Résolu Impossible d'installer Firefox, WLM 2009

[ninette_85]

Bonjour, je sais pas si je suis dans la bonne catégorie si je me suis trompée je m'excuse d'avance...
Alors voila mon probleme, je ne peux pas ouvrir Mozilla Firefox, j'ai pu l'installer mais quand je veux l'ouvrir il me dit qu'il a recontré un probleme et que le programme doit fermer avec comme choix envoyer ou non le rapport d'erreur, j'ai désinstaller , réinstaller mais rien ne change, j'ai pas Glary utilities, ccleaner,cleanup mais rien n'y fait !!
Pareil pour Windows live messenger je lance l'installation mais a la fin (100%) il repart au début (restauration) et il me dit qu'il n'a pas pu l'installer...
J'aurai besoin de votre aide s'il vous plait, parce que la je m'en sors plus
Ah j'oubliée je voulais désinstaller les 2 autres sessions sur mon pc mais quand je le fais il plante, la page devient blanche et c'est tout aprés si je vuex fermer sa me dit terminer le programme maintenant quelque chose comme sa....

 

[KeyserSoze]

Bonjour, tu as peut être une saleté qui perturbe ton pc.

Installe malwarebyte anti malware, mets le à jour et scanne, idem avec spybot search and destroy, en vaccinant en plus

Sinon quel est ton antivirus ?

 

[ninette_85]

Bonjour KeyserSoze, d'accord je fais sa !! Je le fais en mode normal ou sans echec ?...
J'ai Avast comme anti virus mais je pensé l'enlever et mettre AVG a la place :??:

 

[ninette_85]

Euh j'ai fais malwarebyte's mon pc a plus que des petits truc qui le perturbe apparement, je te copie le rapport :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3213
Windows 5.1.2600 Service Pack 3

22/11/2009 13:19:06
mbam-log-2009-11-22 (13-19-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 224229
Temps écoulé: 32 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 74
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b12aca14-c7fb-44fe-883b-6121fd02bad3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d53e4acf-edf5-4071-903b-f84b64fc1ea2} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Platrium (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\platriumsa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Platrium (Adware.Zango) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Patou\Application Data\Platrium (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\dwld (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\report (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\db (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\tlbrimg (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\res1 (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP360\A0091312.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP360\A0091313.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP360\A0091318.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP360\A0091319.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP360\A0091321.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\Config.xml (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\dwld\WhiteList.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\dwld\TlbrKop.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\dwld\TlbrJs.xip (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\report\aggr_storage.xml (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\report\send_storage.xml (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\db\Aliases.dbs (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\db\Sites.dbs (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\tlbrimg\platrium.png (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\tlbrimg\Native16.png (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\res1\WhiteList.dbs (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\res1\keywords1.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\res1\keywords.idx (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patou\Application Data\Platrium\cs\res1\lib.js (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

[KeyserSoze]

Tu as réparé ou pas ? Et spybot ?

 

[g225]

Faire ceci ensuite pour voir si autre chose nuit:

Télécharger combofix ici et Choisir "Enregistrer la cible sous" et maudifier le nom du fichier pour votre nick ou autre.

Vous devez être connecté pour voir les liens.

Désactiver votre antivirus et Windows Defender avant d'exécuter le logiciel en cliquant dessus.

Ensuite attendre que le log soit fini. Ne rien toucher avant la fin.

La barre démarrer peut disparaître et c'est normal.

Le rapport est dans "Bloc note" et vous pouvez le sauvegarder.

Pour me copier/coller les log dans le "Bloc note" vous allez dans le menu Édition et cliquer sur "Sélectionner tout" et retourner dans "Édition" et cliquer sur "copier"
Sur le forum, faire un click droit et cliquer sur "coller".

 

[ninette_85]

Tu as réparé ou pas ? Et spybot ?

Je sais pas...Spybot y'avait plein de fichier a supprimer et je les fais..

 

[ninette_85]

Salut G225, voila le rapport de COMBO :
Par contre j'ai pu supprimé GFX mais je peux toujours pas désinstaller "galerie de photo windows" et je peux pas isntaller WLM2009.
Et pour lancer pouvoir lancer COMBO sans l'anti virus j'ai du le désinstaller parce que je pouvais pas l'arreter, et pour le désinstaller j'ai du supprimer la clef de registre sinon sa disait que c'été impossible, vous pouvez m'aider pour WLM2009 et Galerie photo SVP

Rapport:

ComboFix 09-11-24.04 - Patou 25/11/2009 10:38.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.666 [GMT 1:00]
Lancé depuis: c:\documents and settings\Patou\Mes documents\programme d'installation\Ninette.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-25 au 2009-11-25 ))))))))))))))))))))))))))))))))))))
.

2009-11-22 11:31 . 2009-11-22 11:31 -------- d-----w- c:\program files\AVG
2009-11-22 11:17 . 2009-11-22 11:17 -------- d-----w- c:\documents and settings\Patou\Application Data\Malwarebytes
2009-11-22 11:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 11:17 . 2009-11-22 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 11:17 . 2009-11-22 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 11:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 13:53 . 2009-11-21 13:53 -------- d-----w- c:\program files\Microsoft
2009-11-21 13:02 . 2009-11-21 13:02 -------- d-----w- c:\documents and settings\Patou\Local Settings\Application Data\Opera
2009-11-21 13:01 . 2009-11-21 13:01 -------- d-----w- c:\program files\Opera
2009-11-21 12:50 . 2009-11-21 12:50 -------- d-----w- c:\program files\RegCleaner
2009-11-21 12:08 . 2009-11-21 12:08 -------- d-----w- c:\program files\CleanUp!
2009-11-21 12:00 . 2009-11-21 12:00 -------- d-----w- c:\documents and settings\Patou\Tracing
2009-11-21 11:56 . 2009-11-21 11:56 -------- d-----w- c:\program files\Unlocker
2009-11-21 11:39 . 2004-08-23 13:50 32768 ----a-w- c:\windows\system32\WooDial2000.dll
2009-11-21 11:39 . 2009-11-21 11:39 -------- d-----w- c:\windows\system32\AlertModule
2009-11-21 11:37 . 2009-11-21 11:37 -------- d-----w- c:\program files\Inventel
2009-11-21 11:24 . 2009-11-21 11:24 -------- d-----w- c:\documents and settings\Patou\Application Data\MSNInstaller
2009-11-21 11:14 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-20 12:37 . 2009-11-20 12:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-20 11:59 . 2009-11-20 11:59 1174 ----a-w- c:\windows\mozver.dat
2009-11-17 20:59 . 2009-11-17 20:59 -------- d-----w- c:\documents and settings\Patou\amsn
2009-11-12 18:51 . 2009-11-12 18:51 -------- d-----w- c:\program files\Imikimi

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 14:18 . 2004-08-05 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 16:48 . 2009-09-09 16:48 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 21:04 . 2004-08-05 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2005-07-03 02:16 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2004-08-05 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2004-08-05 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: weborama.fr\orange
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-avgrsstarter - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Vous devez être connecté pour voir les liens.

Rootkit scan 2009-11-25 10:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-11-25 10:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-25 09:44

Avant-CF: 23 490 363 392 octets libres
Après-CF: 23 457 169 408 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 63674125541B2C8E65990D2AB5B169FB

 

[g225]

Télécharge SUPERAntiSpyware Free:

Vous devez être connecté pour voir les liens.

L'installer et une icône va se créer sur le bureau. (Une tête dans un cercle rouge barré). Cliquer dessus..

L'outils va demander de se mettre à jour "update the program definitions", donc cliquez sur "yes".

Ensuite vous allez sous "Configuration and Preferences", cliquez sur le bouton "Preferences" et vous cliquez sur l'onglet "Scanning Control" Dans "Scanner Options", assurez vous que les case suivantes sont cochées:

- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining

Laissez les autres lignes décochées.

Cliquez "Close" pour sortir du "centre de contrôle".

Dans la fenêtre principale, cliquez, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, vous cochez: C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", cliquez sur "Perform Complete Scan"

Cliquez sur "next" pour lancer le scan.

A la fin du scan, vous cliquez sur "OK".

Vérifiez que tous les lignes dans la fenêtre blanche sont cochées et vous cliquez sur "Next".

Tout sera mis en quarantaine. S'il demande de redémarrer "reboot", cliquez sur "Yes".

Pour me mettre le log sur le forum:

Après le redémarrage, cliquez sur l'icône pour lancer Super Antispyware.
Cliquez sur "Preferences" puis sur l'onglet "Statistics/Logs".
Dans "scanners logs", cliquez sur "SUPERAntiSpyware Scan Log".

 

[ninette_85]

Voila pour le rapport :

SUPERAntiSpyware Scan Log

Vous devez être connecté pour voir les liens.

Generated 11/27/2009 at 09:19 PM

Application Version : 4.31.1000

Core Rules Database Version : 4314
Trace Rules Database Version: 2177

Scan type : Complete Scan
Total Scan Time : 00:57:54

Memory items scanned : 484
Memory threats detected : 0
Registry items scanned : 4682
Registry threats detected : 0
File items scanned : 108721
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Patou\Cookies\patou@bouyguestelecom.solution.weborama[3].txt
C:\Documents and Settings\Patou\Cookies\patou@smartadserver[3].txt
C:\Documents and Settings\Patou\Cookies\patou@weborama[2].txt
C:\Documents and Settings\Patou\Cookies\patou@atdmt[1].txt
C:\Documents and Settings\Patou\Cookies\patou@boursoramabanque.solution.weborama[1].txt
C:\Documents and Settings\Patou\Cookies\patou@doubleclick[1].txt
C:\Documents and Settings\Patou\Cookies\patou@tradedoubler[1].txt
C:\Documents and Settings\Patou\Cookies\patou@xiti[1].txt
C:\Documents and Settings\Patou\Cookies\patou@weborama[1].txt
C:\Documents and Settings\Patou\Cookies\patou@bluestreak[1].txt
C:\Documents and Settings\Patou\Cookies\patou@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\Patou\Cookies\patou@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Patou\Cookies\patou@smartadserver[1].txt

 

[g225]

Cela va mieux, je vois résolut ou non ?

Faire un Hijackthis maintenant:

Téléchargement de Trend Micro Hijack This et l'installer dans C:\Program Files\Trend Micro\HijackThis

Vous devez être connecté pour voir les liens.

 

[ninette_85]

Je vais essayer d'installer WLM et je vous dis sa se soir sans oublier le rapport Hijack This,merci.

 

[ninette_85]

Ah et pendant que j'y pense SuperAntiSpyware est en francais

 

[ninette_85]

Voila pour le rapport, Par contre j'ai pu installer MOZILLA jusqu'a present je pouvais plus, mais la je peux toujours pas installer Windows live messenger 2009 !!! Si tu peux m'aider a faire sa aussi s'il te plait .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:09, on 29/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patou\Bureau\HiJackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Vous devez être connecté pour voir les liens.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Vous devez être connecté pour voir les liens.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Vous devez être connecté pour voir les liens.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Vous devez être connecté pour voir les liens.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone:

Vous devez être connecté pour voir les liens.

O15 - Trusted Zone:

Vous devez être connecté pour voir les liens.

O15 - Trusted Zone:

Vous devez être connecté pour voir les liens.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

Vous devez être connecté pour voir les liens.

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6908 bytes

 

[ninette_85]

Bon bon bon... J'ai réussi a installer windows live messenger.
Ensuite j'ai voulu désinstaller GFX mais c'est pas possible j'ai une fenetre qui s'ouvre windows installer qui dit que le composant que vous essayé d'utiliser se trouve sur une ressource reseau non disponible et sa me propose de trouver le fichier gfx installeur.msi que je ne trouve pas !

Ensuite j'ai voulu désinstaller Opéra mais sa me fait la meme chose mais a la différence de trouver le dossier Opéra installeur.msi !

J'ai comme choix pour les deux de faire parcourir mais je ne sais pas ou chercher , j'imagine qui ya un soucie car c'est pas possible que cela soit si compliqués de désinstaller un programme...

 

[ninette_85]

Merci d'avoir mis résolu sur se sujet, meme si se n'était pas vraiment le cas mais j'ai réussi a me débrouiller!