Rebonsoir,

J'ai essayé d'enregistrer Antivir,mais sans succès.Toujours la meme fenetre m'indiquant un probleme..

Voici le rapport de CopmboFix:

a f..ComboFix 10-10-30.09 - nours 31/10/2010 18:11:55.12.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.952 [GMT 1:00]
Lancé depuis: C:\ComboFix.exe
Commutateurs utilisés
C:\CFScript (2).txt
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE
:: "c:\program files\mozilla Firefox\components\FireDlmgrGate.dll"
"c:\program files\mozilla Firefox\components\FototaggerMGrab.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\DATA\log\aswAr.log
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\mozilla Firefox\components\FireDlmgrGate.dll
c:\program files\mozilla Firefox\components\FototaggerMGrab.dll
c:\program files\Spyware Doctor
c:\program files\Spyware Doctor\data\ER_SD_en.dat
c:\program files\Spyware Doctor\data\ER_SD_uk.dat
c:\program files\Spyware Doctor\data\ER_SDA_en.dat
c:\program files\Spyware Doctor\data\ER_SDA_uk.dat
c:\program files\Spyware Doctor\data\FU_SD_en.dat
c:\program files\Spyware Doctor\data\FU_SD_uk.dat
c:\program files\Spyware Doctor\data\FU_SDA_en.dat
c:\program files\Spyware Doctor\data\FU_SDA_uk.dat
c:\program files\Spyware Doctor\data\TB_SD_en.dat
c:\program files\Spyware Doctor\data\TB_SD_uk.dat
c:\program files\Spyware Doctor\data\TB_SDA_en.dat
c:\program files\Spyware Doctor\data\TB_SDA_uk.dat
c:\programdata\Alwil Software
c:\programdata\Alwil Software\Avast5\log\Chest.log
c:\programdata\Alwil Software\Avast5\log\Logging.log
c:\programdata\Alwil Software\Avast5\log\usntr.log
c:\programdata\Kaspersky Lab Setup Files
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\kav.fr.msi
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts100.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts101.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts102.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts103.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts104.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts105.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts106.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts107.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts108.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts109.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts110.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts111.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts112.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts113.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts114.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts115.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts116.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts117.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts118.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts119.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts120.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts60.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts61.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts62.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts63.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts64.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts65.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts66.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts67.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts68.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts69.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts70.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts71.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts72.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts73.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts74.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts75.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts76.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts77.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts78.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts79.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts80.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts81.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts82.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts83.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts84.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts85.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts86.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts87.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts88.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts89.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts90.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts91.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts92.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts93.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts94.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts95.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts96.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts97.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts98.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts99.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch100.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch102.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch103.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch104.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch105.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch106.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch107.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch108.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch109.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch110.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch111.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch112.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch113.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch114.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch115.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch116.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch117.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch118.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch119.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch120.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch121.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch122.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch123.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch124.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch125.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch126.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch127.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch128.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch129.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch130.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch131.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch132.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch133.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch134.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch135.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch136.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch137.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch138.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch139.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch140.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch141.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch142.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch143.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch144.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch145.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch146.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch147.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch148.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch149.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch150.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch151.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch152.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch153.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch154.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch155.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch156.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch157.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch158.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch159.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch160.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch161.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch162.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch163.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch164.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch165.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch166.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch167.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch168.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch169.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch72.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch73.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch75.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch76.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch77.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch78.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch79.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch80.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch81.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch82.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch83.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch84.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch85.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch86.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch87.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch88.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch89.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch90.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch91.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch92.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch93.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch94.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch95.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch96.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch97.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch98.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch99.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\programdata\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinFraudLoad.zip
c:\programdata\SUPERAntiSpyware.com
c:\users\nours\Documents\Spybot - Search & Destroy
c:\users\nours\Documents\Spybot - Search & Destroy\advcheck.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWRDR
-------\Legacy_ASWSP
-------\Legacy_ASWTDI
-------\Legacy_AVGASCLN
-------\Legacy_AVG_ANTI-SPYWARE_DRIVER
-------\Legacy_EECTRL
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-28 au 2010-10-31 ))))))))))))))))))))))))))))))))))))
.

2010-10-31 17:16 . 2010-10-31 17:17 -------- d-----w- c:\users\nours\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-31 17:16 . 2010-10-31 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-25 15:34 . 2010-10-25 15:34 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-25 03:42 . 2010-10-25 03:42 -------- d-----w- C:\_OTM
2010-10-24 13:31 . 2010-10-24 13:32 -------- d-----w- c:\programdata\MFAData
2010-10-24 13:29 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-24 13:29 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-24 13:29 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-24 13:29 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-24 13:29 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-24 13:29 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-24 07:50 . 2010-10-24 07:50 -------- d-----w- c:\program files\Steganos Safe One
2010-10-24 07:32 . 2010-10-24 07:32 22304 ----a-w- c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
2010-10-17 18:04 . 2010-10-17 18:04 -------- d-----w- c:\program files\Convar
2010-10-17 17:57 . 2010-10-17 17:58 -------- d-----w- c:\program files\Yitsoft Software
2010-10-17 15:23 . 2010-10-17 18:15 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2010-10-17 10:00 . 2010-10-17 10:00 -------- d-----w- c:\program files\Steganos Secure FileSharing 6
2010-10-17 07:52 . 2010-10-17 07:52 -------- d-----w- c:\program files\Conduit
2010-10-17 07:52 . 2010-10-21 16:28 -------- d-----w- c:\program files\Softonic_France
2010-10-16 06:30 . 2005-10-17 16:13 447488 ----a-w- c:\windows\system32\splus.cpl
2010-10-15 13:39 . 2010-10-15 13:47 -------- d-----w- c:\programdata\RapidSolution
2010-10-15 13:35 . 2010-10-15 13:35 -------- d-----w- c:\users\nours\AppData\Local\RapidSolution
2010-10-07 18:03 . 2010-10-07 18:03 -------- d-----w- c:\program files\Common Files\Skype
2010-10-07 16:08 . 2010-10-07 16:08 -------- d-----w- c:\program files\Digital Photo Software
2010-10-07 16:08 . 2009-12-16 02:30 66800 ----a-w- c:\windows\UnDeployV.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-11-29 07:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-05-23 05:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2008-06-02 19:08 . 2008-06-02 19:08 1953480 ----a-w- c:\program files\PPVIEWER.EXE
.

((((((((((((((((((((((((((((( SnapShot_2010-10-26_17.44.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-03 08:30 . 2010-10-31 15:18 85708 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-10-31 15:18 78774 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 16:42 . 2010-10-31 15:18 13278 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1472984586-1855196343-460404620-1000_UserData.bin
+ 2010-10-31 17:17 . 2010-10-31 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-10-26 15:27 . 2010-10-26 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-31 17:17 . 2010-10-31 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 690594 c:\windows\System32\perfh00C.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 690594 c:\windows\System32\perfh00C.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 609944 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 609944 c:\windows\System32\perfh009.dat
- 2006-11-02 15:48 . 2010-10-23 12:58 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 15:48 . 2010-10-31 15:21 117366 c:\windows\System32\perfc00C.dat
+ 2006-11-02 10:33 . 2010-10-31 15:21 103726 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-10-23 12:58 103726 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-10-21 16:28 2735200 ----a-w- c:\program files\Softonic_France\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSof1.dll" [2010-10-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Google Update"="c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"DriverMax_RESTART"="" [BU]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-09-11 187936]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-12-31 1134592]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2007-11-27 236520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-31 01:45 3399727 ----a-w- c:\users\nours\Documents\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glowria]
2009-02-26 12:56 933992 ----a-w- c:\users\nours\Documents\Glowria\Glowria.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 12:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-07-13 20:24 178280 ------w- c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1472984586-1855196343-460404620-1000]
"EnableNotificationsRef"=dword:00000002

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-08-08 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-08-08 17408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2010-10-24 22304]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys [2007-11-27 372584]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

.
Contenu du dossier 'Tâches planifiées'

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb70c2ef39aa4c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 04:49]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1472984586-1855196343-460404620-1000Core1cb6db12c43c658.job
- c:\users\nours\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.ustart.org
uInternet Settings,ProxyOverride = *.local
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Grab To Fototagger - c:\users\nours\Documents\FotoTagger\grab.htm
IE: Tout télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\users\nours\Documents\Free Download Manager\dlfvideo.htm
IE: uStart Search - c:\users\nours\AppData\Local\addtoustart\addtoustart.dll/202
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - c:\program files\Tomato\YouTube Video Downloader\IEPage.html
Trusted Zone: glowria.fr
FF - ProfilePath - c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - component: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\users\nours\Documents\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\nours\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\Firefox\Profiles\c24s1ep3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\nours\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - user.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 18:19
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP000000298A78C4DA580E98DA 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(8724)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-10-31 18:21:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-31 17:21
ComboFix2.txt 2010-10-31 15:34
ComboFix3.txt 2010-10-26 17:50
ComboFix4.txt 2010-01-09 12:13

Avant-CF: 70 857 515 008 octets libres
Après-CF: 75 734 962 176 octets libres

- - End Of File - - CACC40067DD3933494C479209FD241B8

donne moi le message exactement que tu obtiens en essayant d'installer un antivirus car là il ne reste plus rien ou pas grand chose...et tu es sans protection aucune il faut absolument qu'on arrive à installer un antivirus sur cette machine!!

Je viens donc de réessayer de lancer Avira Antivir et voici le message de défaut:

"Installation of the Microsoft Runtime Redistributable Kit has failed.

The probable cause is Windows update running in parallel.

Please check whether a Windows update is in progress and run Avira Antivir Personnal Free Antivirus again a little later.

If the installation fails again,please contact Avira support.

Set up will close."

Bonne soirée.

donc si je comprends bien, il t'indique que windows update est en train de fonctionner en même temps et que c'est ce qui empêche l'installation.

désactive windows update et tente à nouveau l'installlation d'antivir

si cela ne fonctionne toujours pas, lance windows update et regarde quelle mise à jour t'est proposée et installe la, puis essaie à nouveau d'installer ton antivirus.

dis moi ...

Bonjour,

Il y a vraiment toujours quelque chose sur ce satané pc.Effectivement ,je n'ai jamais pu effectuer de mises à jour ces derniers temps,mais ne m'en suis pas inquiété!!

A présent je ne peux enregistrer les mises à jour de Windows Update !!

Erreur affichée :Windows n'a pu rechercher les mises à jour.

Code erreur : 8007000B

Pour réparer cette erreur regarde ici

http://www.vista-xp.fr/forum/topic382.html

re

Bien important avant d'applique le fix pour l'erreur 8007000B!!!!!!!!!

REAMMORCER L'ORDINATEUR AVEC UNE SESSION NETTE! (REBOOT)

Ne pas ouvrir d'autres logiciels autre que le "Point de Commande" (cmd) en mode administrateur

Sinon vous allez voir le message suivant lorsque vous tenterez le fix:
FICHIER INTROUVABLE

Redémarrez et faites les mises à jour

source

http://www.commentcamarche.net/forum/affich-3103096-vista-erreur-8007000b

Rebonjour,

Et bien....TOUT est rentré dans l'ordre !!!Une fois installé windows update,j'ai pu installer aussi un antivirus (Avira antivir)...sans probleme..

Je suis vraiment désolé de t'avoir fait perdre pas mal de temps pour çà,mais ce qui à été éffectué, à quand meme été très utile je pense.On a pas mal "nettoyé" le système...

Aussi je te remercie sincèrement pour ton aide précieuse et surtout ...ta patience envers un neophite de mon genre !!

Je te souhaite une bonne journée et ...à une prochaine fois peut- etre (pas trop tot tout de meme ,celà voudrai dire que j'ai des soucis!!)

Merci encore.

JC

attends un peu stp!! il reste quelques manips à faire

1/

1/ Ferme toutes les applications en cours, puis télécharge ToolsCleaner (de A.Rothstein et Dj Quiou) sur ton Bureau :

• Double clique sur ToolsCleaner2.exe -> clique sur -> Recherche et laisse le scan se terminer.
• Clique sur -> Suppression pour finaliser
• Clique sur -> Quitter, pour que le rapport puisse se créer.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
• Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
  
  • Ctrl+Alt+Supp pour ouvrir le Gestionnaire des tâches.
  • Puis rends toi à l'onglet "Processus", clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
  • Tape : explorer.exe et valide. Cela fera ré-apparaître ton Bureau.

2/

maintenant que tu as installé antivir, fais un scan de ton Pc et poste son rapport stp, il faut vérifier qu'aucune coch n'est revenu s'installer pendant la période où tu as été sans antivirus!!

3/

installe ou réinstalle et mets à jour malwarebytes et scanne ton pc scan long, poste son rapport

4/

suis ce tutoriel et poste le rapport obtenu

http://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm

5/

ensuite nous parlerons protection de ce PC!

re,

Bon ,j'ai été un peu vite!!

Toolscleaner ne répond pas !!

Voici le rapport d'Avira Antivir:

Avira AntiVir Personal
Report file date: lundi 1 novembre 2010 14:12

Scanning for 2992847 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : nours
Computer name : PC-DE-NOURS

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:02:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 11:02:23
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 11:02:31
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 11:02:39
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 11:02:39
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 11:02:39
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 11:02:39
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 11:02:39
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 11:02:39
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 11:02:40
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 11:02:41
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 11:02:41
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 11:02:42
VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 11:02:42
VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 11:02:43
VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 11:02:43
VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 11:02:43
VBASE022.VDF : 7.10.12.175 142848 Bytes 11/10/2010 11:02:43
VBASE023.VDF : 7.10.12.198 131584 Bytes 13/10/2010 11:02:44
VBASE024.VDF : 7.10.12.216 133120 Bytes 14/10/2010 11:02:44
VBASE025.VDF : 7.10.12.238 137728 Bytes 18/10/2010 11:02:44
VBASE026.VDF : 7.10.12.254 129536 Bytes 20/10/2010 11:02:44
VBASE027.VDF : 7.10.13.22 137728 Bytes 22/10/2010 11:02:45
VBASE028.VDF : 7.10.13.39 124416 Bytes 26/10/2010 11:02:46
VBASE029.VDF : 7.10.13.62 141312 Bytes 28/10/2010 11:02:47
VBASE030.VDF : 7.10.13.73 137216 Bytes 29/10/2010 11:02:47
VBASE031.VDF : 7.10.13.76 36864 Bytes 01/11/2010 11:02:47
Engineversion : 8.2.4.86
AEVDF.DLL : 8.1.2.1 106868 Bytes 01/11/2010 11:02:53
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 01/11/2010 11:02:53
AESCN.DLL : 8.1.6.1 127347 Bytes 01/11/2010 11:02:52
AESBX.DLL : 8.1.3.1 254324 Bytes 01/11/2010 11:02:54
AERDL.DLL : 8.1.9.2 635252 Bytes 01/11/2010 11:02:52
AEPACK.DLL : 8.2.3.11 471416 Bytes 01/11/2010 11:02:52
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 01/11/2010 11:02:51
AEHEUR.DLL : 8.1.2.37 2974072 Bytes 01/11/2010 11:02:51
AEHELP.DLL : 8.1.14.0 246134 Bytes 01/11/2010 11:02:49
AEGEN.DLL : 8.1.3.23 401779 Bytes 01/11/2010 11:02:49
AEEMU.DLL : 8.1.2.0 393588 Bytes 01/11/2010 11:02:49
AECORE.DLL : 8.1.17.0 196982 Bytes 01/11/2010 11:02:48
AEBB.DLL : 8.1.1.0 53618 Bytes 01/11/2010 11:02:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:, H:, I:, J:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 1 novembre 2010 14:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'RpcAgentSrv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'IMApp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ndasmgmt.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!

Starting to scan executable files (registry).
The registry was scanned ( '686' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\ProgramData\MFAData\pack\GUIx.cab
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
--> avgtray.exe
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
C:\ProgramData\MFAData\pack\bins\f10guix1144gk.bin
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
--> data
[1] Archive type: BZ2
--> 0000000B-90893D4C
[2] Archive type: CAB (Microsoft)
--> avgtray.exe
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\pic.exe
[DETECTION] Is the TR/Dldr.FraudLoad.hda Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{23AA27CC-FAA2-4A6D-9221-EB6A7206BA4E}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{26A91944-6CAE-4741-B0A9-8475307D682C}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{53B6C1EF-0793-4FAB-BD4B-B5830EB8B4BE}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{73157563-0538-43D5-A74F-ACC44062F683}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{8A8C49AB-10E7-4A49-8FEF-19D8C13C8232}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{91E38F36-5D39-4697-B1CE-FD3299548740}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{97B7323E-3E73-4BA3-9DAA-437CB91A83AB}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{CDA161AD-3A30-49E6-BAA7-197D4DDDEEDD}\pic.exe
[DETECTION] Is the TR/Oficla.BK Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{DD4EB4A9-EEDF-4262-BB20-EFEEC355D3CF}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{E1E666C9-FF7F-432F-B4E6-EC87F15B58BA}\pic.exe
[DETECTION] Is the TR/Dldr.Genome.bbxc Trojan
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{F73155FD-A068-4C7F-B235-D467AB80E39B}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\nours\DoctorWeb\Quarantine\ComboFi0.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan

[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\pev.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan
Begin scan in 'D:\' <DATA>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.

Beginning disinfection:
C:\Users\nours\DoctorWeb\Quarantine\ComboFi0.exe
[DETECTION] Is the TR/PWS.110080.5 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49d06959.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{F73155FD-A068-4C7F-B235-D467AB80E39B}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '514d46f0.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{E1E666C9-FF7F-432F-B4E6-EC87F15B58BA}\pic.exe
[DETECTION] Is the TR/Dldr.Genome.bbxc Trojan
[NOTE] The file was moved to the quarantine directory under the name '03121c18.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{DD4EB4A9-EEDF-4262-BB20-EFEEC355D3CF}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
[NOTE] The file was moved to the quarantine directory under the name '652553da.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{CDA161AD-3A30-49E6-BAA7-197D4DDDEEDD}\pic.exe
[DETECTION] Is the TR/Oficla.BK Trojan
[NOTE] The file was moved to the quarantine directory under the name '20a17ee4.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{97B7323E-3E73-4BA3-9DAA-437CB91A83AB}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5fba4c85.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{91E38F36-5D39-4697-B1CE-FD3299548740}\pic.exe
[DETECTION] Is the TR/Spy.ZBot.dmi Trojan
[NOTE] The file was moved to the quarantine directory under the name '130260cf.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{8A8C49AB-10E7-4A49-8FEF-19D8C13C8232}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6f1a209f.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{73157563-0538-43D5-A74F-ACC44062F683}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '42400fd2.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{53B6C1EF-0793-4FAB-BD4B-B5830EB8B4BE}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b283448.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{26A91944-6CAE-4741-B0A9-8475307D682C}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '37741878.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\{23AA27CC-FAA2-4A6D-9221-EB6A7206BA4E}\pic.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '46cd21ed.qua'.
C:\Users\nours\AppData\Local\IM\Identities\{0AE4B873-36E8-4979-B87C-3C61CDB38B7D}\Message Store\Attachments\pic.exe
[DETECTION] Is the TR/Dldr.FraudLoad.hda Trojan
[NOTE] The file was moved to the quarantine directory under the name '48d7112a.qua'.
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0dea6858.qua'.
C:\Qoobox\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip.vir
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '04f86cf7.qua'.
C:\ProgramData\MFAData\pack\bins\f10guix1144gk.bin
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d7b75e2.qua'.
C:\ProgramData\MFAData\pack\GUIx.cab
[DETECTION] Is the TR/Spy.ZBot.KR.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '70660c73.qua'.


End of the scan: lundi 1 novembre 2010 15:23
Used time: 49:38 Minute(s)

The scan has been done completely.

23367 Scanned directories
472801 Files were scanned
15 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
17 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
472784 Files not concerned
4659 Archives were scanned
0 Warnings
17 Notes

Et le rapport de Malwarebyte:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5013

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

01/11/2010 15:36:53
mbam-log-2010-11-01 (15-36-53).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149025
Temps écoulé: 6 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Eset online impossible d'enregistrer les lises a jour donc pas de lancement !!

bonsoir,

Re,

Il a fallu que j'aille dans "exécuter"%programfiles%,pour retrouver ce dossier !!!

Voici le rapport d'ESET OS:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=66fab3210a9e2f4aa34c6f2625e4042e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-01 05:52:27
# local_time=2010-11-01 06:52:27 (+0100, Paris, Madrid)
# country="France"
# lang=1036
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 684280 684280 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 13444 47718614 16079 0
# compatibility_mode=5892 16776573 100 100 29153278 126161849 0 0
# compatibility_mode=8192 67108863 100 0 2788 2788 0 0
# scanned=169617
# found=1
# cleaned=0
# scan_time=4826
C:\Downloads\install_5677.exe une variante probable de Win32/Agent.COUVVMQ cheval de troie 00000000000000000000000000000000 I

recherche et supprime

C:\Downloads\install_5677.exe

démarrer / executer

copie colle

ComboFix /Uninstall

comme tu l'as constaté tu étais gravement infecté par divers trojans Zbot des adawres et autres joyeusetés, je te conseille de changer tous tes mots de passe et si tu payes par internet de changer tes codes, et bien surveiller tes comptes au cas où!

1/ Ferme toutes les applications en cours, puis télécharge ToolsCleaner (de A.Rothstein et Dj Quiou) sur ton Bureau :

• Double clique sur ToolsCleaner2.exe -> clique sur -> Recherche et laisse le scan se terminer.
• Clique sur -> Suppression pour finaliser
• Clique sur -> Quitter, pour que le rapport puisse se créer.
• Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
• Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
  
  • Ctrl+Alt+Supp pour ouvrir le Gestionnaire des tâches.
  • Puis rends toi à l'onglet "Processus", clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
  • Tape : explorer.exe et valide. Cela fera ré-apparaître ton Bureau.

.
2/ Tu peux par contre, garder Malwarebytes'Anti-malware et CCleaner. Utilise CCleaner tous les soirs avant de couper le PC (ne prends que quelques secondes!).

N'oublie pas de vacicner tes clés USB, disques durs externes etc...

Cela permet d'éviter un certain nombre d'infections utilisant ce moyen pour se propager.

Tu peux lire cet article qui explique les risques d'infections par supports amovibles.
Tu peux télécharger USBSet de Loup Blanc. Voici un tuto pour configurer correctement l'outil préventif. Comment c'est le cas pour tout vaccin, il n'évitera pas toutes les infections par ce type de support mais permet de réduire le facteur de risques en configurant correctement la machine et la clé.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

3/ J'aimerais que tu fasses une petite chose pour moi; modifie le titre de ton sujet. Comme on connait l'infection,
je te propose de le modifier afin de faciliter la lecture et la recherche, pour tous les autres astuciens/nes.

Replace-toi sur ton premier message du sujet, clique sur ce bouton -> et modifie ton titre de cette manière :
divers trojans Zbot et impossible d'installer un antivirus et clique sur "Publier le message". Merci!

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
4/

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
Cela englobe les mises à jour de windows, du navigateur, de Java, des lecteurs pdf, et notamment reader.

Pour Java, il est possible d'utiliser Javara. Cela permet d'installer la dernière version De Java et d'effacer les anciennes versions.

Pour le lecteur pdf, on peut utiliser des lecteurs alternatifs plus légers, comme Sumatra pdf, à la place de reader.

Pour tester les vulnérabilités et les logiciels non à jour, il est possible de se rendre sur le site de Secunia et de faire une analyse de la machine.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
5/

/!\ Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.

Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.

Ré-activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarre l'ordinateur.

Comment faire pour désactiver la Restauration du système sous XP

Vider les points de Restauration système sous Vista

Activer ou désactiver la Restauration du système sous Windows 7

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

6/ Il est très important d'adopter un logiciel permettant de créer des images de son système. En cas de gros plantage, de défaillance matérielle, d'infection incurable, on peut ainsi en quelques minutes remettre sa machine sur pied à partir d'un CD de démarrage spécialement conçu à cet effet. On peut alors conserver une image disque sur sa machine et sur un support extérieur (Disque dur externe). Il existe des solutions commerciales payantes de qualité (Acronis true type, Ghost, Paragon), mais aussi des versions bridées gratuites de ces outils.

Voici DiskWizard, qui est une version bridée gratuite du logiciel Acronis. Elle s'utilise pour les disques de marque Seagate.
Téléchargement : Diskwizard
Tuto : Diskwizard

Pour les disques Western Digital :
Téléchargement : Acronis True Image WD Edition
Tuto : Acronis True Image WD Edition

Pour les disques Maxtor :
Téléchargement : Maxblast
Tuto : Maxblast

Il y a aussi DriveImage, qui offre des fonctionnalités intéressantes. Voici un tuto bien sur le site libellule.
Enfin, on peut aussi citer Drive Backup 9 free edition.

Pour windows7, il y a l'outil natif intégré à cette architecture qui est décrit ici.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

/!\ Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...

Sécuriser son PC +WIFI (versions "hot" & "light") : http://forum.pcastuces.com/sujet.asp?f=25&s=25892

Prévention et protection - Comment vous prémunir : http://forum.pcastuces.com/sujet.asp?f=25&s=36131

Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

S'il te plait, note ton sujet [Résolu] en cliquant sur Marquer comme résolu, à gauche, en bas de la page ou

dans la barre de titre de ton sujet. Merci !

Prudence sur Internet et parle de PC Astuces autour de toi!

Bon surf et sois prudent !

Bonjour,

Je vais effectuer toutes ces dernières manip ce soir au "calme"

Par contre je n'ai pas trop compris celle pour supprimer le Trojan:

install_5677.exe,,car tu parles de "demarrer/executer,et copie/colle

Effectivement je l'ai bien dans "dowload",mais dois- je le supprimer simplement ou à l'aide de Combofix?Je ne veux pas faire d'erreur juste à la fin...

Une autre et dernière question:depuis que j'ai enregistré les dernières versions de Windows update,je ne retrouve plus "Program Files" dans C.Pour le retrouver je dois passer par "executer" %programfiles%.

Comment le replacer dans C ?

Merci et bonne journée

1/

démarrer / executer,

démarrer / executer

copie colle

ComboFix /Uninstall

c'est une autre manip que la suppression manuelle du fichier comme demandé au-dessus

2/

%programfiles% = C:\Progam Files

démarrer/ executer

tape regedit

suis l'arborescence et recherche cette hkey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

sur le dernier dossier CurrentVersion regarde à droite, ProgramFilesDir

tu dois avoir cela

si non fais moi une image de ce que tu as

Re,

1) Voici le rapport de TCleaner:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\ZHPdiag.exe: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\catchme.exe: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\mbr.log: trouvé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\mbr.exe: trouvé !
C:\Downloads\Software\OTM.exe: trouvé !
C:\Downloads\Software\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\nours\Desktop\HijackThis.lnk: trouvé !
C:\Users\nours\Desktop\ComboFix.exe: trouvé !
C:\Users\nours\Desktop\catchme.log: trouvé !
C:\Users\nours\Desktop\ZHPDiag: trouvé !
C:\Users\nours\Desktop\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Users\nours\Desktop\ZHPDiag\catchme.exe: trouvé !
C:\Users\nours\Desktop\ZHPDiag\mbr.log: trouvé !
C:\Users\nours\Desktop\ZHPDiag\mbr.exe: trouvé !
C:\Users\nours\Downloads\ComboFix.exe: trouvé !
C:\Users\nours\Downloads\HJTInstall.exe: trouvé !
C:\Users\nours\Downloads\Rsit.exe: trouvé !

---------------------------------
--> Suppression:

C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\ZHPdiag.exe: supprimé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\catchme.exe: supprimé !
C:\Downloads\Software\OTM.exe: supprimé !
C:\Downloads\Software\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\nours\Desktop\HijackThis.lnk: supprimé !
C:\Users\nours\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Users\nours\Desktop\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Users\nours\Desktop\ZHPDiag\catchme.exe: supprimé !
C:\Users\nours\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Users\nours\Downloads\HJTInstall.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\mbr.log: supprimé !
C:\$RECYCLE.BIN\S-1-5-21-1472984586-1855196343-460404620-1000\$RJUXQSO\mbr.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\nours\Desktop\catchme.log: supprimé !
C:\Users\nours\Desktop\ZHPDiag\mbr.log: supprimé !
C:\Users\nours\Desktop\ZHPDiag\mbr.exe: supprimé !
C:\Users\nours\Downloads\Rsit.exe: supprimé !
C:\Combofix: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\nours\Desktop\ZHPDiag: supprimé !

2) au niveau de Program files j'ai la meme image que toi sur l'éditeur de registre.

Bonne soirée

donc c'est tout bon!

bonne continuation

re,

Merci encore pour ton aide ,et bon courage pour la suite..heureusement que vous etes là !!!

Juste de quoi t'ennuyer un peu ...Au sujet de program files ,comment le replacer directement dans C sans passer par "executer"%programfiles%" ?

Pas urgent !!!

Bonne soirée

la solution était de changer dans la hkey mais puisque tu me dis que tu as comme sur mon image...inutile d'y toucher!

il s'agit d'une colle!

une autre solution serait de faire ceci..

http://www.vista-xp.fr/forum/topic346.html

dis moi si cela a fonctionné.

Bonsoir,

J'ai suivi ce que tu m'a préconisé,mais rien n'y a fait.Ce n'est pas grave ,je trouverai bien un jour!!!

Bonne soirée

vois sur le forum vista, tu y auras peut être plus de réponses....désolée de ne pouvoir faire plus!

bonne continuation