Demande d'aide

[erik775]

bonjour,

mon anti virus avg me trouve un rookit , sans qu'il puisse sans debarassé .bref voici le rapport de combo fixe si quelqu'un peut m'aider

merci beaucoup

 

ComboFix 13-09-22.01 - eric 23/09/2013 14:12:43.5.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.1022.392 [GMT 2:00]
Lancé depuis: c:\users\eric\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-08-23 au 2013-09-23 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-23 12:37 . 2013-09-23 12:37 -------- d-----w- c:\users\tetard02\AppData\Local\temp
2013-09-23 12:37 . 2013-09-23 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-21 03:11 . 2013-09-23 12:37 -------- d-----w- c:\users\eric\AppData\Local\temp
2013-09-20 13:13 . 2013-09-20 13:13 -------- d-----w- c:\users\eric\AppData\Roaming\CompuClever
2013-09-20 13:13 . 2013-09-20 14:23 -------- d-----w- c:\program files\CompuClever
2013-09-20 12:42 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2013-09-19 13:46 . 2013-09-19 13:46 77528 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-19 13:05 . 2013-09-19 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-19 13:05 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-19 12:12 . 2013-09-19 12:12 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-19 05:26 . 2013-09-19 05:26 -------- d-----w- c:\users\eric\AppData\Roaming\FixZeroAccess
2013-09-11 16:11 . 2013-09-11 16:11 -------- d-----w- c:\users\tetard02\AppData\Local\Avg2014
2013-09-10 19:46 . 2013-09-10 19:46 -------- d-----w- c:\users\eric\AppData\Roaming\AVG2014
2013-09-10 19:31 . 2013-09-10 19:41 -------- d-----w- c:\programdata\AVG2014
2013-09-10 19:24 . 2013-09-15 13:05 -------- d-----w- c:\users\eric\AppData\Local\Avg2014
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-01 17:16 . 2013-09-08 06:43 -------- d-----w- c:\users\eric\AppData\Roaming\Garmin
2013-09-01 17:02 . 2013-09-08 06:43 -------- d-----w- c:\users\eric\AppData\Local\Garmin
2013-08-28 20:14 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-24 15:24 . 2013-08-24 15:24 -------- d-----w- c:\users\eric\AppData\Roaming\FreeCDRipper
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 16:34 . 2012-09-14 21:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-10 16:34 . 2012-09-11 15:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-22 21:37 . 2013-08-22 21:37 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-08-22 20:56 . 2013-08-22 20:56 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-22 20:56 . 2013-08-22 20:56 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-22 20:56 . 2013-08-22 20:56 146232 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-08-20 20:54 . 2013-08-20 20:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-15 06:22 . 2012-12-07 06:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-01 14:08 . 2013-08-01 14:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 14:06 . 2013-08-01 14:06 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 14:06 . 2013-08-01 14:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 14:05 . 2013-08-01 14:05 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-25 02:32 . 2013-08-14 15:51 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26 . 2013-08-14 15:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25 . 2013-08-14 15:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23 . 2013-08-14 15:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23 . 2013-08-14 15:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22 . 2013-08-14 15:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41 . 2013-08-14 15:44 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-14 15:44 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-14 15:44 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 15:44 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:55 . 2013-08-14 15:44 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:20 . 2013-08-14 15:45 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-14 15:45 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 15:45 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 15:45 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-14 15:44 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2007-08-01 09:34 . 2013-08-17 11:09 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-15 06:22 3122864 ----a-w- c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-15 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 4472832]
"Skytel"="Skytel.exe" [2007-05-25 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-01 243200]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-08-15 2314416]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-10-24 21:08 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2006-10-24 07:19 46728 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-10-26 23:18 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-01-11 09:40 232184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 16:34]
.
2013-06-20 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-08-01 16:38]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:11]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:11]
.
2013-09-23 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-01 16:34]
.
2013-09-22 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-15 18:23]
.
.
------- Examen supplémentaire -------
.
uStart Page =

uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\ozz3fcyr.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google
FF - user.js: extentions.y2layers.installId - fa1346ef-822a-47fc-b21f-061666a8c7bb
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17425&tt=030912_5ftt_3712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def

FF - user.js: extensions.BabylonToolbar.id - 6cba5aa00000000000000015af2e85a1
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15595
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.129:22
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - std
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - 6cba5aa00000000000000015af2e85a1
FF - user.js: extensions.claro.instlDay - 15595
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.19:35
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false


FF - user.js: extensions.funmoods.id - 001D600012D55AA0
FF - user.js: extensions.funmoods.instlDay - 15695
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:26
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub12
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub12
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - true
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitatelechargers');
user_pref('extensions.dealply.installId', 'v24300291729850268536482012091308134723');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '3');
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-23 14:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Heure de fin: 2013-09-23 14:42:16
ComboFix-quarantined-files.txt 2013-09-23 12:42
ComboFix2.txt 2013-09-22 06:51
ComboFix3.txt 2013-09-22 05:32
ComboFix4.txt 2013-09-22 04:57
.
Avant-CF: 3 027 759 104 octets libres
Après-CF: 2 997 452 800 octets libres
.
- - End Of File - - 524E174BD3CFE1B0419BAE9002F9C616
5C616939100B85E558DA92B899A0FC36

[bernard53]

Bonjour

il reste des lignes non désirées donc ceci s.t.p.

Télécharge AdwCleaner d'Xplode sur ton bureau.

 

Ensuite :

Valide le mode Scanner

 

 

Puis : valide Rapport et si des intrusions sont détectées valide alors le mode Nettoyer

 

Possibilité après ce lancement d’une demande de redémarrage pour valider toutes les suppressions.

 

- Au redémarrage, un rapport s'ouvrira. Postes le sur le forum.

 

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[s1].txt

Mets les rapports ici car il prend bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

 

Ensuite:

1) Télécharge Junkware Removal Tool sur le bureau: << Junkware Removal Tool Download >>

 

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.

 

Sous Vista/7/8, clic droit/exécuter en tant qu'administrateur.

 

Poste le rapport généré à la fin de l'analyse.

 

NB: Le bureau disparaitra un instant, c'est normal.

 

 

 

 

Puis

 

L'installation va créer raccourcis (ZHPDiag et ZHPFix et MBRchek) sur ton bureau

Double-clique ensuite sur l’icône ZHPDiag pour le lancer l’analyse puis :

A la fin du scan le rapport est sauvegardé directement sur ton bureau. ZHPDiag.txt

Mets le rapport ici car il prend bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

[erik775]

bonjour et merci pour l'aide ,voici les liens http://cjoint.com/?CICvGOlB6XL

 

 

http://cjoint.com/?CICvP0jLlT

[bernard53]

ok tu as bien tout supprimer avec AdwCleaner ?

 

Ceci en plus.

* Copie tout le texte présent que tu télécharges dans le lien ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C)

 

http://2g7ywn.1fichier.com/

 

Puis Lance ZHPFix depuis le raccourci du bureau.

Valides l’icône IMPORTER

 

puis valide GO dans cette fenêtre.

 

Je pense que tu as ve ceci aussi sur ton pc.System drive C: has 3 GB (2%) free of 141 GB

il faut absolument faire un peu d'espace.

Modifié le 29 septembre 2013 par bernard53

[erik775]

merci bernard 53

Modifié le 3 octobre 2013 par erik775

[bernard53]

Tout va bien alors?

[erik775]

bonjour

question virus je pense que oui plus rien n'est detecté,le seul probleme c'est que maintenant il met impossible de faire les mmises a jour avec update et mon anti virus code erreur80096001 jai regarder et essayé tout ce que jai trouvé sur les forums mais rien ne marche

[bernard53]

as tu fait ceci

Télécharge WinUpdateFix de Xplode sur le bureau

http://general-changelog-team.fr/fr/downloads/view.download/11

Lance-le en cliquant sur l'icône, il ne nécessite pas d'installation.

Sous Vista/7, faire un clic droit sur l'icône et Exécuter en tant qu'administrateur.

 

Clique sur le bouton Démarrer pour les trois cadres Services - BITS - Service de cryptographie si nécessaire.

Coche les cases devant les lignes suivantes (en gras) en appuyant sur Tous :

 

 

-Effacer le catalogue des mises à jour

-Réinscire les DLL

-Vider le dossier SoftwareDistribution

-Réinitialiser les paramètres Winsock

-Supprimer les fichiers temporaires

-Réinitialiser les descripteurs de sécurité

-Supprimer le proxy

-Restaurer les policies

-Effacer la file d'attente BITS

 

 

 

 

Clique sur le bouton Exécuter

Un message t'avertira de la réussite de l'opération.

Il te sera demandé de redémarrer dans le cas d'une réinitialisation des paramètres Winsocks, fais-le en validant par OK

 

 

Pour tester le résultat :

Sous Vista/7 : Dans le panneau de configuration, Windows Update, clique sur Rechercher des mises à jour.

 

Puis ceci.

 

 

• Télécharge Services Repair de Eset et enregistre le fichier sur ton Bureau
• Ferme toutes les applications, y compris ton navigateur
• Double-clique sur ServicesRepair.exe pour lancer l'application
  /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
• Valide par Yes pour confirmer le lancement de l'outil
• Laisse l'outil travailler (cela peut prendre quelques minutes)
• Valide par Yes pour redémarrer le PC
• Au redémarrage, le dossier CC Support a été crée sur ton bureau
• Poste le rapport SvcRepair.txt, qui se trouve dans CC Support\Logs dans ta prochaine réponse

Modifié le 6 octobre 2013 par bernard53

[erik775]

bonjour voici le rapport

 

Log Opened: 2013-10-06 @ 14:31:51
14:31:51 - -----------------
14:31:51 - | Begin Logging |
14:31:51 - -----------------
14:31:51 - Fix started on a WIN_VISTA X86 computer
14:31:51 - Prep in progress. Please Wait.
14:32:04 - Prep complete
14:32:04 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
14:32:22 - Services Repair Complete.
14:32:37 - Reboot Initiated

j'ai retenté mais les mises a jours me marque toujours code erreur 80096001

Modifié le 6 octobre 2013 par erik775

[bernard53]

essai ceci.

http://support.microsoft.com/kb/947821