Un virus tenace

pimpoum -  
 gen-hackman -

bjr a tous
j'ai un petit souci j'ai un onglet qui s'ouvre en me précisant en anglais: Warning !
your computer contains various signs of viruses and malware programs presence.
your system requires immediate antiviruses check ! microsoft security assessment Tool will perform a quick and free online checking of your PC / titre onglet: Message de la page web
Et quand je ferme ou OK ou annule ca m'ouvre une page qui scan tout mes disque dur alors que mon anti virus ne trouve rien et d'ailleurs a cause de ce virus je ne peut ni faire les mises a jour bitdefender ni ouvrir internet explorer

quoi faire aidez moi parce c vraiment gênant !!!!
merci d'avance

11 réponses

  1. gen-hackman
     
    salut :

    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ? Télécharge List_Kill'em et enregistre le sur ton bureau

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    ? Executer Shortut
    ? Executer List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    ? laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    ? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    ?G3?-?@¢??@?(TM)©®?
    0
    1. pimpoum Messages postés 11 Statut Membre
       
      List'em by g3n-h@ckm@n 1.7.2.2

      User : julien (Administrateurs)
      Update on 26/04/2010 by g3n-h@ckm@n ::::: 20.45
      Start at: 20:38:10 | 27/04/2010

      Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
      Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
      Internet Explorer 8.0.7600.16385
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local | 107,42 Go (76,67 Go free) | NTFS
      D:\ -> Disque CD-ROM | 0,38 Mo (0 Mo free) [Bluebirds] | CDFS
      E:\ -> Disque fixe local | 125,46 Go (44,19 Go free) | NTFS
      F:\ -> Disque fixe local | 232,88 Go (107,77 Go free) [Nouveau nom] | NTFS
      G:\ -> Disque CD-ROM
      H:\ -> Disque CD-ROM

      Boot: Normal

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\ATKFUSService.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
      C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      E:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
      C:\Windows\system32\Dwm.exe
      E:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskhost.exe
      C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      E:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
      E:\Program Files\lg_fwupdate\fwupdate.exe
      C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
      C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      C:\Windows\bill108.exe
      C:\Program Files\Portrait Displays\Pivot Software\floater.exe
      F:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
      C:\Users\julien\Bluebirds\BlueBirds.exe
      C:\Program Files\Logitech\Logitech Vid\Vid.exe
      C:\Users\julien\AppData\Local\WahOO\WahOO.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\DllHost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\List_Kill'em\List_Kill'em.exe
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\List_Kill'em\pv.exe

      ======================
      Keys "Run"
      ======================

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      ASUS SmartDoctor REG_SZ C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
      bluebirds REG_SZ C:\Users\julien\Bluebirds\BlueBirds.exe
      Logitech Vid REG_SZ "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
      EA Core REG_SZ "E:\Program Files\Electronic Arts\EADM\Core.exe" -silent
      WahOO REG_SZ "C:\Users\julien\AppData\Local\WahOO\WahOO.exe" silent
      updateMgr REG_SZ "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      ASUSGamerOSD REG_SZ C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
      UpdateLBPShortCut REG_SZ "E:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
      RemoteControl REG_SZ "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      LanguageShortcut REG_SZ "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      UCam_Menu REG_SZ "E:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
      LGODDFU REG_SZ "E:\Program Files\lg_fwupdate\fwupdate.exe" blrun
      UpdatePSTShortCut REG_SZ "E:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      RtHDVCpl REG_SZ C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      PivotSoftware REG_SZ "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
      DT PHL REG_SZ C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PHL
      StxTrayMenu REG_SZ F:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe F:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
      <NO NAME> REG_SZ
      XboxStat REG_SZ "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
      Recordpad REG_SZ "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
      sysfbtray REG_SZ C:\Windows\bill108.exe
      SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      BitDefender Antiphishing Helper REG_SZ "E:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
      BDAgent REG_SZ "E:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

      =====================
      Other Keys
      =====================

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
      ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
      EnableInstallerDetection REG_DWORD 1 (0x1)
      EnableLUA REG_DWORD 0 (0x0)
      EnableSecureUIAPaths REG_DWORD 1 (0x1)
      EnableUIADesktopToggle REG_DWORD 0 (0x0)
      EnableVirtualization REG_DWORD 1 (0x1)
      PromptOnSecureDesktop REG_DWORD 1 (0x1)
      ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
      dontdisplaylastusername REG_DWORD 0 (0x0)
      scforceoption REG_DWORD 0 (0x0)
      shutdownwithoutlogon REG_DWORD 1 (0x1)
      undockwithoutlogon REG_DWORD 1 (0x1)
      FilterAdministratorToken REG_DWORD 0 (0x0)
      LegalNoticeText REG_SZ
      LegalNoticeCaption REG_SZ

      ===============

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

      ===============

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

      ===============

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      AppInit_DLLS REG_SZ

      ===============

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      ReportBootOk REG_SZ 1
      Shell REG_SZ explorer.exe
      PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      Userinit REG_SZ C:\Windows\system32\userinit.exe,
      VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
      AutoRestartShell REG_DWORD 1 (0x1)
      Background REG_SZ 0 0 0
      CachedLogonsCount REG_SZ 10
      DebugServerCommand REG_SZ no
      ForceUnlockLogon REG_DWORD 0 (0x0)
      PasswordExpiryWarning REG_DWORD 5 (0x5)
      PowerdownAfterShutdown REG_SZ 0
      ShutdownWithoutLogon REG_SZ 0
      WinStationsDisabled REG_SZ 0
      DisableCAD REG_DWORD 1 (0x1)
      scremoveoption REG_SZ 0
      ShutdownFlags REG_DWORD 43 (0x2b)
      AutoAdminLogon REG_SZ 0
      DefaultUserName REG_SZ julien
      allocatecdroms REG_SZ 0
      LegalNoticeText REG_SZ
      LegalNoticeCaption REG_SZ

      ===============


      ===============

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

      ===============

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      ===============
      ActivX controls
      ===============

      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

      ===============
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{7CE23967-DDAA-4A71-AC06-44676908A8D2}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

      ==============
      BHO :
      ======

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

      ===
      DNS
      ===

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{D28B8669-EA53-4CFC-B34A-F10FA98A3FA5}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{D28B8669-EA53-4CFC-B34A-F10FA98A3FA5}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{D28B8669-EA53-4CFC-B34A-F10FA98A3FA5}: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

      ================
      Internet Explorer :
      ================

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.01net.com/
      Local Page REG_SZ C:\Windows\system32\blank.htm
      Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      Default_Page_URL REG_SZ https://www.01net.com/
      Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
      Local Page REG_SZ C:\Windows\system32\blank.htm
      Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

      ========
      Services
      ========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

      Ndisuio : 0x3 ( OK = 3 )
      EapHost : 0x3 ( OK = 2 )
      Wlansvc : 0x3 ( OK = 2 )
      SharedAccess : 0x4 ( OK = 2 )
      windefend : 0x3 ( OK = 2 )
      wuauserv : 0x2 ( OK = 2 )
      wscsvc : 0x2 ( OK = 2 )

      ========
      Safemode
      ========

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

      =========
      Atapi.sys
      =========

      C:\Windows\System32\drivers\atapi.sys :
      MD5 :: [338c86357871c167a96ab976519bf59e]
      SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

      C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
      MD5 :: [338c86357871c167a96ab976519bf59e]
      SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

      C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
      MD5 :: [338c86357871c167a96ab976519bf59e]
      SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

      Référence :
      ==========

      Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
      Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
      Win XP_32b : a64013e98426e1877cb653685c5c0009
      Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
      Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
      Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
      Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
      Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
      Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
      Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
      Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
      Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

      =======
      Drive :
      =======

      D'fragmenteur de disque Microsoft
      Copyright (c) 2007 Microsoft Corp.

      Invocation de analyse sur (C:)...



      L'op'ration a r'ussi.

      Post Defragmentation Report:


      Informations sur le volumeÿ:
      Taille du volume = 107,42 Go
      Espace libre = 76,67 Go
      Quantit' totale d'espace fragment' = 0%
      Taille maximale d'espace libre = 45,17 Go

      Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.


      Il n'est pas n'cessaire de d'fragmenter ce volume.

      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Present !! : C:\Windows\_delis32.ini
      Present !! : C:\Windows\fdgg34353edfgdfdf
      Present !! : C:\Windows\Temp\coF15D2.tmp
      Present !! : C:\Windows\Temp\coFC216.tmp
      Present !! : C:\Windows\Temp\DMI36B8.tmp
      Present !! : C:\Windows\Temp\DMI3CC1.tmp
      Present !! : C:\Windows\Temp\is5B4E.tmp
      Present !! : C:\Windows\Temp\is9A71.tmp
      Present !! : C:\Windows\Temp\JET169D.tmp
      Present !! : C:\Windows\Temp\JET5540.tmp
      Present !! : C:\Windows\Temp\JET5EB2.tmp
      Present !! : C:\Windows\Temp\JET619F.tmp
      Present !! : C:\Windows\Temp\JET63B1.tmp
      Present !! : C:\Windows\Temp\JET67F5.tmp
      Present !! : C:\Windows\Temp\JET6AC3.tmp
      Present !! : C:\Windows\Temp\JET6D04.tmp
      Present !! : C:\Windows\Temp\JET6D62.tmp
      Present !! : C:\Windows\Temp\JET73E7.tmp
      Present !! : C:\Windows\Temp\JET7416.tmp
      Present !! : C:\Windows\Temp\JET8FC0.tmp
      Present !! : C:\Windows\Temp\TS_A6F9.tmp
      Present !! : C:\Windows\Temp\TS_AA44.tmp
      Present !! : C:\Windows\Temp\TS_AF64.tmp
      Present !! : C:\Windows\Temp\TS_B31C.tmp
      Present !! : C:\Windows\Temp\TS_C279.tmp
      Present !! : C:\Windows\Temp\TS_C41F.tmp
      Present !! : C:\Windows\Temp\TS_C7A9.tmp
      Present !! : C:\Windows\Temp\TS_D080.tmp
      Present !! : C:\Users\julien\AppData\Local\fusioncache.dat
      Present !! : C:\Users\julien\AppData\Local\GDIPFONTCACHEV1.DAT
      Present !! : C:\Users\julien\downloads\setup.exe
      Present !! : C:\Users\julien\Local Settings\Temp\reg.xml
      Present !! : C:\Users\julien\Local Settings\Temp\ytb.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\infozip.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\ripsetup.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\rpsetup.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\stsetup.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\uninst.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\wpsetup.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\ytb.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272328156.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272387046.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272390248.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_is1E77.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_is2E26.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_is5967.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_is6E3.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_is9971.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_isAB9A.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\_isFA1A.exe
      Present !! : C:\Users\julien\LOCAL Settings\Temp\catchme.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\detectionapi_rd.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\directx9tests_rd.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\local.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\mfc80.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\mfc80u.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\mfcm80.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\mfcm80u.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\msvcm80.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\msvcp80.dll
      Present !! : C:\Users\julien\LOCAL Settings\Temp\msvcr80.dll
      Present !! : C:\Users\julien\Local Settings\Temp\zpskon_1272328156.exe
      Present !! : C:\Users\julien\Local Settings\Temp\zpskon_1272387046.exe
      Present !! : C:\Users\julien\Local Settings\Temp\zpskon_1272390248.exe

      ¤¤¤¤¤¤¤¤¤¤ Keys :

      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray

      ============

      catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-04-27 20:42:45
      Windows 6.1.7600 FAT NTAPI

      detected NTDLL code modification:
      ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error


      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857371F8]<<
      kernel: MBR read successfully
      user & kernel MBR OK

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      cval REG_DWORD 1 (0x1)

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      End of scan : 20:42:45,32

      voili le rapport
      0
    2. pimpoum Messages postés 11 Statut Membre
       
      que fais-je maintenant ?
      0
  2. gen-hackman
     
    ca :

    ▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'Option Clean

    ton PC va redemarrer,

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta reponse
    0
  3. pimpoum Messages postés 11 Statut Membre
     
    Kill'em by g3n-h@ckm@n 1.7.2.2

    User : julien (Administrateurs)
    Update on 26/04/2010 by g3n-h@ckm@n ::::: 20.45
    Start at: 23:34:58 | 27/04/2010

    Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
    Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
    Internet Explorer 8.0.7600.16385
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 107,42 Go (76,76 Go free) | NTFS
    D:\ -> Disque CD-ROM | 2,28 Go (0 Mo free) [GRMCHPFREO_FR_DVD] | UDF
    E:\ -> Disque fixe local | 125,46 Go (44,19 Go free) | NTFS
    F:\ -> Disque fixe local | 232,88 Go (107,77 Go free) [Nouveau nom] | NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM
    I:\ -> Disque amovible | 924,17 Mo (547,06 Mo free) | FAT

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\ATKFUSService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    E:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    E:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    E:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Program Files\List_Kill'em\ERUNT.EXE
    C:\Program Files\List_Kill'em\pv.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Windows\_delis32.ini
    Quarantined & Deleted !! : C:\Windows\fdgg34353edfgdfdf

    Quarantined & Deleted !! : C:\Windows\Temp\coF15D2.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\coFC216.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\DMI36B8.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\DMI3CC1.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\GUR44EB.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\GUR66AE.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\is5B4E.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\is9A71.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET169D.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET5540.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET5EB2.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET619F.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET63B1.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET67F5.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET6AC3.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET6D04.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET6D62.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET73E7.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET7416.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\JET8FC0.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_A6F9.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_AA44.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_AF64.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_B31C.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_C279.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_C41F.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_C7A9.tmp
    Quarantined & Deleted !! : C:\Windows\Temp\TS_D080.tmp
    Quarantined & Deleted !! : C:\Users\julien\AppData\Local\fusioncache.dat
    Quarantined & Deleted !! : C:\Users\julien\AppData\Local\GDIPFONTCACHEV1.DAT
    Quarantined & Deleted !! : C:\Users\julien\downloads\setup.exe
    Quarantined & Deleted !! : C:\Users\julien\Local Settings\Temp\reg.xml
    Quarantined & Deleted !! : C:\Users\julien\Local Settings\Temp\ytb.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\infozip.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\ripsetup.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\rpsetup.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\stsetup.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\uninst.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\wpsetup.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272328156.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272387046.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\zpskon_1272390248.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_is1E77.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_is2E26.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_is5967.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_is6E3.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_is9971.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_isAB9A.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\_isFA1A.exe
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\catchme.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\detectionapi_rd.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\directx9tests_rd.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\local.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\mfc80.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\mfc80u.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\mfcm80.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\mfcm80u.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\msvcm80.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\msvcp80.dll
    Quarantined & Deleted !! : C:\Users\julien\LOCAL Settings\Temp\msvcr80.dll

    =======
    Hosts :
    =======

    127.0.0.1 localhost

    ========
    Registry
    ========

    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
    =================
    Internet Explorer
    =================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.com/?gws_rd=ssl
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ===============
    Security Center
    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval REG_DWORD 1 (0x1)
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    FirewallDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 1 (0x1)
    FirewallOverride REG_DWORD 1 (0x1)

    ========
    Services
    =========

    Ndisuio : Start = 3
    EapHost : Start = 2
    Wlansvc : Start = 2
    SharedAccess : Start = 2
    windefend : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  4. gen-hackman
     
    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant tous les utilisateurs

    ▶ règle age du fichier sur "60 jours"

    ▶ dans la moitié gauche , mets tout sur "tous"

    ne modifie pas ceci :

    "fichiers créés" et "fichiers Modifiés"


    ▶Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pimpoum Messages postés 11 Statut Membre
     
    j'arrive pas a telecharger olt
    est-ce qu'il fo que je desinstalle list-kill'em
    0
  7. pimpoum Messages postés 11 Statut Membre
     
    j'arrive pas firefox ne trouve pas le serveur de l'adresse
    comment faire
    0
  8. pimpoum Messages postés 11 Statut Membre
     
    mais même avec internet explorer ca marche pas
    0
  9. gen-hackman
     
    t'as reussi pour le reste ........
    0
  10. pimpoum Messages postés 11 Statut Membre
     
    merci a toi pour tout !!!
    le virus vener de adobe reader qui était obselete du coup en le désinstallant virus parti
    merci beaucoup
    0
  11. gen-hackman
     
    dans ce cas tu peux me fournir un rapport d'OTL afin de verifier s'il ne reste rien.......
    0