adamejdi

Bonsoir lance_yien, Je suis allée les voir, ils ne veulent rien savoir, ils m'ont dit d'aller porter plainte. Ceci dit, j'aurai un autre pc ce week end, je ferai ce que tu m'a indiqué et j'espère que ça réglera mes problèmes parce que j'en ai ras le bol. Merci encore pour ton aide

Bonjour lance_yien, Me revoilà. Mon revendeur après m'avoir promis de réparer mon ordi, il me l'a rendu en me disant que l'ordi avait été ouvert et qu'il ne voulait prendre aucun risque. J'ai donc repris mon ordi. J'ai acheter chez eux une clé usb pour sauvegarder mon disque dur. En allumant mon ordi j'ai une page "Windows ne peut pas démarré etc et me propose 3 solutions : 1 insérer disque d'installation, 2 , 3 cliquer sur réparer". Dernière phrase : Impossible de charger l'entrée car application absente où endommagée. En plus, mon disque dur est vide quand j'ai voulu sauvegarder mes fichiers. Est ce que tu comprends ce qui à pu se passer ??? S'il te plait lance_yien aide-moi.

Je voudrais comprendre une chose. Pourquoi mon ordi se trouve dans cet etat malgré l'antivirus ???

Bonjour lance_yien, Ok je fais tout ça. J'installe un autre antivirus que le mien ?? Celui d'Orange j'en fais quoi ? J'aimerai te poser une question sur mon antivirus, il n'a pas été efficace et c'est pour cette raison que mon ordi n'a pas été protégé ?

Re-bonsoir lance_yien, Je suis allée à la page que tu m'as indiqué mais je ne peux rien faire puisque tout doit s'exécuter sous Windows et que je ne peux aller que sur MSE. J'ai vu le revendeur de mon ordi tout à l'heure et il m'a dit qu'il pouvait tout me réinstaller. Je dois lui emmener mon ordi demain. Qu'est-ce que tu me conseille de lui dire ?? Merci encore lance_yien pour ton aide et ta disponibilité.

Bonsoir lance_yien le rapport de scan : OTL logfile created on: 09/09/2011 19:30:57 - Run 3 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\utilisateur\Desktop Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,00% Memory free 6,17 Gb Paging File | 5,86 Gb Available in Paging File | 94,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 585,10 Gb Total Space | 543,03 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Drive D: | 247,74 Mb Total Space | 127,40 Mb Free Space | 51,42% Space Free | Partition Type: FAT Drive G: | 244,84 Mb Total Space | 239,31 Mb Free Space | 97,74% Space Free | Partition Type: FAT Computer Name: VAIO | User Name: utilisateur | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Custom Scans ========== < MD5 for: MSDT.EXE > [2006/11/02 11:45:26 | 000,161,792 | ---- | M] () MD5=CEE2A88F8CCE33E024C244E8049E5AB4 -- C:\Windows\System32\msdt.exe [2006/11/02 11:45:26 | 000,161,792 | ---- | M] () MD5=CEE2A88F8CCE33E024C244E8049E5AB4 -- C:\Windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.0.6000.16386_none_a34b9ff7209b68aa\msdt.exe < MD5 for: WLANEXT.EXE > [2006/11/02 14:32:23 | 000,073,728 | ---- | M] () MD5=87227DEA74DBE0D1CE0B52BD7579C9FA -- C:\Windows\System32\wlanext.exe [2006/11/02 14:32:23 | 000,073,728 | ---- | M] () MD5=87227DEA74DBE0D1CE0B52BD7579C9FA -- C:\Windows\winsxs\x86_microsoft-windows-wlan-extension_31bf3856ad364e35_6.0.6000.16386_none_f7ac6d32266e7828\wlanext.exe < MD5 for: WPCER.EXE > [2006/11/02 14:33:21 | 000,018,944 | ---- | M] () MD5=185EA4106A0C3F77D238C19B3630599F -- C:\Windows\System32\wpcer.exe [2006/11/02 14:33:21 | 000,018,944 | ---- | M] () MD5=185EA4106A0C3F77D238C19B3630599F -- C:\Windows\winsxs\x86_microsoft-windows-p..sexemptionrequestor_31bf3856ad364e35_6.0.6000.16386_none_4712cc634ea4b26a\wpcer.exe < MD5 for: WPCUMI.EXE > [2006/11/02 14:33:21 | 000,176,128 | ---- | M] () MD5=F82A97B18F7F256FEA4256513ED2804D -- C:\Windows\System32\wpcumi.exe [2006/11/02 14:33:21 | 000,176,128 | ---- | M] () MD5=F82A97B18F7F256FEA4256513ED2804D -- C:\Windows\winsxs\x86_microsoft-windows-p..ontrolsnotification_31bf3856ad364e35_6.0.6000.16386_none_e5b0086586301ce6\wpcumi.exe < MD5 for: WPDSHEXTAUTOPLAY.EXE > [2006/11/02 14:33:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=274093C3F11BC352FE6561E292817651 -- C:\Windows\System32\WPDShextAutoplay.exe [2006/11/02 14:33:40 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=274093C3F11BC352FE6561E292817651 -- C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6000.16386_none_0ef22aaec9dea191\WPDShextAutoplay.exe < MD5 for: WPNPINST.EXE > [2006/11/02 14:34:29 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=52567710407A637FB8C56569BEC68AD9 -- C:\Windows\System32\wpnpinst.exe [2006/11/02 14:34:29 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=52567710407A637FB8C56569BEC68AD9 -- C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6000.16386_none_889ba3b1cb78296e\wpnpinst.exe < End of report > Sommes-nous en bonne voie ???

Re-bonjour lance_yien, J'ai désinstaller Eset manuellement je n'avais pas "Uninstall application on close". Voici le rapport "scan-results.txt" : C:\Users\utilisateur\Downloads\registrybooster.exe Win32/RegistryBooster application supprimé - mis en quarantaine C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6YIHHZK\upgrade[1].cab menaces multiples supprimé - mis en quarantaine C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z93K27XM\upgrade[1].cab une variante de Win32/Adware.OneStep.AB application supprimé - mis en quarantaine C:\ZHP\Quarantine\Bandoo.DIR\Plugins\MSN\msnplugin.dll une variante de Win32/Adware.Bandoo.AA application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\ClickPotatoLiteSAAX.dll une variante de Win32/Adware.HotBar.E application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\ClickPotatoLiteUninstaller.exe une variante de Win32/Adware.HotBar.E application supprimé - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.529.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll Win32/Adware.HotBar.J application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ClickPotatoLite.DIR\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll une variante de Win32/Adware.HotBar.J application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\ShoppingReport2.DIR\Uninst.exe Win32/Adware.Toolbar.Shopper application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\SweetIM.DIR\SweetIM\Messenger\update\sweetimsetup.exe une variante de Win32/SweetIM.B application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\SearchquTb.dll Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\searchqutb.js Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\toolbar.htm Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine C:\ZHP\Quarantine\Windows Searchqu Toolbar.DIR\ToolBar\chrome\content\toolbar.xul Win32/Adware.Bandoo application nettoyé par suppression - mis en quarantaine

Dans Panneau de configuration je n'ai rien qui ressemble à "Sauvegarder et restaurer" ou "Récupération". Ci-après le rapport ComboFix : ComboFix 11-09-08.03 - utilisateur 09/09/2011 13:08:05.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.33.1036.18.3070.2529 [GMT 2:00] Lancé depuis: c:\users\utilisateur\Downloads\ComboFix.exe Commutateurs utilisés :: c:\users\utilisateur\Desktop\CFScript.txt * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\msdt.exe . . . est infecté!! . c:\windows\System32\wlanext.exe . . . est infecté!! . c:\windows\System32\wpcer.exe . . . est infecté!! . c:\windows\System32\wpcumi.exe . . . est infecté!! . c:\windows\System32\WPDShextAutoplay.exe . . . est infecté!! . c:\windows\System32\wpnpinst.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-09 au 2011-09-09 )))))))))))))))))))))))))))))))))))) . . 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Malwarebytes 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\programdata\Malwarebytes 2011-09-08 13:43 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-08 13:43 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-08 12:55 . 2011-09-08 12:55 -------- d-----w- C:\_OTL 2011-09-07 17:25 . 2011-09-07 17:25 512 ----a-w- C:\PhysicalMBR.bin 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\programdata\Roxio 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Roxio 2011-09-06 14:04 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C4A268C-4EEF-42A8-B93A-945B6A25683B}\mpengine.dll 2011-09-06 10:54 . 2011-09-06 10:54 -------- d-----w- C:\found.010 2011-09-04 16:28 . 2011-09-04 16:28 -------- d-----w- C:\found.009 2011-09-04 14:27 . 2011-09-04 14:27 -------- d-----w- c:\programdata\NVIDIA 2011-09-03 17:04 . 2011-09-03 17:04 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-09-03 16:58 . 2011-09-06 19:13 -------- d-----w- C:\ZHP 2011-09-03 16:57 . 2011-09-06 19:03 -------- d-----w- c:\program files\ZHPDiag 2011-09-03 16:50 . 2011-09-05 19:34 -------- d-----w- c:\programdata\Orange 2011-09-02 09:36 . 2011-09-02 09:36 -------- d-----w- C:\found.008 2011-09-01 23:47 . 2011-09-01 23:47 -------- d-----w- c:\program files\CCleaner 2011-08-31 16:00 . 2011-08-31 16:00 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Uniblue 2011-08-30 09:04 . 2011-09-01 21:33 1684 ----a-w- c:\windows\system32\ASOROSet.bin 2011-08-28 22:03 . 2011-08-28 22:03 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Subversion 2011-08-28 20:01 . 2011-08-28 20:01 -------- d-----w- c:\users\utilisateur\AppData\Roaming\fltk.org 2011-08-28 19:27 . 2011-08-29 10:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-28 19:27 . 2011-08-29 10:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-28 19:27 . 2011-08-28 19:27 -------- d-----w- c:\program files\OpenAL 2011-08-28 19:26 . 2011-08-29 17:19 -------- d-----w- c:\users\utilisateur\AppData\Roaming\flightgear.org 2011-08-28 19:24 . 2011-09-03 16:53 -------- d-----w- c:\program files\FlightGear 2011-08-23 11:51 . 2011-08-23 11:51 -------- d-----w- c:\users\utilisateur\AppData\Roaming\StoneTrip 2011-08-23 11:50 . 2011-08-31 22:29 -------- d-----w- c:\program files\KidNet 2011-08-17 20:18 . 2011-08-18 01:17 -------- d-----w- c:\program files\Metin2 2011-08-13 10:41 . 2011-08-30 07:01 -------- d-----w- c:\program files\Gulliland . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 11:17 . 2010-12-19 17:02 41552 ----a-w- c:\windows\system32\drivers\fses.sys 2011-08-31 15:02 . 2006-11-02 07:10 2864 ----a-w- c:\windows\system32\WOWDEB.EXE 2011-08-17 12:59 . 2010-12-19 17:03 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-04 1000960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128] "F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2011-09-06 1655464] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-30 202256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Skytel"="Skytel.exe" [2007-08-25 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8497696] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-12-19 36864] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-20 542560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] . c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-5-12 5733664] Notification de cadeaux MSN.lnk - c:\users\utilisateur\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-2-7 135680] OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880] Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2010-6-30 472528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-06 41552] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-08-30 148648] R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2011-05-20 1055872] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R2 WTGService;WTGService;c:\program files\InternetEverywhere\wtgservice.exe [2009-11-13 308688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-29 17920] R3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2007-11-23 841472] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-05-23 61088] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-10 30192] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-06-30 103040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-11-08 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-11-08 43904] R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 792976] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai . . ------- Examen supplémentaire ------- . uStart Page = hxxp:///www.google.fr/ig uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL Trusted Zone: canalplay.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-09 13:16 Windows 6.0.6000 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . Heure de fin: 2011-09-09 13:18:43 ComboFix-quarantined-files.txt 2011-09-09 11:18 ComboFix2.txt 2011-09-08 19:49 . Avant-CF: 583 005 810 688 octets libres Après-CF: 582 971 396 096 octets libres . - - End Of File - - 75464B12395BEC3F2F53782FED727A60

Oui j'ai "Réparer votre ordinateur.

Bonjour lance_yien, Non je n'ai aucun cd je l'ai acheté d'occasion. Donc tout était installé

Re-bonsoir lance_yien, Désolée, ne tiens pas compte de mon dernier message. Un petit moment de panique. J'ai éteint mon ordi et j'ai pu me connecter. Ci-après le rapport ComboFix que tu m'as demandé : ComboFix 11-09-08.03 - utilisateur 08/09/2011 21:38:57.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.33.1036.18.3070.2562 [GMT 2:00] Lancé depuis: c:\users\utilisateur\Downloads\ComboFix.exe * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Windows Searchqu Toolbar c:\users\utilisateur\AppData\Roaming\screensaver_Mountain.scr c:\windows\system32\comct332.ocx c:\windows\system32\wlrmdr.exe . c:\windows\System32\msdt.exe . . . est infecté!! . c:\windows\System32\wlanext.exe . . . est infecté!! . c:\windows\System32\wpcer.exe . . . est infecté!! . c:\windows\System32\wpcumi.exe . . . est infecté!! . c:\windows\System32\WPDShextAutoplay.exe . . . est infecté!! . c:\windows\System32\wpnpinst.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-08 au 2011-09-08 )))))))))))))))))))))))))))))))))))) . . 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Malwarebytes 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\programdata\Malwarebytes 2011-09-08 13:43 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-08 13:43 . 2011-09-08 13:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-08 13:43 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-08 12:55 . 2011-09-08 12:55 -------- d-----w- C:\_OTL 2011-09-07 17:25 . 2011-09-07 17:25 512 ----a-w- C:\PhysicalMBR.bin 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\programdata\Roxio 2011-09-06 14:28 . 2011-09-06 14:28 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Roxio 2011-09-06 14:04 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C4A268C-4EEF-42A8-B93A-945B6A25683B}\mpengine.dll 2011-09-06 10:54 . 2011-09-06 10:54 -------- d-----w- C:\found.010 2011-09-04 16:28 . 2011-09-04 16:28 -------- d-----w- C:\found.009 2011-09-04 14:27 . 2011-09-04 14:27 -------- d-----w- c:\programdata\NVIDIA 2011-09-03 17:04 . 2011-09-03 17:04 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-09-03 16:58 . 2011-09-06 19:13 -------- d-----w- C:\ZHP 2011-09-03 16:57 . 2011-09-06 19:03 -------- d-----w- c:\program files\ZHPDiag 2011-09-03 16:50 . 2011-09-05 19:34 -------- d-----w- c:\programdata\Orange 2011-09-02 09:36 . 2011-09-02 09:36 -------- d-----w- C:\found.008 2011-09-01 23:47 . 2011-09-01 23:47 -------- d-----w- c:\program files\CCleaner 2011-08-31 16:00 . 2011-08-31 16:00 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Uniblue 2011-08-30 09:04 . 2011-09-01 21:33 1684 ----a-w- c:\windows\system32\ASOROSet.bin 2011-08-28 22:03 . 2011-08-28 22:03 -------- d-----w- c:\users\utilisateur\AppData\Roaming\Subversion 2011-08-28 20:01 . 2011-08-28 20:01 -------- d-----w- c:\users\utilisateur\AppData\Roaming\fltk.org 2011-08-28 19:27 . 2011-08-29 10:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-28 19:27 . 2011-08-29 10:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-28 19:27 . 2011-08-28 19:27 -------- d-----w- c:\program files\OpenAL 2011-08-28 19:26 . 2011-08-29 17:19 -------- d-----w- c:\users\utilisateur\AppData\Roaming\flightgear.org 2011-08-28 19:24 . 2011-09-03 16:53 -------- d-----w- c:\program files\FlightGear 2011-08-23 11:51 . 2011-08-23 11:51 -------- d-----w- c:\users\utilisateur\AppData\Roaming\StoneTrip 2011-08-23 11:50 . 2011-08-31 22:29 -------- d-----w- c:\program files\KidNet 2011-08-17 20:18 . 2011-08-18 01:17 -------- d-----w- c:\program files\Metin2 2011-08-13 10:41 . 2011-08-30 07:01 -------- d-----w- c:\program files\Gulliland . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 11:17 . 2010-12-19 17:02 41552 ----a-w- c:\windows\system32\drivers\fses.sys 2011-08-31 15:02 . 2006-11-02 07:10 2864 ----a-w- c:\windows\system32\WOWDEB.EXE 2011-08-17 12:59 . 2010-12-19 17:03 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3245408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-04 1000960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128] "F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2011-09-06 1655464] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-30 202256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Skytel"="Skytel.exe" [2007-08-25 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8497696] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-12-19 36864] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192] "AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-20 542560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2009-09-05 319488] . c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-5-12 5733664] Notification de cadeaux MSN.lnk - c:\users\utilisateur\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-2-7 135680] OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880] Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2010-6-30 472528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-08-17 42672] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-06 41552] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-08-30 148648] R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [2011-05-20 1055872] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R2 WTGService;WTGService;c:\program files\InternetEverywhere\wtgservice.exe [2009-11-13 308688] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-29 17920] R3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [2007-11-23 841472] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-05-23 61088] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-10 30192] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-06-30 103040] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-11-08 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-11-08 43904] R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 792976] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai . . ------- Examen supplémentaire ------- . uStart Page = hxxp:///www.google.fr/ig uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL Trusted Zone: canalplay.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-Connexion SFR 9props.exe - c:\program files\SFR\Kit\9props.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-08 21:46 Windows 6.0.6000 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-3709887200-1860673917-2681750386-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):0d,d0,a1,55,45,71,96,11,7e,b1,15,0b,5b,92,bf,09,70,43,ed,27,11, 16,a0,02,a7,a2,d5,fa,df,c8,00,3a,9c,a4,ec,71,d8,0e,1f,68,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3709887200-1860673917-2681750386-1000_Classes\CLSID\{5fb4cb4b-a130-4609-ac93-a9e8050a2656}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000014a "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,e5,e1,a1,1e,9a,14,cd,3b,0f,98,d1,e4,7b,21,5f,2d,56,5e,13,3c,07,56,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2011-09-08 21:49:05 ComboFix-quarantined-files.txt 2011-09-08 19:49 . Avant-CF: 583 147 685 888 octets libres Après-CF: 583 079 319 552 octets libres . - - End Of File - - 3017D311BCD51F30392D5FB2F38AF741

Bonsoir lance_yien, Je ne peut plus me connecter. J'ai une fenêtre "Tentative d'opération non autorisée sur une clé du registre marquée pour suppression"

Re, Il n'y a aucun changement : démarrage toujours page bleue en anglais : démarre et redémarre sans arrêt.

Bonjour lance_yien, Je n'ai pas pu supprimer "PriceGong" car aucune trace dans le dossier programmes. J'ai trouvé deux fichiers : - LiveUpdate 3.2 (Symantec Corporation) et - LiveUpdate Notice (Symantec Corporation) Je n'ai pas bien compris, je dois les supprimer ?? Je n'ai pas de CD/DVD de réparation Windows. Ci-après le rapport OTL All processes killed ========== OTL ========== File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3028143-6145-4318-99D3-3EDCE54A95A9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3028143-6145-4318-99D3-3EDCE54A95A9}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Lexmark 6200 Series Uninstall deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afe01e6e-8430-11df-8e25-001e3d8aed9e}\ not found. File G:\.\Setup.exe AUTORUN=1 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95dac3e-843f-11df-bd93-001f3b76b6cd}\ not found. File G:\.\Setup.exe AUTORUN=1 not found. C:\found.007\dir0000.chk\rad 838.jpg.files folder moved successfully. C:\found.007\dir0000.chk\rad 837.jpg.files folder moved successfully. C:\found.007\dir0000.chk\rad 835.jpg.files folder moved successfully. C:\found.007\dir0000.chk folder moved successfully. C:\found.007 folder moved successfully. C:\Users\utilisateur\Desktop\MyBabylonTB.exe moved successfully. C:\found.006 folder moved successfully. C:\found.005\dir0003.chk folder moved successfully. C:\found.005\dir0002.chk folder moved successfully. C:\found.005\dir0001.chk folder moved successfully. C:\found.005\dir0000.chk folder moved successfully. C:\found.005 folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\icons folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\buttons folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics\bitmaps folder moved successfully. C:\found.004\dir0000.chk\program\common\_graphics folder moved successfully. C:\found.004\dir0000.chk\program\common\tnb folder moved successfully. C:\found.004\dir0000.chk\program\common\strres folder moved successfully. C:\found.004\dir0000.chk\program\common\setupguires folder moved successfully. C:\found.004\dir0000.chk\program\common\ispnews folder moved successfully. C:\found.004\dir0000.chk\program\common\help folder moved successfully. C:\found.004\dir0000.chk\program\common\gui folder moved successfully. C:\found.004\dir0000.chk\program\common\gadget folder moved successfully. C:\found.004\dir0000.chk\program\common\fsma folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\splash folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\scanwizard folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins\spam folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins\parental folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\plugins folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\main folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui\advanced folder moved successfully. C:\found.004\dir0000.chk\program\common\fsgui folder moved successfully. C:\found.004\dir0000.chk\program\common\cuif folder moved successfully. C:\found.004\dir0000.chk\program\common\bp folder moved successfully. C:\found.004\dir0000.chk\program\common folder moved successfully. C:\found.004\dir0000.chk\program folder moved successfully. C:\found.004\dir0000.chk\META-INF folder moved successfully. C:\found.004\dir0000.chk folder moved successfully. C:\found.004 folder moved successfully. C:\found.003\dir0000.chk\Tfs_DAV folder moved successfully. C:\found.003\dir0000.chk folder moved successfully. C:\found.003 folder moved successfully. C:\found.002\dir0002.chk folder moved successfully. C:\found.002\dir0001.chk folder moved successfully. C:\found.002\dir0000.chk\e6ef9946\e6ef9946.swf folder moved successfully. C:\found.002\dir0000.chk\e6ef9946 folder moved successfully. C:\found.002\dir0000.chk\a14050e3.swf folder moved successfully. C:\found.002\dir0000.chk\9c67613f.swf folder moved successfully. C:\found.002\dir0000.chk\6831c775.swf folder moved successfully. C:\found.002\dir0000.chk\67d12219.swf folder moved successfully. C:\found.002\dir0000.chk folder moved successfully. C:\found.002 folder moved successfully. C:\found.001\dir0000.chk\Tfs_DAV folder moved successfully. C:\found.001\dir0000.chk folder moved successfully. C:\found.001 folder moved successfully. C:\Users\utilisateur\AppData\Roaming\Systweak folder moved successfully. C:\Windows\System32\roboot.exe moved successfully. C:\found.000 folder moved successfully. C:\Windows\Tasks\PCConfidential.job moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de r‚solution DNS vid‚. C:\Users\utilisateur\Desktop\cmd.bat deleted successfully. C:\Users\utilisateur\Desktop\cmd.txt deleted successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709887200-1860673917-2681750386-1000Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3709887200-1860673917-2681750386-1000UA.job moved successfully. C:\WINDOWS\tasks\User_Feed_Synchronization-{10E2F924-5338-40B0-BE66-D40AAAF77F0A}.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. File\Folder C:\Program Files\PriceGong not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33237 bytes ->Flash cache emptied: 82 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: utilisateur ->Temp folder emptied: 8574665 bytes ->Temporary Internet Files folder emptied: 11195089 bytes ->Java cache emptied: 237542 bytes ->Google Chrome cache emptied: 17431370 bytes ->Flash cache emptied: 2931 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3211399 bytes RecycleBin emptied: 2906444 bytes Total Files Cleaned = 42,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: utilisateur ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.27.0 log created on 09082011_145507 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Et le rapport MBAM : Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Version de la base de données: 7676 Windows 6.0.6000 (Safe Mode) Internet Explorer 8.0.6001.18904 08/09/2011 16:03:09 mbam-log-2011-09-08 (16-03-09).txt Type d'examen: Examen rapide Elément(s) analysé(s): 163399 Temps écoulé: 3 minute(s), 20 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790574B17655503FA997 (Malware.Trace) -> Value: SRS_IT_E8790574B17655503FA997 -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Merci pour ton aide précieuse lance_yien et pour le temps que tu me consacre.

Re Le rapport du ckeckup Results of screen317's Security Check version 0.99.18 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Norton 360 Anti-virus firewall WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Java 6 Update 20 Java 6 Update 2 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

Bonsoir lance_yien, J'ai enfin réussi enfin à moitié, je n'ai qu'un seul fichier qui s'est créé et non deux. Pourquoi je n'ai pas le 2ème. Ci-joint le lien "OTL.txt" Lien CJoint.com AIht5STHwpK

Le MSE avec prise en charge réseau fonctionne. Internet fonctionne. C'est le téléchargement qui ne fonctionne pas. J'ai essayé plusieurs fois en le retéléchargeant, toujours même résultat. OTL.exe ne s’exécute pas et j'ai la même fenêtre qui s'ouvre à chaque fois.

Peut être est-ce important, hier j'ai voulu vider une clé usb sur mon ordi ça à duré plus d'une heure, quand j'ai regardé pour voir où s'en était une fenêtre avec "renomer fichier" sans arrêt et plus de 400 0000 fichiers entrain d'être supprimé. J'ai compris qu'il y avait un gros prblm j'ai tout annulé et éteint l'ordi. Je l'ai allumé aujourd'hui et vous connaissez la suite. Rassurez moi et dites moi que ce n'est pas trop grave !!!

Re je suis en MSE. OT Lne veut pas s’exécuter. Il se télécharge ensuite quand je veux faire "executer" il me donne une page "OTL by OldTimer - Version 3.2.27.0" avec un bouton "Analyse" "Analyse rapide" "Correction" "Aucun" etc..... Est-ce mauvais signe ???? Que dois-je faire ??????

Ok je vais essayer de faire ce que tu m'as dit. Je n'ai rien installé, je suis à la lettre tes instructions.

Qu'est ce que je dois faire en mode sans échec ? Le mode sans échec marche. Mon ordi est un portable Sony Vaio Merci lance_ yien

Je ne l'ai pas rallumé depuis hier. Aujourd'hui il ne veut rien savoir. Je n'ai rien fait puisqu'il ne répond plus. La page bleue en anglais s'affiche après que la page du bureau apparaît et ensuite il redémarre dès qu'apparaît le bureau page bleue présente quelques secondes et rebelotte

Bonjour lance_yien, Je ne peux plus ouvrir mon ordi. Après plusieurs tentatives il m'affiche une page bleu en anglais. J'ai photographié et copié la page en espérant qu'il n'y à pas d'erreur car c'est en anglais : A problem has been detected and windows has been shut down to prevent damage to your computer. PAGE_FAULT_IN_MONPAGED_AREA If this is the first time you've seen this stop error screen. Restart your computer. If this screen appears again, follow these steps: Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows uptates you might need. If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe Mode to remove or disable components, restart your computer, press F8 to select Advanced startup options, and then select Safe Mode. Technical information : *** STOP : 0x00000050 (0xB9253000, 0x00000000, 0x81D5DC90, 0x00000000) Collecting data for crash dump... Initializing disk for crash dump... Beginning dump of physical memory. Dumping physical memory to disk : 45 Merci lance_yien

Bonsoir lance_yien, L'ordi ne m'a pas demandé de le redémarrer et il rame toujours autant. Voici mon rapport ZHPFix Rapport de ZHPFix 1.12.3360 par Nicolas Coolman, Update du 29/08/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-06-09-2011-21-13-37.txt Run by utilisateur at 06/09/2011 21:13:37 Windows Vista Ultimate Edition, 32-bit (Build 6000) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== ABSENT Uninstall Process: c:\program files\pricegong\uninst.exe ABSENT Uninstall Process: c:\program files\shoppingreport2\uninst.exe ABSENT Uninstall Process: c:\program files\windows searchqu toolbar\uninstall.exe ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\utilisateur\AppData\Local\Temp\cacaonew43ae3a.exe ========== Clé(s) du Registre ========== SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong] SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2] SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar] SUPPRIME Key: CLSID BHO: {1631550F-191D-4826-B069-D9439253D926} SUPPRIME Key: CLSID BHO: {7FF99715-3016-4381-84CE-E4E4C9673020} SUPPRIME Key: Service: Mp3Tube Toolbar Updater Service SUPPRIME Key: HKCU\Software\AppDataLow\Software\Mp3Tube SUPPRIME Key: HKCU\Software\AppDataLow\Software\PriceGong SUPPRIME Key: HKCU\Software\AppDataLow\Software\ShoppingReport2 SUPPRIME Key: HKCU\Software\AppDataLow\Software\searchqutb SUPPRIME Key: HKCU\Software\DataMngr SUPPRIME Key: HKCU\Software\FissaSearch SUPPRIME Key: HKCU\Software\OfferBox SUPPRIME Key: HKCU\Software\ShoppingReport2 SUPPRIME Key: HKCU\Software\Spointer SUPPRIME Key: HKCU\Software\cacaoweb SUPPRIME Key: HKCU\Software\clickpotatolitesa SUPPRIME Key: HKCU\Software\freeTVRadio SUPPRIME Key: HKLM\Software\Babylon SUPPRIME Key: HKLM\Software\Bandoo SUPPRIME Key: HKLM\Software\ClickPotatoLite SUPPRIME Key: HKLM\Software\DataMngr SUPPRIME Key: HKLM\Software\Freeze.com SUPPRIME Key: HKLM\Software\OfferBox SUPPRIME Key: HKLM\Software\ResultBar SUPPRIME Key: HKLM\Software\SearchquMediabarTb SUPPRIME Key: SearchScopes :{1F096B29-E9DA-4D64-8D63-936BE7762CC5} SUPPRIME Key: SearchScopes :{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} SUPPRIME Key: SearchScopes :{5CD3F1B6-45E0-42EA-9210-6BE46DEC0096} SUPPRIME Key: SearchScopes :{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} SUPPRIME Key: SearchScopes :{b41306c6-96d0-442a-bcc4-b0f621e82ce9} SUPPRIME Key: HKLM\Software\Classes\AppID\bandoocore.exe SUPPRIME Key: HKLM\Software\Classes\AppID\MenuButtonIE.DLL SUPPRIME Key: HKLM\Software\Classes\AppID\PriceGongIE.DLL SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorer SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar SUPPRIME Key: HKLM\Software\Classes\bandoocore.bandoocore SUPPRIME Key: HKLM\Software\Classes\bandoocore.bandoocore.1 SUPPRIME Key: HKLM\Software\Classes\bandoocore.resourcesmngr SUPPRIME Key: HKLM\Software\Classes\bandoocore.resourcesmngr.1 SUPPRIME Key: HKLM\Software\Classes\bandoocore.settingsmngr SUPPRIME Key: HKLM\Software\Classes\bandoocore.settingsmngr.1 SUPPRIME Key: HKLM\Software\Classes\bandoocore.statisticmngr SUPPRIME Key: HKLM\Software\Classes\bandoocore.statisticmngr.1 SUPPRIME Key: HKLM\Software\Classes\clickpotatoliteax.info SUPPRIME Key: HKLM\Software\Classes\clickpotatoliteax.userprofiles SUPPRIME Key: HKLM\Software\Classes\MenuButtonIE.ButtonIE SUPPRIME Key: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO SUPPRIME Key: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1 SUPPRIME Key: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl SUPPRIME Key: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1 SUPPRIME Key: HKLM\Software\Classes\shopperreports.reporter SUPPRIME Key: HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} SUPPRIME Key: HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} SUPPRIME Key: HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} SUPPRIME Key: HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} SUPPRIME Key: HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} ABSENT Key: HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2C8574B5-6935-4FCE-860E-F4E8602378FF} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} SUPPRIME Key: HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc} SUPPRIME Key: HKLM\Software\Classes\Interface\{477f210a-2a86-4666-9c4b-1189634d2c84} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} SUPPRIME Key: HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020} ABSENT Key: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} SUPPRIME Key: HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} SUPPRIME Key: HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8a96af9e-4074-43b7-bea3-87217bda74c8} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8a96af9e-4074-43b7-bea3-87217bda74c8} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} SUPPRIME Key: HKLM\Software\Classes\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} SUPPRIME Key: HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{b035ba6b-57cd-4f72-b545-65be465fcaf6} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} SUPPRIME Key: HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} SUPPRIME Key: HKLM\Software\Classes\Interface\{ff871e51-2655-4d06-aed5-745962a96b32} ABSENT Key: HKCU\Software\freetvradio ABSENT Key: HKLM\Software\freeze.com ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchqu mediabar ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 ABSENT Key: Service: Mp3Tube Toolbar Updater Service SUPPRIME Key: CLSID BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} SUPPRIME Key: HKCU\Software\AppDataLow\Software\Avanquest_FR SUPPRIME Key: HKCU\Software\AppDataLow\Software\Conduit SUPPRIME Key: HKCU\Software\SweetIM SUPPRIME Key: HKLM\Software\Conduit SUPPRIME Key: HKLM\Software\Productivity_2.1 SUPPRIME Key: HKLM\Software\SweetIM SUPPRIME Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine SUPPRIME Key: HKLM\Software\Classes\sweetie.ietoolbar SUPPRIME Key: HKLM\Software\Classes\sweetie.ietoolbar.1 SUPPRIME Key: HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook SUPPRIME Key: HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 SUPPRIME Key: HKLM\Software\Classes\Toolbar3.sweetie SUPPRIME Key: HKLM\Software\Classes\Toolbar3.sweetie.1 SUPPRIME Key: HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} SUPPRIME Key: HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} SUPPRIME Key: HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847} ABSENT Key: HKLM\Software\Classes\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847} ========== Valeur(s) du Registre ========== SUPPRIME Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} SUPPRIME RunValue: DATAMNGR SUPPRIME RunValue: cacaoweb ABSENT RunValue: cacaoweb SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application SUPPRIME [HKLM\Software\Mozilla\Firefox\Extensions]:ClickPotatoLite@ClickPotatoLite.com SUPPRIME Toolbar: {EEE6C35B-6118-11DC-9C72-001320C79847} SUPPRIME Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} SUPPRIME RunValue: SweetIM SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} ========== Elément(s) de donnée du Registre ========== SUPPRIME Explorer Association Data Application: File Extension Search SUPPRIME PhishingFilter Value: Enabled = 0 SUPPRIME AppInit: ta Manager.) - c:\progra~1\wi9130~1\datamngr\datamngr.dll ========== Dossier(s) ========== SUPPRIME Folder: C:\Program Files\Bandoo SUPPRIME Folder: C:\Program Files\ClickPotatoLite SUPPRIME Folder: C:\Program Files\PriceGong SUPPRIME Folder: C:\Program Files\ResultBar SUPPRIME Folder: C:\Program Files\ShoppingReport2 SUPPRIME Reboot Folder**: C:\Program Files\Windows Searchqu Toolbar SUPPRIME Folder: C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 SUPPRIME Folder: C:\ProgramData\Babylon SUPPRIME Folder: C:\ProgramData\ClickPotatoLiteSA SUPPRIME Folder: C:\ProgramData\ResultBar SUPPRIME Folder: C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\Babylon SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\cacaoweb SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\ClickPotatoLite SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\freeTVRadio SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\OfferBox SUPPRIME Folder: C:\Users\utilisateur\AppData\Local\Babylon SUPPRIME Folder: c:\programdata\microsoft\windows\start menu\programs\clickpotato SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\babylontoolbar SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\pricegong SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\searchqutb SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\shoppingreport2 SUPPRIME Folder: C:\Users\utilisateur\AppData\Roaming\uTorrent SUPPRIME Reboot Folder**: C:\Program Files\SweetIM SUPPRIME Folder: C:\ProgramData\SweetIM SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\conduit SUPPRIME Folder: c:\users\utilisateur\appdata\locallow\sweetim ========== Fichier(s) ========== ABSENT Folder/File: c:\program files\windows searchqu toolbar\datamngr\datamngrui.exe 628] ABSENT Folder/File: c:\program files\sweetim\messenger\sweetim.exe 16] SUPPRIME File: c:\program files\pricegong\2.1.0\pricegongie.dll SUPPRIME File: c:\progra~1\wi9130~1\toolbar\searchqudx.dll ABSENT File: c:\progra~1\wi9130~1\toolbar\searchqudx.dll SUPPRIME Reboot c:\progra~1\wi9130~1\datamngr\datamn~1.exe SUPPRIME File: c:\users\utilisateur\appdata\roaming\cacaoweb\cacaoweb.exe ABSENT File: c:\users\utilisateur\appdata\roaming\cacaoweb\cacaoweb.exe SUPPRIME File: c:\progra~1\wi9130~1\datamngr\datamngr.dll ABSENT File: c:\program files\mp3tube toolbar\mp3tubesvc.exe SUPPRIME File: c:\users\utilisateur\appdata\local\temp\cacaonew43ae3a.exe ABSENT Folder/File: c:\program files\bandoo ABSENT Folder/File: c:\program files\clickpotatolite ABSENT Folder/File: c:\program files\pricegong ABSENT Folder/File: c:\program files\resultbar ABSENT Folder/File: c:\program files\shoppingreport2 ABSENT Folder/File: c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 ABSENT Folder/File: c:\programdata\babylon ABSENT Folder/File: c:\programdata\clickpotatolitesa ABSENT Folder/File: c:\programdata\resultbar ABSENT Folder/File: c:\users\utilisateur\appdata\roaming\babylon ABSENT Folder/File: c:\users\utilisateur\appdata\roaming\cacaoweb ABSENT Folder/File: c:\users\utilisateur\appdata\roaming\clickpotatolite ABSENT Folder/File: c:\users\utilisateur\appdata\roaming\freetvradio ABSENT Folder/File: c:\users\utilisateur\appdata\roaming\offerbox ABSENT Folder/File: c:\users\utilisateur\appdata\local\babylon SUPPRIME Reboot c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll SUPPRIME File: c:\program files\yahoo!\companion\installs\cpn\yt.dll SUPPRIME Reboot c:\program files\sweetim\messenger\sweetim.exe ABSENT Folder/File: c:\programdata\sweetim ========== Récapitulatif ========== 1 : Processus mémoire 148 : Clé(s) du Registre 10 : Valeur(s) du Registre 3 : Elément(s) de donnée du Registre 27 : Dossier(s) 30 : Fichier(s) 3 : Logiciel(s) End of the scan in 03mn 28s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 06/09/2011 21:13:37 [17521] Merci pour ton aide lance_yien

Bonjour lance_yien, Merci pour votre réponse. J'ai d'abord une question : si je ne fais pas de sauvegarde avant de nettoyer est-ce que je perds mes fichiers et mes photos car j'en'ai énormément de photos et rien pour sauvegarder. Merci encore