateur.exe

:commands
[emptytemp]
[start explorer]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

narcis6 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
h:\Administrateur.exe moved successfully.
========== COMMANDS ==========
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_cRfEIjUCxoT0av0sdE4d scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF374A.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3784.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD45.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEBF.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEE1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. H:\WINDOWS	emp\ZLT05e16.TMP scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS	emp\ZLT06321.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d01 scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d02 scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_181630

Files moved on Reboot...
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_cRfEIjUCxoT0av0sdE4d not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF374A.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3784.tmp not found!
H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD45.tmp moved successfully.
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEBF.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEE1.tmp not found!
File H:\WINDOWS	emp\ZLT05e16.TMP not found!
File H:\WINDOWS	emp\ZLT06321.TMP not found!
File H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d01 not found!
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d02 moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\XUL.mfl moved successfully.

V-X · Answer

Re,

Redémarre ton pc normalement et refait un log avec rsit.

merci

narcis6 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 19:48:43
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 48 GB (60%) free of 80 GB
Total RAM: 894 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:55, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

V-X · Answer

Re,

Relance usbfix option 1 STP.

merci

narcis6 · Answer

############################## [ UsbFix V3.010 ] 

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 20:05:53 | 22/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# C:\ # Disque amovible # 3,78 Go (3,78 Go free) [USB DISK] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (47,19 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (50,55 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,76 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM
 
############################## [ Processus actifs ] 
 
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ] 

HKCU_Main:  "Local Page"="H:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" 
HKCU_Main:  "Window Title"="" 
HKLM_logon: "Userinit"="H:\WINDOWS\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="administrateur" 
HKLM_logon: "AltDefaultUserName"="administrateur" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit 
HKLM_Run:    RTHDCPL=RTHDCPL.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe 
HKLM_Run:    NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
HKLM_Run:    Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
HKLM_Run:    ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" 
HKLM_Run:    PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray 
HKLM_Run:    DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE 
HKLM_Run:    RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe" 
HKLM_Run:    TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"  
HKCU_Run:    uTorrent="H:\Program Files\uTorrent\uTorrent.exe"  
HKCU_Run:    PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog  
HKCU_Run:    Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  
HKCU_Run:    autoclk=autoclk.exe  
HKCU_Run:    L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m  
HKCU_Run:    MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  

################## [ Informations ] 
 
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# K:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 

################## [ Fichiers # Dossiers infectieux ] 

Found ! H:\Administrateur.exe  
 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
HKCU\Software\Microsoft\....\MountPoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

V-X · Answer

Re,

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#x25B6 Double clic sur le raccourci UsbFix présent sur ton bureau
 
&#x25B6 Choisi l option 2 ( Suppression )

&#x25B6 Ton bureau disparaitra et le pc redémarrera .

&#x25B6 Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

&#x25B6 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

&#x25B6 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

narcis6 · Answer

salut
 jé branché deux autres clès usb j'ai recommancé la procédure avec usb fix, merci pour tout
le rapport:

############################## [ UsbFix V3.010 ] 

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 22:36:10 | 23/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# D:\ # Disque amovible # 963,48 Mo (676,72 Mo free) [PHILIPS UFD] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (46,93 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (50,55 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,76 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM
# Q:\ # Disque amovible # 7,46 Go (1,43 Go free) [NOLIMIT] # FAT32
 
############################## [ Processus actifs ] 
 
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ] 

HKCU_Main:  "Local Page"="H:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" 
HKCU_Main:  "Window Title"="" 
HKLM_logon: "Userinit"="H:\WINDOWS\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="administrateur" 
HKLM_logon: "AltDefaultUserName"="administrateur" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit 
HKLM_Run:    RTHDCPL=RTHDCPL.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe 
HKLM_Run:    NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
HKLM_Run:    Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
HKLM_Run:    ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" 
HKLM_Run:    PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray 
HKLM_Run:    DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE 
HKLM_Run:    RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe" 
HKLM_Run:    TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"  
HKCU_Run:    uTorrent="H:\Program Files\uTorrent\uTorrent.exe"  
HKCU_Run:    PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog  
HKCU_Run:    Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  
HKCU_Run:    autoclk=autoclk.exe  
HKCU_Run:    L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m  
HKCU_Run:    MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  

################## [ Informations ] 
 
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# K:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 

################## [ Fichiers # Dossiers infectieux ] 

 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
# -> Not Found !  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

V-X · Answer

Re,

Désinstalle USBFIX Option 4

Redémarre ton pc normalement et refait un log avec RSIT.

merci

narcis6 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-24 09:53:43
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 48 GB (60%) free of 80 GB
Total RAM: 894 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:54, on 24/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\WINDOWS\system32
vsvc32.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\autoclk.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

V-X · Answer

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
h:\administrateur.exe

:commands
[emptytemp]
[start explorer]
 


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

narcis6 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
h:\Administrateur.exe moved successfully.
========== COMMANDS ==========
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_hE2GZRF5n0SgxyF4D7cQ scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF365B.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CB2.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CD1.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDC7.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDE6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. H:\WINDOWS	emp\Perflib_Perfdata_444.dat scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS	emp\ZLT059f0.TMP scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS	emp\ZLT06b9e.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04252009_090915

Files moved on Reboot...
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_hE2GZRF5n0SgxyF4D7cQ not found!
H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF365B.tmp moved successfully.
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CB2.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CD1.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDC7.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDE6.tmp not found!
File H:\WINDOWS	emp\Perflib_Perfdata_444.dat not found!
File H:\WINDOWS	emp\ZLT059f0.TMP not found!
File H:\WINDOWS	emp\ZLT06b9e.TMP not found!
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite moved successfully.

V-X · Answer

Re,

Afficher les fichiers et dossiers cachés sous Windows Xp

&#x25B6 Double clic sur Poste de Travail,

&#x25B6 Sur le menu du haut vous cliquez sur "Outils"

&#x25B6 Cliquer sur "Options des dossiers"

&#x25B6 Cliquez sur l'onglet "Affichage"

&#x25B6 Dans les options 

&#x25B6 Sélectionnez " Afficher les dossiers et fichiers cachés"

&#x25B6 Cliquer ensuite sur "Appliquer" 

&#x25B6 validez par "Ok"

Cherche dans h:\ Ce fichier =>administrateur.exe

Supprime le si toujours présent et vide ta corbeille et redémarre ton pc et refait un log avec RSIT

narcis6 · Answer

comment faire pour poster mes résultats?

narcis6 · Answer

re,
desolée pour ma réponse bête mais j'avais pas lu la dernière ligne qui était cachée 
bon voilà le log:



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-03 08:47:02
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 44 GB (54%) free of 80 GB
Total RAM: 894 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:40, on 03/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\WINDOWS\system32\wuauclt.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Program Files	rend micro\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

V-X · Answer

Re, Télécharge OTCleanIt de OldTimer sur ton Bureau Lance OTCleanIt avec un double-clic (sous Vista, lance-le en cliquant droit sur OTCleanIt.exe et en sélectionnant "exécuter en tant qu'administrateur") Appuie sur le bouton "CleanUp!" A la question "begin cleanup process?", réponds "YES" A la fin de l'opération, si OTCleanIt demande de redémarrer ("Do you want to reboot now?"), ferme ce que tu es en train de faire (internet, documents divers...) et clique sur "YES": Au redémarrage, OTCleanIt aura supprimé les outils de désinfection, et se sera même auto-détruit! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > Fais un scan en ligne avec Kaspersky : Kaspersky N.B. : Le scan ne marche que sous Internet Explorer. - Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si necessaire. - Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >. - On va te demander de télécharger un contrôle active x, accepte . - Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer. - Poste le rapport qui sera généré stp. (clique sur puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension). S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : clic ici Rappel : le scan est à faire sous Internet Explorer Tuto ici si problème NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne. Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").

Message d'erreur: wscript.exe

31 réponses

Discussions similaires

Newsletters