Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Message d'erreur: wscript.exe

Dernière réponse le 3 mai 2009 à 14:51:24 narcis6, le 20 avr 2009 à 01:26:43

Signaler ce message aux modérateurs

Bonjour,
à chaque fois que j'essaie d'ouvrir par double clic un lecteur du disque dur un message d'erreur apparait:

windows ne trouve pas "wscript.exe" . vérifiez que vous avez entré le nom correctement et essayez de nouveau. pour rechercher un fichier,cliquez sur le bouton démarrer, puis sur rechercher

par contre ça s'ouvre quand je clique sur le bouton droit puis sur ouvrir

nb: j'avais juste avant un problème de trojan/dropper.gem j'ai scanné avec malawarbytes antimalaware et jé supprimé les fichiers détéctés et sur hijacktkis aussi, mon antivirus c'est antivir, jé aussi spybot sd et zone alarm pro
merci d'avance

Configuration: Windows XP
Firefox 3.0.8

Meilleures réponses pour « message d'erreur: wscript.exe » dans :

Pk message erreur "browser exe" que fair Voir

Message erreur ( rundll32.exe ) (Résolu) Voir

Message d'erreur explorer.exe Voir

Erreur "wuauclt.exe" Voir

Message erreur Windows Media player ?? Voir

Messsage erreur igfxtray.exe bloccage du pc Voir

Posez votre question Répondre

V-X, le 20 avr 2009 à 01:28:55

Salut,

Poste ton rapport hijackthis STP.

l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 20 avr 2009 à 10:43:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:11, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8635 bytes

Répondre à narcis6

V-X, le 20 avr 2009 à 13:57:29

Re,

Fait sa ,

▶ Démarre Spybot, clique sur Mode, coche Mode avancé

𥭪 gauche, clique sur Outils, puis sur Résident

▶ Décoche la case devant Résident "TeaTimer" :

http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg

▶Quitte Spybot

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 20 avr 2009 à 22:32:57

D'abord merci d'avoir répondu aussitôt

le rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-20 21:28:56
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:12, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Program Files\Real\RealPlayer\RecordingManager.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8732 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0cf896-253b-11de-a6c8-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592adf2a-9e54-11dd-8e45-0018370a5e26}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}]
shell\AutoRun\command - L:\RavMon.exe
shell\explore\command - L:\RavMon.exe -e
shell\open\command - L:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7d50c4-2c36-11de-a6d6-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cdf2d2-9df9-11dd-8dd4-806d6172696f}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cdf2d3-9df9-11dd-8dd4-806d6172696f}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cdf2d4-9df9-11dd-8dd4-806d6172696f}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cdf2d5-9df9-11dd-8dd4-806d6172696f}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6340398-bb04-11dd-a606-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - C:\.\Recycler\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-19 13:11:37 ----A---- H:\Administrateur.exe
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt
2009-03-22 12:20:07 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-03-22 12:19:58 ----D---- H:\Program Files\MSN Messenger

======List of files/folders modified in the last 1 months======

2009-04-20 21:28:59 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-20 21:25:28 ----D---- H:\WINDOWS\Temp
2009-04-20 21:25:28 ----D---- H:\WINDOWS\Prefetch
2009-04-20 21:25:00 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-20 19:52:12 ----D---- H:\Program Files\Mozilla Firefox
2009-04-20 18:33:25 ----D---- H:\WINDOWS\Internet Logs
2009-04-20 00:42:03 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 19:26:17 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-15 17:55:46 ----SHD---- H:\System Volume Information
2009-04-15 17:55:46 ----D---- H:\WINDOWS\system32\Restore
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:46:41 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files
2009-03-22 12:20:00 ----SD---- H:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-22 12:20:00 ----D---- H:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; H:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

narcis6, le 20 avr 2009 à 22:57:28

Mais pas de rapport "info.text"!!!

Répondre à narcis6

V-X, le 21 avr 2009 à 04:06:00

Re,

▶ Telecharge et install UsbFix de C_XX & Chiquitine29

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Choisi l option 1 ( Recherche )

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 21 avr 2009 à 09:58:23

############################## [ UsbFix V3.010 ]

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 08:56:26 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# C:\ # Disque amovible # 3,78 Go (3,78 Go free) [USB DISK] # FAT32
# D:\ # Disque amovible # 123,36 Mo (20 Mo free) [MOHAMMEDIA] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (46,07 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (48,58 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,75 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM

############################## [ Processus actifs ]

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="H:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="about:blank"
HKLM_logon: "Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="administrateur"
HKLM_logon: "AltDefaultUserName"="administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
HKLM_Run: NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
HKLM_Run: DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
HKLM_Run: RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
HKLM_Run: TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe
HKCU_Run: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
HKCU_Run: uTorrent="H:\Program Files\uTorrent\uTorrent.exe"
HKCU_Run: PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKCU_Run: Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: autoclk=autoclk.exe
HKCU_Run: L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
HKCU_Run: MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

################## [ Informations ]

# Contenu de l'autorun C:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun H:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun I:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun J:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# Contenu de l'autorun K:\autorun.inf
[autorun]
shellexecute=Wscript.exe /e:vbs winfile.jpg

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! H:\Administrateur.exe
Found ! H:\autorun.inf
Found ! I:\winfile.jpg
Found ! I:\autorun.inf
Found ! J:\winfile.jpg
Found ! J:\autorun.inf
Found ! K:\winfile.jpg
Found ! K:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{2e0cf896-253b-11de-a6c8-00730446a1b6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{592adf2a-9e54-11dd-8e45-0018370a5e26}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{9e7d50c4-2c36-11de-a6d6-00730446a1b6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d2-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d3-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d4-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b0cdf2d5-9df9-11dd-8dd4-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Répondre à narcis6

V-X, le 21 avr 2009 à 14:26:04

Re,

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau

▶ Choisi l option 2 ( Suppression )

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 21 avr 2009 à 18:12:02

############################## [ UsbFix V3.010 ]

# User : Administrateur (Administrateurs) # PC-4357E6AC2CAD
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 16:53:01 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Pro Firewall[ Enabled ]7.0.462.000

# C:\ # Disque amovible # 3,78 Go (3,78 Go free) [USB DISK] # FAT32
# D:\ # Disque amovible # 123,36 Mo (20 Mo free) [MOHAMMEDIA] # FAT32
# F:\ # Disque amovible
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 78,13 Go (46,08 Go free) # NTFS
# I:\ # Disque fixe local # 78,13 Go (48,58 Go free) [HAMID] # NTFS
# J:\ # Disque fixe local # 78,13 Go (54,75 Go free) [NARCIS] # NTFS
# K:\ # Disque fixe local # 63,7 Go (56,28 Go free) [ZOU] # NTFS
# L:\ # Disque amovible
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque CD-ROM

############################## [ Processus actifs ]

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\userinit.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! H:\Administrateur.exe
Deleted ! H:\autorun.inf
Deleted ! I:\winfile.jpg
Deleted ! I:\autorun.inf
Deleted ! J:\winfile.jpg
Deleted ! J:\autorun.inf
Deleted ! K:\winfile.jpg
Deleted ! K:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="H:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: avgnt="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: NeroFilterCheck=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
HKLM_Run: NBKeyScan="H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM_Run: Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: ZoneAlarm Client="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: PCSuiteTrayApplication=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
HKLM_Run: DataLayer=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
HKLM_Run: RAMpage="H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
HKLM_Run: TkBellExe="H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=H:\WINDOWS\system32\ctfmon.exe
HKCU_Run: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
HKCU_Run: uTorrent="H:\Program Files\uTorrent\uTorrent.exe"
HKCU_Run: PcSync=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKCU_Run: Skype="H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: autoclk=autoclk.exe
HKCU_Run: L08FXLRD_6058546="H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
HKCU_Run: MsnMsgr="H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2e0cf896-253b-11de-a6c8-00730446a1b6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{592adf2a-9e54-11dd-8e45-0018370a5e26}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5e62120c-9deb-11dd-8e42-adc451cbcd85}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c6340398-bb04-11dd-a606-00730446a1b6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

H:\NTDETECT.COM
H:\HijackThis.exe
H:\boot.ini
I:\antivir_workstation_winu_fr_h.exe
I:\Firefox Setup 3.0.5.exe
I:\freelang_freelang_-_dictionnaire_anglais-francais_francais_13765.exe
I:\freelang_freelang_3.72_-_le_programme_francais_13765.exe
I:\nl_2010_mon.exe
I:\setupfre.exe
I:\zapSetup_70_462_000_fr.exe
J:\HJTInstall.exe
K:\DivXInstaller.exe
K:\RealPlayer11GOLD_fr(2).exe
K:\RealPlayer11GOLD_fr.exe
K:\setupfrepro.exe
K:\VLC_Portable_0.9.8a.paf.exe
K:\vpsupd.exe
K:\desktop.ini

################## [ Vaccination ]

# D:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.
# I:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.
# K:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Répondre à narcis6

V-X, le 21 avr 2009 à 18:31:34

Re,

Désinstalle usbfix =>option 4.

Refait un log avec RSIT.

merci l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 22 avr 2009 à 09:33:04

Merci à vous surtout
au fait le problème est reglé grace à vous
bonne journée

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8852 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-22 08:27:34 ----A---- H:\Administrateur.exe
2009-04-21 17:03:19 ----RASHD---- H:\autorun.inf
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt

======List of files/folders modified in the last 1 months======

2009-04-22 08:27:32 ----D---- H:\WINDOWS\Temp
2009-04-22 08:27:23 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-22 08:25:50 ----D---- H:\Program Files\Mozilla Firefox
2009-04-22 08:25:39 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-22 07:31:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-21 23:53:24 ----D---- H:\WINDOWS\Internet Logs
2009-04-21 21:06:21 ----D---- H:\WINDOWS\Prefetch
2009-04-21 19:44:55 ----SHD---- H:\System Volume Information
2009-04-21 19:44:55 ----D---- H:\WINDOWS\system32\Restore
2009-04-21 19:16:27 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-21 16:29:52 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

narcis6, le 22 avr 2009 à 09:36:23

Merci à vous surtout, le problème est réglé,
le rapport:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8852 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-22 08:27:34 ----A---- H:\Administrateur.exe
2009-04-21 17:03:19 ----RASHD---- H:\autorun.inf
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt

======List of files/folders modified in the last 1 months======

2009-04-22 08:27:32 ----D---- H:\WINDOWS\Temp
2009-04-22 08:27:23 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-22 08:25:50 ----D---- H:\Program Files\Mozilla Firefox
2009-04-22 08:25:39 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-22 07:31:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-21 23:53:24 ----D---- H:\WINDOWS\Internet Logs
2009-04-21 21:06:21 ----D---- H:\WINDOWS\Prefetch
2009-04-21 19:44:55 ----SHD---- H:\System Volume Information
2009-04-21 19:44:55 ----D---- H:\WINDOWS\system32\Restore
2009-04-21 19:16:27 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-21 16:29:52 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

narcis6, le 22 avr 2009 à 09:56:36

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 08:27:34
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8852 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-22 08:27:34 ----A---- H:\Administrateur.exe
2009-04-21 17:03:19 ----RASHD---- H:\autorun.inf
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt

======List of files/folders modified in the last 1 months======

2009-04-22 08:27:32 ----D---- H:\WINDOWS\Temp
2009-04-22 08:27:23 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-22 08:25:50 ----D---- H:\Program Files\Mozilla Firefox
2009-04-22 08:25:39 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-22 07:31:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-21 23:53:24 ----D---- H:\WINDOWS\Internet Logs
2009-04-21 21:06:21 ----D---- H:\WINDOWS\Prefetch
2009-04-21 19:44:55 ----SHD---- H:\System Volume Information
2009-04-21 19:44:55 ----D---- H:\WINDOWS\system32\Restore
2009-04-21 19:16:27 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-21 16:29:52 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

narcis6, le 22 avr 2009 à 19:02:33

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 17:58:32
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 47 GB (59%) free of 80 GB
Total RAM: 894 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:54, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8796 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-22 08:27:34 ----A---- H:\Administrateur.exe
2009-04-21 17:03:19 ----RASHD---- H:\autorun.inf
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt

======List of files/folders modified in the last 1 months======

2009-04-22 17:58:51 ----D---- H:\WINDOWS\Prefetch
2009-04-22 17:58:43 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-22 17:31:58 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-22 14:19:10 ----D---- H:\WINDOWS\Temp
2009-04-22 12:24:29 ----D---- H:\Program Files\Mozilla Firefox
2009-04-22 07:31:25 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-21 23:53:24 ----D---- H:\WINDOWS\Internet Logs
2009-04-21 19:44:55 ----SHD---- H:\System Volume Information
2009-04-21 19:44:55 ----D---- H:\WINDOWS\system32\Restore
2009-04-21 19:16:27 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-21 16:29:52 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

narcis6, le 22 avr 2009 à 19:03:59

Le problème est résolu merci beaucoup à vous

Répondre à narcis6

V-X, le 22 avr 2009 à 19:09:05

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
h:\administrateur.exe

:commands
[emptytemp]
[start explorer]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 22 avr 2009 à 19:28:34

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
h:\Administrateur.exe moved successfully.
========== COMMANDS ==========
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_cRfEIjUCxoT0av0sdE4d scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF374A.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3784.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD45.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEBF.tmp scheduled to be deleted on reboot.
File delete failed. H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEE1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. H:\WINDOWS\temp\ZLT05e16.TMP scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS\temp\ZLT06321.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d01 scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d02 scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_181630

Files moved on Reboot...
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_cRfEIjUCxoT0av0sdE4d not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF374A.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3784.tmp not found!
H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFD45.tmp moved successfully.
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEBF.tmp not found!
File H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEE1.tmp not found!
File H:\WINDOWS\temp\ZLT05e16.TMP not found!
File H:\WINDOWS\temp\ZLT06321.TMP not found!
File H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d01 not found!
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\553508B6d02 moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_001_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_002_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_003_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\Cache\_CACHE_MAP_ moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\urlclassifier3.sqlite moved successfully.
H:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\a780c4co.default\XUL.mfl moved successfully.

Répondre à narcis6

V-X, le 22 avr 2009 à 19:31:44

Re,

Redémarre ton pc normalement et refait un log avec rsit.

merci l'alcool tue lentement ,on s'en fout on est pas presser......

Répondre à V-X

narcis6, le 22 avr 2009 à 20:49:26

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-04-22 19:48:43
Microsoft Windows XP Professionnel Service Pack 2
System drive H: has 48 GB (60%) free of 80 GB
Total RAM: 894 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:55, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\RunDLL32.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
H:\Program Files\RAMpage\RAMpage.exe
H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
H:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
H:\Program Files\MagicTune Premium\GammaTray.exe
H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
H:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\livecall.exe
H:\Documents and Settings\Administrateur\Bureau\RSIT.exe
H:\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [RAMpage] "H:\Program Files\RAMpage\RAMpage.exe" M=28 T=128 P="H:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PcSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [L08FXLRD_6058546] "H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GammaTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9935C4-3570-4FE9-B03C-6F6624DBB844}: NameServer = 41.221.20.4 193.251.169.165
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 8796 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-28 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - H:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-12-04 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-03-04 16858112]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avgnt"=H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ZoneAlarm Client"=H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
"PCSuiteTrayApplication"=H:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe [2004-11-25 143360]
"DataLayer"=H:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE [2004-11-30 1069056]
"RAMpage"=H:\Program Files\RAMpage\RAMpage.exe [2001-01-06 10784]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-02-28 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-03-05 270128]
"PcSync"=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2004-11-24 880640]
"Skype"=H:\Program Files\Skype\Phone\Skype.exe [2006-09-25 20053544]
"autoclk"=H:\WINDOWS\autoclk.exe [2004-02-13 122880]
"L08FXLRD_6058546"=H:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]
"MsnMsgr"=H:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - H:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
DSLMON.lnk - H:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\WINDOWS\system32\ZoneLabs\vsmon.exe"="H:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"H:\Program Files\FlashGet\FlashGet.exe"="H:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\MSN Messenger\msnmsgr.exe"="H:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"H:\Program Files\MSN Messenger\livecall.exe"="H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df113ce-2507-11de-a6c7-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33c-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc5c33d-a0d7-11dd-a5db-00730446a1b6}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

======List of files/folders created in the last 1 months======

2009-04-22 19:48:44 ----A---- H:\Administrateur.exe
2009-04-22 18:16:31 ----D---- H:\_OTMoveIt
2009-04-21 17:03:19 ----RASHD---- H:\autorun.inf
2009-04-19 13:11:36 ----D---- H:\rsit
2009-04-17 09:38:17 ----D---- H:\!KillBox
2009-04-16 19:18:04 ----D---- H:\backups
2009-04-16 19:06:01 ----A---- H:\HijackThis.exe
2009-04-14 23:46:04 ----A---- H:\WINDOWS\system32\ptpusb.dll
2009-04-14 23:46:03 ----A---- H:\WINDOWS\system32\ptpusd.dll
2009-04-09 12:29:48 ----A---- H:\WINDOWS\cdplayer.ini
2009-04-05 15:43:09 ----D---- H:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-05 14:42:44 ----D---- H:\Documents and Settings\All Users\Application Data\JollyBear
2009-04-05 07:32:15 ----D---- H:\WINDOWS\Big City Adventures-Sydney Australia
2009-04-05 07:32:15 ----D---- H:\Program Files\Big City Adventures-Sydney Australia
2009-04-05 07:31:23 ----A---- H:\WINDOWS\Big City Adventures-Sydney Australia Setup Log.txt

======List of files/folders modified in the last 1 months======

2009-04-22 19:48:29 ----D---- H:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-22 19:31:34 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-04-22 19:07:57 ----D---- H:\WINDOWS\Temp
2009-04-22 19:07:26 ----D---- H:\WINDOWS\Prefetch
2009-04-22 18:34:18 ----D---- H:\WINDOWS\Internet Logs
2009-04-22 18:22:43 ----D---- H:\Program Files\Mozilla Firefox
2009-04-22 18:20:06 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-04-21 19:44:55 ----SHD---- H:\System Volume Information
2009-04-21 19:44:55 ----D---- H:\WINDOWS\system32\Restore
2009-04-21 19:16:27 ----A---- H:\WINDOWS\NeroDigital.ini
2009-04-21 16:29:52 ----D---- H:\WINDOWS\system32\ZoneLabs
2009-04-20 00:29:43 ----D---- H:\WINDOWS
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32\drivers
2009-04-19 14:06:25 ----D---- H:\WINDOWS\system32
2009-04-19 13:55:20 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-04-19 13:36:07 ----D---- H:\WINDOWS\system32\CatRoot2
2009-04-15 22:00:11 ----SHD---- H:\WINDOWS\Installer
2009-04-14 23:46:08 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-04-09 19:41:35 ----SD---- H:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-04-06 20:37:44 ----HD---- H:\WINDOWS\inf
2009-04-05 07:32:15 ----RD---- H:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\H:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; H:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; H:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NetBIOS NWLink; H:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; H:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
R3 adiusbae;USB ADSL LAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 avgntflt;avgntflt; \??\H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Enumérateur de bus Bluetooth; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-04 4738560]
R3 MagicTune;MagicTune; H:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-04 7435392]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-07-30 22016]
R3 NWRDR;NetWare Rdr; H:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-12-01 127593]
S3 btaudio;Périphérique audio Bluetooth; H:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; H:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; H:\WINDOWS\system32\drivers\nmwcdc.sys [2004-11-29 6296]
S3 Nokia USB Modem;Nokia USB Modem; H:\WINDOWS\system32\drivers\nmwcdcm.sys [2004-11-29 9897]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; H:\WINDOWS\system32\drivers\nmwcd.sys [2004-11-29 139319]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-07-30 54400]
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNDP202;Dual Mode Camera 8008 VGA+; H:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-02-21 227072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-01 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-01 151297]
R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2005-08-29 266295]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; H:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-12-04 155716]
R2 NWCWorkstation;Service client pour NetWare; H:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; H:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; H:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
R3 NMIndexingService;NMIndexingService; H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à narcis6

31 réponses 12 Suivant

Posez votre question Répondre