adamejdi

Bonsoir lance_yien, Je suis allée les voir, ils ne veulent rien savoir, ils m'ont dit d'aller porter plainte. Ceci dit, j'aurai un autre pc ce week end, je ferai ce que tu m'a indiqué et j'espère que ça réglera mes problèmes parce que j'en ai ras le bol. Merci encore pour ton aide

Bonjour lance_yien, Me revoilà. Mon revendeur après m'avoir promis de réparer mon ordi, il me l'a rendu en me disant que l'ordi avait été ouvert et qu'il ne voulait prendre aucun risque. J'ai donc repris mon ordi. J'ai acheter chez eux une clé usb pour sauvegarder mon disque dur. En allumant mon ordi j'ai une page "Windows ne peut pas démarré etc et me propose 3 solutions : 1 insérer disque d'installation, 2 , 3 cliquer sur réparer". Dernière phrase : Impossible de charger l'entrée car application absente où endommagée. En plus, mon disque dur est vide quand j'ai voulu sauvegarder mes fichiers. Est ce que tu comprends ce qui à pu se passer ??? S'il te plait lance_yien aide-moi.

Je voudrais comprendre une chose. Pourquoi mon ordi se trouve dans cet etat malgré l'antivirus ???

Bonjour lance_yien, Ok je fais tout ça. J'installe un autre antivirus que le mien ?? Celui d'Orange j'en fais quoi ? J'aimerai te poser une question sur mon antivirus, il n'a pas été efficace et c'est pour cette raison que mon ordi n'a pas été protégé ?

Re-bonsoir lance_yien, Je suis allée à la page que tu m'as indiqué mais je ne peux rien faire puisque tout doit s'exécuter sous Windows et que je ne peux aller que sur MSE. J'ai vu le revendeur de mon ordi tout à l'heure et il m'a dit qu'il pouvait tout me réinstaller. Je dois lui emmener mon ordi demain. Qu'est-ce que tu me conseille de lui dire ?? Merci encore lance_yien pour ton aide et ta disponibilité.

Bonsoir lance_yien le rapport de scan : OTL logfile created on: 09/09/2011 19:30:57 - Run 3 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\utilisateur\Desktop Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,00% Memory free 6,17 Gb Paging File | 5,86 Gb Available in Paging File | 94,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 585,10 Gb Total Space | 543,03 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Drive D: | 247,74 Mb Total Space | 127,40 Mb Free Space | 51,42% Space Free | Partition Type: FAT Drive G: | 244,84 Mb Total Space | 239,31 Mb Free Space | 97,74% Space Free | Partition Type: FAT Computer Name: VAIO | User Name: utilisateur | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Custom Scans ========== < MD5 for: MSDT.EXE > [2006/11/02 11:45:26 | 000,161,792 | ---- | M] () MD5=CEE2A88F8CCE33E024C244E8049E5AB4 -- C:\Windows\System32\msdt.exe [2006/11/02 11:45:26 | 000,161,792 | ---- | M] () MD5=CEE2A88F8CCE33E024C244E8049E5AB4 -- C:\Windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.0.6000.16386_none_a34b9ff7209b68aa\msdt.exe < MD5 for: WLANEXT.EXE > [2006/11/02 14:32:23 | 000,073,728 | ---- | M] () MD5=87227DEA74DBE0D1CE0B52BD7579C9FA -- C:\Windows\System32\wlanext.exe [2006/11/02 14:32:23 | 000,073,728 | ---- | M] () MD5=87227DEA74DBE0D1CE0B52BD7579C9FA -- C:\Windows\winsxs\x86_microsoft-windows-wlan-extension_31bf3856ad364e35_6.0.6000.16386_none_f7ac6d32266e7828\wlanext.exe < MD5 for: WPCER.EXE > [2006/11/02 14:33:21 | 000,018,944 | ---- | M] () MD5=185EA4106A0C3F77D238C19B3630599F -- C:\Windows\System32\wpcer.exe [2006/11/02 14:33:21 | 000,018,944 | ---- | M] () MD5=185EA4106A0C3F77D238C19B3630599F -- C:\Windows\winsxs\x86_microsoft-windows-p..sexemptionrequestor_31bf3856ad364e35_6.0.6000.16386_none_4712cc634ea4b26a\wpcer.exe < MD5 for: WPCUMI.EXE > [2006/11/02 14:33:21 | 000,176,128 | ---- | M] () MD5=F82A97B18F7F256FEA4256513ED2804D -- C:\Windows\System32\wpcumi.exe [2006/11/02 14:33:21 | 000,176,128 | ---- | M] () MD5=F82A97B18F7F256FEA4256513ED2804D -- C:\Windows\winsxs\x86_microsoft-windows-p..ontrolsnotification_31bf3856ad364e35_6.0.6000.16386_none_e5b0086586301ce6\wpcumi.exe < MD5 for: WPDSHEXTAUTOPLAY.EXE > [2006/11/02 14:33:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=274093C3F11BC352FE6561E292817651 -- C:\Windows\System32\WPDShextAutoplay.exe [2006/11/02 14:33:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=274093C3F11BC352FE6561E292817651 -- C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6000.16386_none_0ef22aaec9dea191\WPDShextAutoplay.exe < MD5 for: WPNPINST.EXE > [2006/11/02 14:34:29 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=52567710407A637FB8C56569BEC68AD9 -- C:\Windows\System32\wpnpinst.exe [2006/11/02 14:34:29 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=52567710407A637FB8C56569BEC68AD9 -- C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6000.16386_none_889ba3b1cb78296e\wpnpinst.exe < End of report > Sommes-nous en bonne voie ???

Re-bonjour lance_yien, J'ai désinstaller Eset manuellement je n'avais pas "Uninstall application on close". Voici le rapport "scan-results.txt" : C:\Users\utilisateur\Downloads\registrybooster.exe Win32/RegistryBooster application supprimé - mis en quarantaine C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6YIHHZK\upgrade[1].cab menaces multiples supprimé - mis en quarantaine C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z93K27XM\upgrade[1].cab une variante de Win32/Adware.OneStep.AB application supprimé - mis en quarantaine C:\ZHP\Quarantine\Bandoo.DIR\Plugins\MSN\msnplugin.dll une variante de Win32/Adware.Bandoo.AA application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\ClickPotatoLiteSAAX.dll une variante de Win32/Adware.HotBar.E application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\ClickPotatoLiteUninstaller.exe une variante de Win32/Adware.HotBar.E application supprimé - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll Win32/Adware.HotBar.J application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll une variante de Win32/Adware.HotBar.J application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ShoppingReport2.DIR\Uninst.exe Win32/Adware.Toolbar.Shopper application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\SweetIM.DIR\SweetIM\Messenger\update\sweetimsetup.exe une variante de Win32/SweetIM.B application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\SearchquTb.dll Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\searchqutb.js Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\toolbar.htm Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\toolbar.xul Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine

Dans Panneau de configuration je n'ai rien qui ressemble à "Sauvegarder et restaurer" ou "Récupération". Ci-après le rapport ComboFix : ComboFix 11-09-08.03 - utilisateur 09/09/2011 13:08:05.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.33.1036.18.3070.2529 [GMT 2:00] Lancé depuis: c:\users\utilisateur\Downloads\ComboFix.exe Commutateurs utilisés :: c:\users\utilisateur\Desktop\CFScript.txt * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\msdt.exe . . . est infecté!! . c:\windows\System32\wlanext.exe . . . est infecté!! . c:\windows\System32\wpcer.exe . . . est infecté!! . c:\windows\System32\wpcumi.exe . . . est infecté!! . c:\windows\System32\WPDShextAutoplay.exe . . . est infecté!! . c:\windows\System32\wpnpinst.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-09 au 2011-09-09 )))))))))))))))))))))))))))))))))))) . . 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Malwarebytes 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\programdata\Malwarebytes 2011-09-08 13:43 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-08 13:43 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-08 12:55 . 2011-09-08 12:55 -------- d-----w- C:\_OTL 2011-09-07 17:25 . 2011-09-07 17:25 512 ----a-w- C:\PhysicalMBR.bin 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\programdata\Roxio 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Roxio 2011-09-06 14:04 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C4A268C-4EEF-42A8-B93A-945B6A25683B}\mpengine.dll 2011-09-06 10:54 . 2011-09-06 10:54 -------- d-----w- C:\found.010 2011-09-04 16:28 . 2011-09-04 16:28 -------- d-----w- C:\found.009 2011-09-04 14:27 . 2011-09-04 14:27 -------- d-----w- c:\programdata\NVIDIA 2011-09-03 17:04 . 2011-09-03 17:04 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-09-03 16:58 . 2011-09-06 19:13 -------- d-----w- C:\ZHP 2011-09-03 16:57 . 2011-09-06 19:03 -------- d-----w- c:\program files\ZHPDiag 2011-09-03 16:50 . 2011-09-05 19:34 -------- d-----w- c:\programdata\Orange 2011-09-02 09:36 . 2011-09-02 09:36 -------- d-----w- C:\found.008 2011-09-01 23:47 . 2011-09-01 23:47 -------- d-----w- c:\program files\CCleaner 2011-08-31 16:00 . 2011-08-31 16:00 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Uniblue 2011-08-30 09:04 . 2011-09-01 21:33 1684 ----a-w- c:\windows\system32\ASOROSet.bin 2011-08-28 22:03 . 2011-08-28 22:03 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Subversion 2011-08-28 20:01 . 2011-08-28 20:01 -------- d-----w- c:\users\utilisateur\AppData\Roaming\fltk.org 2011-08-28 19:27 . 2011-08-29 10:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-28 19:27 . 2011-08-29 10:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-28 19:27 . 2011-08-28 19:27 -------- d-----w- c:\program files\OpenAL 2011-08-28 19:26 . 2011-08-29 17:19 -------- d-----w- c:\users\utilisateur\AppData\Roaming\flightgear.org 2011-08-28 19:24 . 2011-09-03 16:53 -------- d-----w- c:\program files\FlightGear 2011-08-23 11:51 . 2011-08-23 11:51 -------- d-----w- c:\users\utilisateur\AppData\Roaming\StoneTrip 2011-08-23 11:50 . 2011-08-31 22:29 -------- d-----w- c:\program files\KidNet 2011-08-17 20:18 . 2011-08-18 01:17 -------- d-----w- c:\program files\Metin2 2011-08-13 10:41 . 2011-08-30 07:01 -------- d-----w- c:\program files\Gulliland . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 11:17 . 2010-12-19 17:02 41552 ----a-w- c:\windows\system32\drivers\fses.sys 2011-08-31 15:02 . 2006-11-02 07:10 2864 ----a-w- c:\windows\system32\WOWDEB.EXE 2011-08-17 12:59 . 2010-12-19 17:03 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-04 1000960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128] "F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2011-09-06 1655464] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-30 202256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Skytel"="Skytel.exe" [2007-08-25 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8497696] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-12-19 36864] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-20 542560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] . c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-5-12 5733664] Notification de cadeaux MSN.lnk - c:\users\utilisateur\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-2-7 135680] OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880] Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2010-6-30 472528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-06 41552] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-08-30 148648] R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2011-05-20 1055872] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R2 WTGService;WTGService;c:\program files\InternetEverywhere\wtgservice.exe [2009-11-13 308688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-29 17920] R3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2007-11-23 841472] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-05-23 61088] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-10 30192] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-06-30 103040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-11-08 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-11-08 43904] R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 792976] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai . . ------- Examen supplémentaire ------- . uStart Page = hxxp:///www.google.fr/ig uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL Trusted Zone: canalplay.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-09 13:16 Windows 6.0.6000 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . Heure de fin: 2011-09-09 13:18:43 ComboFix-quarantined-files.txt 2011-09-09 11:18 ComboFix2.txt 2011-09-08 19:49 . Avant-CF: 583 005 810 688 octets libres Après-CF: 582 971 396 096 octets libres . - - End Of File - - 75464B12395BEC3F2F53782FED727A60

Oui j'ai "Réparer votre ordinateur.

Bonjour lance_yien, Non je n'ai aucun cd je l'ai acheté d'occasion. Donc tout était installé

Re-bonsoir lance_yien, Désolée, ne tiens pas compte de mon dernier message. Un petit moment de panique. J'ai éteint mon ordi et j'ai pu me connecter. Ci-après le rapport ComboFix que tu m'as demandé : ComboFix 11-09-08.03 - utilisateur 08/09/2011 21:38:57.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.33.1036.18.3070.2562 [GMT 2:00] Lancé depuis: c:\users\utilisateur\Downloads\ComboFix.exe * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Windows Searchqu Toolbar c:\users\utilisateur\AppData\Roaming\screensaver_Mountain.scr c:\windows\system32\comct332.ocx c:\windows\system32\wlrmdr.exe . c:\windows\System32\msdt.exe . . . est infecté!! . c:\windows\System32\wlanext.exe . . . est infecté!! . c:\windows\System32\wpcer.exe . . . est infecté!! . c:\windows\System32\wpcumi.exe . . . est infecté!! . c:\windows\System32\WPDShextAutoplay.exe . . . est infecté!! . c:\windows\System32\wpnpinst.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-08 au 2011-09-08 )))))))))))))))))))))))))))))))))))) . . 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Malwarebytes 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\programdata\Malwarebytes 2011-09-08 13:43 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-08 13:43 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-08 12:55 . 2011-09-08 12:55 -------- d-----w- C:\_OTL 2011-09-07 17:25 . 2011-09-07 17:25 512 ----a-w- C:\PhysicalMBR.bin 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\programdata\Roxio 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Roxio 2011-09-06 14:04 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C4A268C-4EEF-42A8-B93A-945B6A25683B}\mpengine.dll 2011-09-06 10:54 . 2011-09-06 10:54 -------- d-----w- C:\found.010 2011-09-04 16:28 . 2011-09-04 16:28 -------- d-----w- C:\found.009 2011-09-04 14:27 . 2011-09-04 14:27 -------- d-----w- c:\programdata\NVIDIA 2011-09-03 17:04 . 2011-09-03 17:04 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-09-03 16:58 . 2011-09-06 19:13 -------- d-----w- C:\ZHP 2011-09-03 16:57 . 2011-09-06 19:03 -------- d-----w- c:\program files\ZHPDiag 2011-09-03 16:50 . 2011-09-05 19:34 -------- d-----w- c:\programdata\Orange 2011-09-02 09:36 . 2011-09-02 09:36 -------- d-----w- C:\found.008 2011-09-01 23:47 . 2011-09-01 23:47 -------- d-----w- c:\program files\CCleaner 2011-08-31 16:00 . 2011-08-31 16:00 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Uniblue 2011-08-30 09:04 . 2011-09-01 21:33 1684 ----a-w- c:\windows\system32\ASOROSet.bin 2011-08-28 22:03 . 2011-08-28 22:03 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Subversion 2011-08-28 20:01 . 2011-08-28 20:01 -------- d-----w- c:\users\utilisateur\AppData\Roaming\fltk.org 2011-08-28 19:27 . 2011-08-29 10:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-28 19:27 . 2011-08-29 10:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-28 19:27 . 2011-08-28 19:27 -------- d-----w- c:\program files\OpenAL 2011-08-28 19:26 . 2011-08-29 17:19 -------- d-----w- c:\users\utilisateur\AppData\Roaming\flightgear.org 2011-08-28 19:24 . 2011-09-03 16:53 -------- d-----w- c:\program files\FlightGear 2011-08-23 11:51 . 2011-08-23 11:51 -------- d-----w- c:\users\utilisateur\AppData\Roaming\StoneTrip 2011-08-23 11:50 . 2011-08-31 22:29 -------- d-----w- c:\program files\KidNet 2011-08-17 20:18 . 2011-08-18 01:17 -------- d-----w- c:\program files\Metin2 2011-08-13 10:41 . 2011-08-30 07:01 -------- d-----w- c:\program files\Gulliland . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 11:17 . 2010-12-19 17:02 41552 ----a-w- c:\windows\system32\drivers\fses.sys 2011-08-31 15:02 . 2006-11-02 07:10 2864 ----a-w- c:\windows\system32\WOWDEB.EXE 2011-08-17 12:59 . 2010-12-19 17:03 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-04 1000960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128] "F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2011-09-06 1655464] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-30 202256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Skytel"="Skytel.exe" [2007-08-25 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8497696] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-12-19 36864] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-20 542560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] . c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-5-12 5733664] Notification de cadeaux MSN.lnk - c:\users\utilisateur\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-2-7 135680] OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880] Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2010-6-30 472528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-06 41552] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-08-30 148648] R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2011-05-20 1055872] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R2 WTGService;WTGService;c:\program files\InternetEverywhere\wtgservice.exe [2009-11-13 308688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-29 17920] R3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2007-11-23 841472] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-05-23 61088] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-10 30192] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-06-30 103040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-11-08 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-11-08 43904] R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 792976] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai . . ------- Examen supplémentaire ------- . uStart Page = hxxp:///www.google.fr/ig uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL Trusted Zone: canalplay.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-Connexion SFR 9props.exe - c:\program files\SFR\Kit\9props.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-08 21:46 Windows 6.0.6000 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-3709887200-1860673917-2681750386-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):0d,d0,a1,55,45,71,96,11,7e,b1,15,0b,5b,92,bf,09,70,43,ed,27,11, 16,a0,02,a7,a2,d5,fa,df,c8,00,3a,9c,a4,ec,71,d8,0e,1f,68,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3709887200-1860673917-2681750386-1000_Classes\CLSID\{5fb4cb4b-a130-4609-ac93-a9e8050a2656}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000014a "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,e5,e1,a1,1e,9a,14,cd,3b,0f,98,d1,e4,7b,21,5f,2d,56,5e,13,3c,07,56,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2011-09-08 21:49:05 ComboFix-quarantined-files.txt 2011-09-08 19:49 . Avant-CF: 583 147 685 888 octets libres Après-CF: 583 079 319 552 octets libres . - - End Of File - - 3017D311BCD51F30392D5FB2F38AF741

Bonsoir lance_yien, Je ne peut plus me connecter. J'ai une fenêtre "Tentative d'opération non autorisée sur une clé du registre marquée pour suppression"

Re, Il n'y a aucun changement : démarrage toujours page bleue en anglais : démarre et redémarre sans arrêt.

Bonjour lance_yien, Je n'ai pas pu supprimer "PriceGong" car aucune trace dans le dossier programmes. J'ai trouvé deux fichiers : - LiveUpdate 3.2 (Symantec Corporation) et - LiveUpdate Notice (Symantec Corporation) Je n'ai pas bien compris, je dois les supprimer ?? Je n'ai pas de CD/DVD de réparation Windows. Ci-après le rapport OTL All processes killed ========== OTL ========== File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3028143-6145-4318-99D3-3EDCE54A95A9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3028143-6145-4318-99D3-3EDCE54A95A9}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Lexmark 6200 Series Uninstall deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. File G:\.\Setup.exe AUTORUN=1 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. File G:\.\Setup.exe AUTORUN=1 not found. C:\found.007\dir0000.chk\rad 838.jpg.files folder moved successfully. C:\found.007\dir0000.chk\rad 837.jpg.files folder moved successfully. C:\found.007\dir0000.chk\rad 835.jpg.files folder moved successfully. C:\found.007\dir0000.chk folder moved successfully. C:\found.007 folder moved successfully. C:\Users\utilisateur\Desktop\MyBabylonTB.exe moved successfully. C:\found.006 folder moved successfully. C:\found.005\dir0003.chk folder moved successfully. C:\found.005\dir0002.chk folder moved successfully. C:\found.005\dir0001.chk folder moved successfully. C:\found.005\dir0000.chk folder moved successfully. C:\found.005 folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\icons folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\buttons folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\bitmaps folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics folder moved successfully. C:\found.004\dir0000.chk\program\common\tnb folder moved successfully. C:\found.004\dir0000.chk\program\common\strres folder moved successfully. C:\found.004\dir0000.chk\program\common\setupguires folder moved successfully. C:\found.004\dir0000.chk\program\common\ispnews folder moved successfully. C:\found.004\dir0000.chk\program\common\help folder moved successfully. C:\found.004\dir0000.chk\program\common\gui folder moved successfully. C:\found.004\dir0000.chk\program\common\gadget folder moved successfully. C:\found.004\dir0000.chk\program\common\fsma folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\splash folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\scanwizard folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins\spam folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins\parental folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\main folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\advanced folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui folder moved successfully. C:\found.004\dir0000.chk\program\common\cuif folder moved successfully. C:\found.004\dir0000.chk\program\common\bp folder moved successfully. C:\found.004\dir0000.chk\program\common folder moved successfully. C:\found.004\dir0000.chk\program folder moved successfully. C:\found.004\dir0000.chk\META-INF folder moved successfully. C:\found.004\dir0000.chk folder moved successfully. C:\found.004 folder moved successfully. C:\found.003\dir0000.chk\Tfs_DAV folder moved successfully. C:\found.003\dir0000.chk folder moved successfully. C:\found.003 folder moved successfully. C:\found.002\dir0002.chk folder moved successfully. C:\found.002\dir0001.chk folder moved successfully. C:\found.002\dir0000.chk\e6ef9946\e6ef9946.swf folder moved successfully. C:\found.002\dir0000.chk\e6ef9946 folder moved successfully. C:\found.002\dir0000.chk\a14050e3.swf folder moved successfully. C:\found.002\dir0000.chk\9c67613f.swf folder moved successfully. C:\found.002\dir0000.chk\6831c775.swf folder moved successfully. C:\found.002\dir0000.chk\67d12219.swf folder moved successfully. C:\found.002\dir0000.chk folder moved successfully. C:\found.002 folder moved successfully. C:\found.001\dir0000.chk\Tfs_DAV folder moved successfully. C:\found.001\dir0000.chk folder moved successfully. C:\found.001 folder moved successfully. C:\Users\utilisateur\AppData\Roaming\Systweak folder moved successfully. C:\Windows\System32\roboot.exe moved successfully. C:\found.000 folder moved successfully. C:\Windows\Tasks\PCConfidential.job moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de r‚solution DNS vid‚. C:\Users\utilisateur\Desktop\cmd.bat deleted successfully. C:\Users\utilisateur\Desktop\cmd.txt deleted successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709887200-1860673917-2681750386-1000Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709887200-1860673917-2681750386-1000UA.job moved successfully. C:\WINDOWS\tasks\User_Feed_Synchronization-{10E2F924-5338-40B0-BE66-D40AAAF77F0A}.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. File\Folder C:\Program Files\PriceGong not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33237 bytes ->Flash cache emptied: 82 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: utilisateur ->Temp folder emptied: 8574665 bytes ->Temporary Internet Files folder emptied: 11195089 bytes ->Java cache emptied: 237542 bytes ->Google Chrome cache emptied: 17431370 bytes ->Flash cache emptied: 2931 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3211399 bytes RecycleBin emptied: 2906444 bytes Total Files Cleaned = 42,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: utilisateur ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.27.0 log created on 09082011_145507 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Et le rapport MBAM : Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Version de la base de données: 7676 Windows 6.0.6000 (Safe Mode) Internet Explorer 8.0.6001.18904 08/09/2011 16:03:09 mbam-log-2011-09-08 (16-03-09).txt Type d'examen: Examen rapide Elément(s) analysé(s): 163399 Temps écoulé: 3 minute(s), 20 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790574B17655503FA997 (Malware.Trace) -> Value: SRS_IT_E8790574B17655503FA997 -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Merci pour ton aide précieuse lance_yien et pour le temps que tu me consacre.

Re Le rapport du ckeckup Results of screen317's Security Check version 0.99.18 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Norton 360 Anti-virus firewall WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Java 6 Update 20 Java 6 Update 2 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````