lolo12

Alors voici un nouveau rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:39:19, on 26/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\WINDOWS\V0220Mon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\ST-GENIEZ\Bureau\ST-GENIEZ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246957831000 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O20 - AppInit_DLLs: winmm.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 7316 bytes

Bon alors, je sais pas comment j'ai fais, mais tout est revenu !! Tant mieux !! J'ai désinstallé le pare-feu et je suis en train de le réinstaller. Par contre, j'ai un autre problème : Avira ne se met pas à jour !! Quand je lance la mise à jour, il me dit au bout de 2min : "une erreur est survenue lors du téléchargement des fichiers" ...

Euh, comment on fait pour passer en mode sans échec ?

OULAAAAAAA, alors là j'ai un gros problème . J'ai installé Avira, tout s'est bien passé (mis à part le fait que ça ne se mette pas à jour, je me suis dis que c'était parce que j'avais pas redémarré l'ordi). Ensuite, je télécharge le pare-feu. (Je pense que j'ai téléchargé le mauvais parce que c'était une version qui expirait en un mois. ) Bref, je fais comme indiqué dans le tuto.... je redémarre l'ordi et là PLUS DE BUREAU. Rien. Juste le fond d'écran. J'aime pas beaucoup ça. J'ai éteint et rallumé l'ordi, toujours pareil : la belle photo en fond d'édran, 'fin c'est même pas un fond puisque y'a strictement rien devant ! Je comprend pas pourquoi... Je te souhaite de passer un bon Noël tout de même !

Voilà !!! SP3 et IE8 ont été installés avec succès ! L'ordinateur sera donc plus résistant aux attaques des virus ou autres bestioles maintenant ? Maintenant, il faut installer un antivirus. Si tu as un lien sûr et clean, je suis preneuse !

Oui oui j'ai cliqué sur télécharger. Et quand je clique sur le dossier que j'ai télécharger ca me dit : " Adobe Reader n'a pas pu ouvrir DLM77.tmp car le type de fichier n'est pas pris en charge ou le fichier est endommagé (il a été envoyé en tant que pièce jointe et n'a pas été décodé correctement par exemple). "

J'ai un problème avec SP3 : je le télécharge nickel mais le fichier que j'ouvre me dit qu'il est pas complet, que y'a une erreur ou un truc du genre. Donc je l'ai supprimé et retéléchargé mais là je peux même pas l'ouvrir parce que c'est sous un format bizarre, je vais essayé de bidouiller mais bon je commence à me dire que je ferais mieux de balancer l'ordi par la fenêtre !!!!

Ok. Pour SP3, je clique sur le lien puis sur télécharger et c'est tout ? Je risque pas de perdre mes données personnelles (plutôt celles de mes parents qui sont + importantes) ??

Voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:08, on 21/12/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\WINDOWS\V0220Mon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Documents and Settings\ST-GENIEZ\Bureau\ST-GENIEZ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246957831000 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 5897 bytes

Salut ! Enfin de retour !! Voici le rapport de OTMoveIt3 : All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\WINDOWS\msa.exe moved successfully. C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe moved successfully. C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully. C:\zip.exe moved successfully. C:\cleanup.exe moved successfully. C:\cleanup.bat moved successfully. File/Folder C:\WINDOWS\msa.exe not found. C:\WINDOWS\System32\sshnas.dll moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ZagrebLand deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler\ deleted successfully. ========== SERVICES/DRIVERS ========== Service STEC3 stopped successfully! Service STEC3 deleted successfully! Service PCANDIS5 stopped successfully! Service PCANDIS5 deleted successfully! Service catchme stopped successfully! Service catchme deleted successfully! Service GMSIPCI stopped successfully! Service GMSIPCI deleted successfully! Service IntelIde stopped successfully! Service IntelIde deleted successfully! Service iPod Service stopped successfully! Service iPod Service deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: ST-GENIEZ ->Temp folder emptied: 99000385 bytes ->Temporary Internet Files folder emptied: 53479017 bytes ->Java cache emptied: 23558361 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1100105 bytes %systemroot%\System32 .tmp files removed: 3072 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1158664 bytes RecycleBin emptied: 71815 bytes Total Files Cleaned = 170,17 mb OTM by OldTimer - Version 3.1.2.2 log created on 12182009_182604 Files moved on Reboot... File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=18120629867497 00[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=51208610886358 63[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=54984607505578 12[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=58089719170217 36[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=63175231437648 07[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=64619098954781 26[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=65274288415356 07[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\ORQD6H4N\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=71559920156983 14[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=13576092994150 59[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=33646083888586 91[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=51898385535998 02[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=60609977699480 09[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=67280969745046 76[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=69642697836252 37[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=78233163506182 39[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=81414490569631 37[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\MJIFI7M1\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=97859087631530 30[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A74PK9CX\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=27176862285688 95[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A74PK9CX\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=45054624272115 35[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A74PK9CX\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=69473958025791 10[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5ILIVSZ\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=29849087146012 06[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5ILIVSZ\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=47868932156646 26[1] not found! File C:\Documents and Settings\ST-GENIEZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5ILIVSZ\;var1=4;var2=1;var3=12170;var4=;var21=4;var22=1;var23=1;var24=1;var25=2;var 26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=56409294008648 44[1] not found! Registry entries deleted on Reboot...

Héhé, on a réussi ! Vive le téléphone par Internet !

Voici le 2eme rapport info.txt : info.txt logfile of random's system information tool 1.06 2009-12-14 19:49:20 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll" CBI pour Windows-->MsiExec.exe /I{B906FF4C-BC61-40C3-9FE4-134565C17AD8} Corel Applications-->C:\WINDOWS\Corel\Uninstal.exe Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe Correctif Windows XP - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe Correctif Windows XP - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe Correctif Windows XP - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe Correctif Windows XP - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe Correctif Windows XP - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove Creative Live! Cam Video IM Driver (1.01.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove CrossLoop 1.2-->"C:\Program Files\CrossLoop\unins000.exe" Encyclopédie Hachette Multimédia-->C:\WINDOWS\unvise32.exe C:\program files\EHMINSTALL\uninstal.log EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything ESD68 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\ESD68\USE_G\DOCUNINS.EXE Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe HijackThis 2.0.2-->"C:\Documents and Settings\ST-GENIEZ\Bureau\HijackThis.exe" /uninstall Internet Explorer Q832894-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF Microsoft Office XP Small Business-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} NVIDIA Audio Driver-->C:\WINDOWS\System32\nvuAudio.exe Uninstall C:\WINDOWS\System32\NvAudio.nvu,NVIDIA Audio Driver NVIDIA Windows 2000/XP Display Drivers-->C:\WINDOWS\System32\msiuins.exe NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\WINDOWS\INF\nvstereo.inf OLITEC PCI V92 Ready V2 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200014F1 Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush Rainbow iKey Driver v3.4.6.115-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6257E290-5E8E-11D4-9B8D-00D0B72459DD}\Setup.exe" UNINST TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall XnView 1.97-->"C:\Program Files\XnView\unins000.exe" ======System event log====== Computer Name: PACKARD-BELL Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 52264 Source Name: EventLog Time Written: 20091005001921.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 7036 Message: Le service Configuration automatique sans fil est entré dans l'état : en cours d'exécution. Record Number: 52263 Source Name: Service Control Manager Time Written: 20091005001902.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Configuration automatique sans fil. Record Number: 52262 Source Name: Service Control Manager Time Written: 20091005001902.000000+120 Event Type: Informations User: PACKARD-BELL\ST-GENIEZ Computer Name: PACKARD-BELL Event Code: 8033 Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{3BD68922-9E9E-49DD-B82B-89EE1D009A3A} car un maître explorateur a été arrêté. Record Number: 52261 Source Name: BROWSER Time Written: 20091005001902.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 7036 Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution. Record Number: 52260 Source Name: Service Control Manager Time Written: 20091005001707.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: PACKARD-BELL Event Code: 1 Message: Record Number: 5 Source Name: Avg7UpdSvc Time Written: 20080418080823.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 2002 Message: Le service EAPOL a été arrêté correctement. Record Number: 4 Source Name: EAPOL Time Written: 20080417112436.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 2003 Message: Le service EAPOL est en cours d'exécution Record Number: 3 Source Name: EAPOL Time Written: 20080417112436.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 1 Message: Record Number: 2 Source Name: AVGEMS Time Written: 20080417112424.000000+120 Event Type: Informations User: Computer Name: PACKARD-BELL Event Code: 1 Message: Record Number: 1 Source Name: Avg7UpdSvc Time Written: 20080417112421.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

Voici le 1er rapport RSIT : log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by ST-GENIEZ at 2009-12-14 19:49:00 Microsoft Windows XP Édition familiale Service Pack 1 System drive C: has 6 GB (48%) free of 13 GB Total RAM: 511 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:18, on 14/12/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\WINDOWS\msa.exe C:\WINDOWS\V0220Mon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Outlook Express\wab.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe C:\Documents and Settings\ST-GENIEZ\Bureau\rsit.exe C:\Documents and Settings\ST-GENIEZ\Bureau\ST-GENIEZ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246957831000 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6301 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-04-24 846364] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 5033984] "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe [2004-02-22 32881] "EPSON Stylus D68 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE [2005-01-25 98304] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768] "V0220Mon.exe"=C:\WINDOWS\V0220Mon.exe [2006-06-28 32768] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360] "ZagrebLand"=C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe [2009-12-11 205824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2003-04-14 1491216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll [2003-09-24 5033984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL [2003-09-24 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler] c:\program files\divx\divx pro codec\gain_trickler_3202.exe [] C:\Documents and Settings\ST-GENIEZ\Menu Démarrer\Programmes\Démarrage Démarrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-12-14 19:49:00 ----D---- C:\rsit 2009-12-13 17:50:32 ----D---- C:\Avenger 2009-12-13 17:50:31 ----A---- C:\avenger.txt 2009-12-13 17:49:42 ----A---- C:\zip.exe 2009-12-13 17:49:42 ----A---- C:\cleanup.exe 2009-12-13 17:49:42 ----A---- C:\cleanup.bat 2009-12-11 22:09:06 ----A---- C:\WINDOWS\msa.exe 2009-12-11 22:08:42 ----A---- C:\WINDOWS\System32\sshnas.dll 2009-12-09 21:24:59 ----D---- C:\Program Files\Skyline 2009-12-09 21:23:10 ----D---- C:\Documents and Settings\All Users\Application Data\Skyline 2009-12-03 21:14:10 ----D---- C:\Documents and Settings\ST-GENIEZ\Application Data\XnView 2009-12-03 21:13:42 ----D---- C:\Program Files\XnView ======List of files/folders modified in the last 1 months====== 2009-12-14 19:49:03 ----SD---- C:\WINDOWS\Tasks 2009-12-14 19:48:54 ----D---- C:\WINDOWS\Prefetch 2009-12-14 19:44:44 ----D---- C:\Program Files\Wanadoo 2009-12-14 16:39:45 ----D---- C:\WINDOWS\temp 2009-12-14 13:49:21 ----D---- C:\WINDOWS\Debug 2009-12-13 21:19:53 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-13 17:50:32 ----D---- C:\WINDOWS\System32\drivers 2009-12-13 17:50:32 ----AD---- C:\Program Files 2009-12-12 15:45:44 ----D---- C:\WINDOWS\system32 2009-12-11 22:09:06 ----D---- C:\WINDOWS 2009-12-08 14:39:08 ----RSD---- C:\Program Files\CBIDev 2009-12-04 12:40:23 ----D---- C:\Documents and Settings\ST-GENIEZ\Application Data\Canon 2009-11-28 13:25:02 ----D---- C:\WINDOWS\System32\CatRoot2 2009-11-18 21:44:53 ----A---- C:\WINDOWS\SGTBox.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-04-24 35328] R1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\System32\DRIVERS\dumant.sys [2002-11-18 399700] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [1999-09-10 25244] R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2001-12-03 303171] R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2001-12-03 124701] R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2001-12-03 428431] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2001-12-03 212459] R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys [] R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2001-12-03 59663] R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2001-12-03 541981] R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2001-12-03 83938] R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\System32\DRIVERS\ikeyenum.sys [2003-11-19 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\System32\DRIVERS\ikeyifd.sys [2003-11-19 16696] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-09-24 1548331] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696] R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2001-12-03 62422] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2001-12-03 591392] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS [] S3 sermouse;Pilote pour souris sur port série; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-23 18432] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2003-04-24 11136] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 V0220Dev;Live! Cam Video IM; C:\WINDOWS\System32\DRIVERS\V0220Dev.sys [2006-06-29 146112] S3 V0220Vfx;V0220VFX; C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys [2006-06-08 6272] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-09-24 81920] R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2003-04-24 12800] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF-----------------

A demain pour la poursuite de la chasse à la bestiole !

Voilà, c'est bien ce message que j'ai eu !! Si c'est bon signe, c'est cool alors ! Par contre, les rapports ne seront postés que demain je pense parce qu'en fait c'est de l'ordinateur de mes parents qu'il s'agit et là je suis rentrée sur la ville où j'étudie ! Donc je ferai ça en assistance téléphonique, ce qui risque d'être compliqué ! Bref, très passionnant hein ! Merci pour ta patience en tout cas !

J'ai fait le scan, j'ai enregistré le rapport mais y'avait rien ! Feuille blanche ! C'est normal ?? J'ai eu un message à la fin du scan, j'y ai pas trop fait attention, j'ai lu " ... hasn't found modification ... " me semble t-il. Mais j'y ai pas fais cas.

C'est bon ça a fonctionné ! Voici le rapport : Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "H8SRTd.sys" Disablement of driver "H8SRTd.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd.sys" not found! Deletion of driver "H8SRTd.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

J'ai réussi à télécharger the avenger mais quand je fais execute, j'ai plein de messages d'erreurs qui s'affichent comme par exemple : "Error: can't open file 'C:program files\zyntu.txt' (error 5: accès refusé.) et d'autres encore ! (descripteur non valide) Mais déja, quand je fais clic droit, j'ai pas exécuter en tatn qu'administrateur , j'ai exécuter en tant que... et après j'ai "l'utilisateur actuel (PARCKARD-BELL\ST-GENIEZ) (y'a une case cochée "protéger mon ordi et mes données des programmes non autorisés") ou "l'utilisateur suivant : ST-GENIEZ et là faut un mot de passe. Peut-être faut-il que je décoche cette case ??

Okéé, en gros c'est un peu la m**** !! Je n'arrive pas à faire l'analyse avec MBAM : je clique sur l'icone, MBAM s'ouvre mais au bout de 5 sec il se ferme tout seul ...

Voilà le rapport d'HijackThis, suite à des problèmes pour télécharger Avira !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:33:11, on 12/12/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\WINDOWS\V0220Mon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\msa.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mspaint.exe C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe C:\Documents and Settings\ST-GENIEZ\Bureau\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\ST-GEN~1\LOCALS~1\Temp\c.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246957831000 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6183 bytes

J'ai déja HijackThis, MBAM, et d'autres ! Alors c'est parti pour les analyses !

Ok, ça marche ! Je poste un rapport HijackThis ??

Non, non, pas de message d'erreur. Quand je clique sur accepter, y'a une fenêtre qui s'ouvre où y'a: une liste de "extraction basic\.....exe" , dossier de destination et progression de l'installation. Puis quand c'est fini, la fenêtre se ferme et voilà. LA première fois je me suis dis qu'une fenêtre allait s'ouvrir par la suite mais rien. Et je retrouve pas les fichiers qui semblent être extraits dans le "dossier de destination".

Je l'ai téléchargé via le lien du message de "fiche" : http://www.free-av.com/fr/telecharger/download_servers.php

Euh, je n'arrive pas à réinstaller Avira !!!! J'arrive à télécharger le fichier avira_antivir_personal_fr.exe, je clique dessus, je fais accepter, ça installe je sais pas trop quoi puis plus rien. J'ai toujours la même icone sur le bureau et Avira n'est toujours pas installé !! Pourquoi ?? Merci pour votre aide !