Fichier endommagé ou illisible, exécutez CHKD

Bennyweb Messages postés 258 Statut Membre -  
brisco21 Messages postés 1 Date d'inscription   Statut Membre Dernière intervention   -
Bonsoir à tous,
Suite à plusieurs virus apparemment kaspersky internet security a nettoyé le pc mais depuis lorsque je lance certains programmes...ils ne démarrent pas et une info-bulle indique le fichier ou le répertoire C: est endommagé et illisible.Exécutez CHKDSK.
Depuis lors l'écran bleu apparaît à chaque démarrage du pc et la commande s'éxécute sans me rendre l'accès aux programmes ( picasa.exe, ccleaner.exe notamment)
Que puis-je faire pour un retour à la normale???
Grand merci d'avance à tous!!!
Je joins un hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:34, on 7/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SFC.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-436605507-1737587137-3253609053-1005\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBE.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-436605507-1737587137-3253609053-1005\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SFC.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - https://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10560 bytes
Configuration: Windows XP Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. Bennyweb Messages postés 258 Statut Membre 1
     
    Merci je vais tester cela!!!!
    0
  2. Bennyweb Messages postés 258 Statut Membre 1
     
    Bonjour,
    j'ai effectué la manip mais le problème est toujours là!
    Pour la réinstallation des logiciels, j'ai beau les désinstaller et réinstaller le problème persiste.
    Que faire????
    Merci d'avance!
    0
  3. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ok bizarre ton problème peux tu poster un RSIT , merci

    • Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
    • Double clique sur RSIT.exe pour lancer l'outil.
    * laisses le chois 1 month
    • Clique sur "Continue" à l'écran Disclaimer.
    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    ps:Les rapports se trouvent à cet endroit:

    C:\rsit\info.txt

    C:\rsit\log.txt

    Tutoriel pour t'aider

    0
  4. Bennyweb Messages postés 258 Statut Membre 1
     
    Bonjour,

    Voici les deux rapports!
    %erci pour cette aide!
    Benny

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Maison at 2010-01-09 10:03:31
    WIN_XP Service Pack 3
    System drive C: has 17 GB (15%) free of 114 GB
    Total RAM: 1022 MB (54% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:03:52, on 9/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Maison\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Maison.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBE.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SFC.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-436605507-1737587137-3253609053-1005\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBE.tmp" /EF "HKCU" (User '?')
    O4 - HKUS\S-1-5-21-436605507-1737587137-3253609053-1005\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SFC.tmp" /EF "HKCU" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, je vois rien de spécial sur les rapport tu fais ce qui suit pour voir si lui il trouve

    Desactives la protection residente de ton antivirus et ton parefeu et anti-spyware si present , le temps du scan

    passes List&Kill'em

    télécharges le sur le bureau : http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

    dézipes le avec un clique droit et extraire tous ou ici !!

    il ne demande pas d'installation tu doubles cliques dessus " pour vista clique droit et en tant que administrateur "

    tu mets f pour français et valides avec entrée

    tu choisis 1= Mode Recherche et entrée tu le laisse travailler et tu postes le rapport

    il est sinon conservé à la racine du disque système

    0
  7. Bennyweb Messages postés 258 Statut Membre 1
     
    Merci
    j'effectue!
    0
  8. Bennyweb Messages postés 258 Statut Membre 1
     
    List'em by g3n-h@ckm@n 1.1.7.1

    Thx to Chiquitine29.....& CCM team

    User : Maison (Administrateurs) # NOM-026CA128B87
    Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
    Start at: 11:09:30 | 9/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Maison\Bureau\List_Killem\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Maison\Local Settings\Temp\C6.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    EPSON Stylus DX8400 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBE.tmp" /EF "HKCU"
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    EPSON Stylus DX8400 Series (Copie 1) REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SFC.tmp" /EF "HKCU"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
    Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    SMSERIAL REG_SZ sm56hlpr.exe
    PinnacleDriverCheck REG_SZ C:\WINDOWS\system32\\PSDrvCheck.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    NoCDBurning REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
    C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Disabled:Exécuter une DLL en tant qu'application
    C:\WINDOWS\Temp\NavBrowser.exe REG_SZ C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Pinnacle\Studio 10\programs\RM.exe REG_SZ C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager
    C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe REG_SZ C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio
    C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe REG_SZ C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
    C:\Program Files\Pinnacle\Studio 10\programs\umi.exe REG_SZ C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe REG_SZ C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe:*:Disabled:Programme d'installation de Kaspersky Internet Security 7.0
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe REG_SZ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
    C:\Program Files\iView MediaPro3\IVIEW_MP.exe REG_SZ C:\Program Files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
    C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BA162249-F2C5-4851-8ADC-FC58CB424243}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{137F3EA8-BD04-4141-0BB3-2C3CEEF72752}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B176147-788E-8CC8-3030-9F03FD403034}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8695B8E1-6903-BFD2-8F95-54EEA737EF6D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB215111-A44B-DA8A-59CB-98EFDB397A2E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}

    ==============
    BHO :
    ======
    [<NO NAME> REG_SZ ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31c322dc-5878-452e-a2d8-c4aab9973c9a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.be/?gws_rd=ssl

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    112 Go total, 16,34 Go libre (14%), 20% fragment‚ (fragmentation du fichier 40%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\WINDOWS\kb913800.exe
    C:\Documents and Settings\Maison\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and Settings\Maison\Application Data\wklnhst.dat
    C:\Documents and Settings\Maison\Local Settings\Application Data\Kiwee Toolbar
    C:\Documents and Settings\Maison\RefEdit.exd

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
    "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-09 11:11:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0054a]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d05cf8]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0054a]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d05cf8]

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    ABBYY FineReader 6.0 Sprint
    ACCES Editions
    Adobe
    Ahead
    Apple Software Update
    ATI Technologies
    BoontyGames
    CCleaner
    ComPlus Applications
    ConvertHelper
    Corel
    CyberLink
    DivX
    DVD Shrink
    eMule
    epson
    Fichiers communs
    Foto.com
    FP
    Google
    Grisoft
    InstallShield Installation Information
    InterActual
    Internet Explorer
    IVCsoft
    iView MediaPro3
    IZArc
    Java
    JRE
    Kaspersky Lab
    livrotheque
    Malwarebytes' Anti-Malware
    Messenger
    Microsoft
    microsoft frontpage
    Microsoft Office
    Microsoft Office Outlook Connector
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Microsoft Visual Studio
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MP3 Player Utilities 4.22
    MSBuild
    MSN
    MSN Gaming Zone
    MSXML 4.0
    Netlog Music Tool
    NetMeeting
    Online Services
    OpenOffice.org 3
    Outlook Express
    Panda Security
    Philips
    Pinnacle
    PowerDVD
    QuickTime
    Raccourcis de programmes
    Reference Assemblies
    Services en ligne
    SmartSound Software
    Sony
    Sony Corporation
    SoundSpectrum
    Spybot - Search & Destroy
    Synaptics
    Toshiba
    Trend Micro
    Uninstall Information
    webserv
    Windows Live
    Windows Live SkyDrive
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    Windows Plus
    Windows XP Fun Pack
    WindowsUpdate
    WMV9_VCM
    xerox
    XnView

    ============
    Lecteur C:
    ============

    2bad723e7eae242e0de6aad9
    355674543.bat
    868000477675.dat
    Adobe Illustrator 10
    AUTOEXEC.BAT
    b7a98876d3c45fa704611f73a6d8e4e2
    Bluetooth
    boot.ini
    Bootfont.bin
    Config.Msi
    CONFIG.SYS
    CPS_ESPACE
    CyberLink
    divx
    Documents and Settings
    driver
    drmHeader.bin
    expand.txt
    FirstSteps
    found.000
    found.001
    found.002
    found.003
    hiberfil.sys
    IO.SYS
    ISP
    kav
    Kill'em
    LANG.TXT
    Language.txt
    List'em.txt
    log.txt
    MSDOS.SYS
    MSOCache
    MSWorks
    Mulilog.dat
    Nis2006
    NTDETECT.COM
    ntldr
    oem.tag
    orange.bmp
    pagefile.sys
    Prodlog.txt
    Program Files
    RECYCLER
    rsit
    SBSI
    sqmdata00.sqm
    sqmdata01.sqm
    sqmdata02.sqm
    sqmdata03.sqm
    sqmdata04.sqm
    sqmdata05.sqm
    sqmdata06.sqm
    sqmdata07.sqm
    sqmdata08.sqm
    sqmdata09.sqm
    sqmdata10.sqm
    sqmdata11.sqm
    sqmdata12.sqm
    sqmdata13.sqm
    sqmdata14.sqm
    sqmdata15.sqm
    sqmdata16.sqm
    sqmdata17.sqm
    sqmdata18.sqm
    sqmdata19.sqm
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm
    sqmnoopt04.sqm
    sqmnoopt05.sqm
    sqmnoopt06.sqm
    sqmnoopt07.sqm
    sqmnoopt08.sqm
    sqmnoopt09.sqm
    sqmnoopt10.sqm
    sqmnoopt11.sqm
    sqmnoopt12.sqm
    sqmnoopt13.sqm
    sqmnoopt14.sqm
    sqmnoopt15.sqm
    sqmnoopt16.sqm
    sqmnoopt17.sqm
    sqmnoopt18.sqm
    sqmnoopt19.sqm
    System Volume Information
    Thumbs.db
    VISION
    winbom.ini
    WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ok tu fais ce qui suit

    1) relance le et fais l'option 2

    Desactives la protection residente de ton antivirus et ton parefeu et anti-spyware si present , le temps du scan

    Relances List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    apres les verifications , un rapport va s'ouvrir.

    ferme-le.

    un deuxieme rapport va s'ouvrir ,

    colle son contenu dans ta reponse

    C:\Kill'em.txt

    2) passes ad-remover option L

    • Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    https://www.androidworld.fr/

    ! Déconnecte toi et ferme toutes applications en cours !

    • Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    • Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    • Au menu principal choisis l'option "L" et tape sur [entrée] .

    • Laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    0
  10. Bennyweb Messages postés 258 Statut Membre 1
     
    Kill'em by g3n-h@ckm@n 1.1.7.1

    User : Maison (Administrateurs) # NOM-026CA128B87
    Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
    Start at: 11:53:13 | 9/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Maison\Bureau\List_Killem\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Maison\Local Settings\Temp\D5.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\WINDOWS\kb913800.exe"
    "C:\Documents and Settings\Maison\Local Settings\Application Data\Kiwee Toolbar"
    "C:\Documents and Settings\Maison\RefEdit.exd"

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    kb913800.exe.Kill'em
    Kiwee Toolbar.Kill'em
    RefEdit.exd.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
    Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    Je passe à l'étape 2
    0
  11. Bennyweb Messages postés 258 Statut Membre 1
     
    hello,
    je ne trouve pas de rapport pour AD-remover.
    Au lancement, ilm'a été signalé que le pc allait devoir redémarrer pour pouvoir continuer
    Au redémarrage j'ai reçu un message d'erreur ( rond rouge croix blanche) mais j'ai cliqué trop vite (malin va!!!)
    et ne sais pas ce qu'il signalait...je pense un fichier introuvable...peut-être ce rapport....
    Dois-je recommencer la procédure?
    Merci!
    0
  12. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, regarde dans le disque dur si tu ne le trouve pas C:\Ad-report-clean.log
    0
  13. Bennyweb Messages postés 258 Statut Membre 1
     
    Bonsoir,

    passé tout en revue....rien!!!!
    ???????
    Merci d'avance!

    Et toujours CHKDSK au démarrage!
    Benny
    0
  14. Bennyweb Messages postés 258 Statut Membre 1
     
    Bo,nsoir!

    toujours au même point???,
    Help?
    Benny
    0
  15. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, j'ai pensé que pour tes logiciel qui le fonctionne pas , si tu déactives le pare-feu de kaspersky est ce qu'ils fonctionnent ??

    je me demande si c'est pas ton disque dur ne serait pas en train de te lacher , si tu peux sauvegarder tes chose fais le car si il lache il sera trop tard !!

    on va vériffier si vraiment plus d'infection sur le pc avec combofix

    Tutoriel officiel prends le temps de le regarder : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge Combofix.exe de sUBs sur ton Bureau,

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Déconnectes toi d'internet et désactives ton antivirus et toutes protection résidente, pour que Combofix puisse s'exécuter normalement.

    Doubles clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    tu Ne touches à rien tant que le scan n'est pas terminé. MAIS la souris , sauf pour répondre quand il te le demande
    si il te demande d'installer la consoles de récuppération fais le cela permet à combofix de réparrer certain au passage


    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

    Note : Le rapport se trouve également là : C:\Combofix.txt
    0
  16. Bennyweb Messages postés 258 Statut Membre 1
     
    Hello!

    Voilà le rapport de combofix! Encore merci de ton aide!

    ComboFix 10-01-15.05 - Maison 16/01/2010 18:01:33.1.2 - x86
    Lancé depuis: c:\documents and settings\Maison\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\LOG.TXT
    c:\recycler\S-1-5-21-831677376-3357632645-2416670036-500
    C:\Thumbs.db
    c:\windows\system32\485594
    c:\windows\system32\twain_32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-16 au 2010-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-13 15:44 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-09 10:52 . 2010-01-09 10:53 -------- d-----w- C:\Kill'em
    2010-01-09 09:03 . 2010-01-09 09:03 -------- d-----w- C:\rsit
    2010-01-06 21:10 . 2010-01-06 21:10 -------- d-----w- C:\found.003
    2010-01-06 06:07 . 2010-01-06 06:07 -------- d-----w- C:\found.002
    2010-01-03 21:00 . 2008-04-14 02:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-01-03 21:00 . 2008-04-14 02:33 54784 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2009-12-21 08:06 . 2009-12-21 08:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\interdescargas-FR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-16 17:12 . 2008-04-19 19:17 5393696 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2010-01-16 17:12 . 2008-04-19 19:17 506732 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2010-01-16 17:12 . 2008-04-19 19:17 1671932 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-01-16 17:12 . 2008-04-19 19:17 124757280 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-01-16 17:12 . 2007-04-04 13:12 12 ----a-w- c:\windows\bthservsdp.dat
    2010-01-16 15:30 . 2007-04-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-01-14 19:59 . 2007-04-07 22:08 -------- d-----w- c:\program files\eMule
    2010-01-13 17:14 . 2009-04-06 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-07 17:21 . 2007-09-26 14:37 -------- d-----w- c:\documents and settings\Maison\Application Data\XnView
    2010-01-06 20:53 . 2007-04-06 07:12 -------- d-----w- c:\program files\Google
    2010-01-01 08:23 . 2010-01-01 08:23 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
    2009-12-30 18:25 . 2009-12-30 18:25 872960 ----a-w- c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-30 18:25 . 2009-12-30 18:25 43008 ----a-w- c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-30 18:25 . 2009-12-30 18:25 346624 ----a-w- c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-30 18:25 . 2009-12-30 18:25 340480 ----a-w- c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-21 15:08 . 2008-09-13 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-21 10:48 . 2008-09-13 05:44 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-21 10:40 . 2008-03-31 19:36 -------- d-----w- c:\program files\Java
    2009-12-21 10:31 . 2009-02-08 06:50 1 ----a-w- c:\documents and settings\Maison\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-12-12 05:27 . 2009-12-11 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-12-11 16:59 . 2009-12-11 16:59 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2009-12-03 15:14 . 2008-09-13 05:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 15:13 . 2008-09-13 05:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-01 21:15 . 2008-11-29 06:05 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-01 21:13 . 2009-11-06 21:16 152576 ----a-w- c:\documents and settings\Maison\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-01 21:12 . 2009-11-06 21:16 79488 ----a-w- c:\documents and settings\Maison\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-26 06:45 . 2007-03-24 09:37 213144 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-25 22:29 . 2009-11-25 22:29 -------- d-----w- c:\program files\JRE
    2009-11-25 22:29 . 2009-02-08 06:41 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-11-21 13:27 . 2007-06-06 09:11 -------- d-----w- c:\program files\CCleaner
    2009-11-10 18:42 . 2007-10-24 13:03 1204 ----a-w- C:\drmHeader.bin
    2009-10-29 07:42 . 2007-03-24 09:38 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2007-03-24 09:38 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2007-03-24 09:38 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2007-03-24 09:41 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-05-29 05:42 . 2007-06-03 07:19 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2009-05-29 05:42 . 2007-06-03 07:19 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2009-05-29 05:42 . 2007-06-03 07:19 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-05-29 05:42 . 2007-06-03 07:19 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2009-05-29 05:42 . 2007-06-03 07:19 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
    "SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056]
    "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-22 208616]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-26 110592]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

    [HKLM\~\startupfolder\C:^Documents and Settings^Maison^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
    path=c:\documents and settings\Maison\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
    backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Maison^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
    path=c:\documents and settings\Maison\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog Music Tool]
    2008-11-23 21:40 1728456 ----a-w- c:\program files\Netlog Music Tool\NetlogMusicTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-04 06:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "62121:TCP"= 62121:TCP:eMule_TCP
    "29538:UDP"= 29538:UDP:eMule_UDP

    R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
    R4 Cdhpadpwibsm;Cdhpadpwibsm; [x]
    S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-07 33808]
    S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

    .
    Contenu du dossier 'Tâches planifiées'

    2009-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-01-14 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

    2010-01-16 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

    2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{1F85D87B-2BD8-4830-94B0-0A96807BEADC}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://be.gdark.com/search.php?cx=partner-pub-7902900401080901%3Apzdklxcrglo&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: yahoo.com\fr.music
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091203144706
    DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
    FF - ProfilePath - c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://be.gdark.com/search.php?cx=partner-pub-7902900401080901%3Apzdklxcrglo&cof=FORID%3A10&ie=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://fr.google.mozilla.com/firefox&client=firefox-a&rls=com.google:fr:official
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA2&q=
    FF - component: c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\yv0uhm2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    BHO-{31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    Toolbar-{31c322dc-5878-452e-a2d8-c4aab9973c9a} - (no file)
    WebBrowser-{31C322DC-5878-452E-A2D8-C4AAB9973C9A} - (no file)
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-16 18:19
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1884)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3612)
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\rundll32.exe
    c:\windows\sm56hlpr.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-16 18:30:42 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-16 17:30

    Avant-CF: 12.585.316.352 octets libres
    Après-CF: 12.795.674.624 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - CF1B98CF2B1F1B0D64DD8B168560E78A
    0
  17. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    comment va le pc ??
    0
  18. Bennyweb Messages postés 258 Statut Membre 1
     
    Hello!
    Apparemment il démare sans plus exécuter CHKDSK, les programmes tournenrt excepté Picassa.exe qui marche lorsqu'on double-clic sur une photo et qui l'ouvre en visonneuse image mais impossible de lancer le programme lui-même pour visualiser une collection ou trier des photos...
    Picasa 3.exe -fichier endommagé exécutez l'utilitaire CHKDSK...
    Et réinstaller le programme donne le même problème.
    Merci!
    0
  19. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    et si tu désinstalles picasa et que tu passes ccleaner sur le registre avant de le réinstaller !!!
    0
  20. Bennyweb Messages postés 258 Statut Membre 1
     
    je vais tenter!
    merci!
    0
    1. brisco21 Messages postés 1 Date d'inscription   Statut Membre Dernière intervention  
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:07:31, on 17/01/2013
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
      C:\Program Files\Ask.com\Updater\Updater.exe
      C:\Documents and Settings\Soft & Micro\Mes documents\Téléchargements\NoAutorun.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Documents and Settings\Soft & Micro\Application Data\alotservice\alotservice.exe
      C:\Program Files\IB Updater\ExtensionUpdaterService.exe
      C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\FinishTime Lite\FinishTime.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&client_id=9885BFB001CDEC0B00190D06&install_time=2013-01-06T12:44:40Z&src_id=30027&camp_id=-6&tb_version=1.3.0001.0(B)&url=http://www.alothome.com/en-us (obfuscated)
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
      O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
      O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
      O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
      O2 - BHO: BargainMatchExtension - {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files\BargainMatch\bmext.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
      O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
      O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
      O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
      O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
      O4 - HKLM\..\Run: [NoAutorun] C:\Documents and Settings\Soft & Micro\Mes documents\Téléchargements\NoAutorun.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE /FU "C:\WINDOWS\TEMP\E_S7F.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soft & Micro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Soft & Micro\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files\BargainMatch\bmext.dll/content|js|bargainmatchoptions.hta (file missing)
      O9 - Extra 'Tools' menuitem: BargainMatch Preferences - {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files\BargainMatch\bmext.dll/content|js|bargainmatchoptions.hta (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{97140531-3095-4371-BA50-148F6893E669}: NameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EF035784-2F1E-4220-A2C7-13DC3F054AF5}: NameServer = 180.131.144.144 180.131.145.145
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: ALOT Update Service (AlotService) - Inuvo Inc. - C:\Documents and Settings\Soft & Micro\Application Data\alotservice\alotservice.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
      O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Kingsoft Core Service (kxescore) - Unknown owner - H:\kingsoft\kingsoft antivirus\kxescore.exe (file missing)
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
      0
  21. Bennyweb Messages postés 258 Statut Membre 1
     
    hello!!!
    apparemment pc tourne ok même si picasa.exe impossible à éxécuter .
    Question :
    au démarrage au moment de l'écran noir il m'est demandé si je veux démarrer Windows média center edition ou windows recovery console....si je ne fais rien le pc démarre normalement.
    Que dois-je faire?
    merci d'avance.

    Est-ce que je peux supprimer de mon disque les différents logiciels et logs utilisés si- dessus ( plus haut dans la discussion)
    Benny
    0
  • 1
  • 2