Virus qui bloque le bureau Fermé

Question

Depuis seulement quelques jours, j'ai un virus sur mon ordi, une page s'ouvre au démarrage "violation des droits d'auteur" et qui me parle d'une pseudo amende à payer... Bref jusque là OK... Le souci majeur est que depuis cette après-midi je ne peux plus accéder au bureau de l'ordi, à la place j'ai une page noire. Je suis passé par le gestionnaire de tâche pour aller sur internet, je n'ai plus non plus de barre d'outils.
j'ai lancé plusieurs fois Antivir et Ccleaner qui ne me trouvent rien de particulier puisque rien ne change...Je vous avoues que là je ne sait plus du tout quoi faire si ce n'est balancer mon ordi par la fenêtre lol. Si quelqu'un peut m'aider je lui en serait très reconnnaissant!
Merci d'avance.

Configuration: Windows XP / Firefox 3.6.3

moment de grace · Answer

bonsoir

fais ceci

Ctrl + ALT + Suppr 

Cherche le processus suivant : 

apmanager.exe 

Clic droit sur ce dernier : Arrêter le processus. 

******** 

Fichier > Nouvelle tâche, tape : 

%appdata% puis [Entrée] 

******** 

Une fenêtre s'ouvre. 
Ouvre le dossier apmanager puis sélectionne uninstall. 
Termina la procédure de désinstallation (laisse toi guider). 

********* 

Reviens sur le gestionnaire des tâches. 
Nouvelle tâche : explorer.exe puis [Entrée]. 

Dis moi si tu retrouves ton bureau et tes icônes.

moment de grace · Answer

oh non

l'infection est toujours là

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

? Télécharge List_Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/...

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

 Executer Shortcut
 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

rmi · Answer

Genuine Intel(R) CPU T2250 @ 1.73GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] FW : Norton Internet Worm Protection[ (!) Disabled ]2006 C:\ -> Disque fixe local | 102,6 Go (78,98 Go free) | NTFS D:\ -> Disque fixe local | 8,17 Go (1,42 Go free) [PRESARIO_RP] | FAT32 E:\ -> Disque CD-ROM Boot: Normal ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\MAESOR~1\LOCALS~1\Temp\Ec0.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\OfferBox\OfferBox.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Micro Application\LauncherMA.exe C:\Documents and Settings\Maeso Rémi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\List_Kill'em\List_Kill'em.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\List_Kill'em\pv.exe ====================== Keys "Run" ====================== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background WinSpywareProtect REG_SZ "C:\Documents and Settings\All Users\Application Data\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe" /autorun OfferBox REG_SZ C:\Program Files\OfferBox\OfferBox.exe WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe YVIBBBHA8C REG_SZ C:\DOCUME~1\MAESOR~1\LOCALS~1\Temp\Ec1.exe M5T8QL3YW3 REG_SZ C:\DOCUME~1\MAESOR~1\LOCALS~1\Temp\Ec0.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe MsmqIntCert REG_SZ regsvr32 /s mqrt.dll High Definition Audio Property Page Shortcut REG_SZ CHDAudPropShortcut.exe SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe" Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe RecGuard REG_SZ C:\Windows\SMINST\RecGuard.exe Reminder REG_SZ C:\Windows\CREATOR\Remind_XP.exe CamserviceDeluxe2 REG_SZ C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe" HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe REG_SZ QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime lsdefrag REG_SZ C:\DOCUME~1\MAESOR~1\LOCALS~1\Temp\saoxewnmcr.tmp ezLife REG_SZ rundll32 "mvbgsztd.dll",,Run mibqyjklhpgk REG_SZ C:\WINDOWS\System32 egsvr32.exe /s "C:\WINDOWS\system32\wtgapehttspbmpzjs.dll" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ===================== Other Keys ===================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme =============== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDriveTypeAutoRun REG_DWORD 145 (0x91) =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] HonorAutoRunSetting REG_DWORD 1 (0x1) =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLS REG_SZ =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] AutoRestartShell REG_DWORD 1 (0x1) DefaultUserName REG_SZ Maeso Rémi LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe ShutdownWithoutLogon REG_SZ 0 System REG_SZ Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Maeso Rémi\Application Data\sdra64.exe,C:\WINDOWS\system32\sdra64.exe, VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" SfcQuota REG_DWORD -1 (0xffffffff) allocatecdroms REG_SZ 0 allocatedasd REG_SZ 0 allocatefloppies REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0 (0x0) passwordexpirywarning REG_DWORD 14 (0xe) scremoveoption REG_SZ 0 AllowMultipleTSSessions REG_DWORD 1 (0x1) UIHost REG_EXPAND_SZ logonui.exe LogonType REG_DWORD 0 (0x0) Background REG_SZ 0 0 0 DebugServerCommand REG_SZ no SFCDisable REG_DWORD 0 (0x0) WinStationsDisabled REG_SZ 0 HibernationPreviouslyEnabled REG_DWORD 1 (0x1) ShowLogonOptions REG_DWORD 1 (0x1) AltDefaultUserName REG_SZ Maeso Rémi AltDefaultDomainName REG_SZ PC757821523111 DefaultDomainName REG_SZ PC757821523111 ChangePasswordUseKerberos REG_DWORD 1 (0x1) =============== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\crypt32chain] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cryptnet] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cscdll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\dimsntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\igfxcui] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ScCertProp] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\Schedule] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\sclgntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\SensLogn] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify ermsrv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WgaLogon] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\wlballoon] =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ =============== [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\Hercules\Deluxe Optical Glass\Station2.exe REG_SZ C:\Program Files\Hercules\Deluxe Optical Glass\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe REG_SZ C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe REG_SZ C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 C:\Documents and Settings\Maeso Rémi\Local Settings\Temp\{87C68C3E-5D21-44DA-8054-3B4B88B3481F}\{C489762A-4A24-4B13-A317-98949D5B109E}\moovida-mediacenter-1.0.9.exe REG_SZ C:\Documents and Settings\Maeso Rémi\Local Settings\Temp\{87C68C3E-5D21-44DA-8054-3B4B88B3481F}\{C489762A-4A24-4B13-A317-98949D5B109E}\moovida-mediacenter-1.0.9.exe:*:Enabled:Moovida Media Center Installer [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare =============== ActivX controls =============== [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000161-9980-0010-8000-00AA00389B71}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-9980-0010-8000-00AA00389B71}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}] =============== [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{DFB17AA8-042A-429D-987C-26CE244A4189}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}] ============== BHO : ====== [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C2F11FCC-6ECC-4287-B4A0-37A2B18AE63C}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d92f870e-5592-2c24-280d-d588b35ffb81}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E5FB8392-AACF-1D67-55F6-2AB791F05F43}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] === DNS === HKLM\SYSTEM\CCS\Services\Tcpip\..\{C175C22C-BDD0-4782-87B1-817E772AB04B}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C175C22C-BDD0-4782-87B1-817E772AB04B}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{C175C22C-BDD0-4782-87B1-817E772AB04B}: DhcpNameServer=109.0.64.241 86.64.233.83 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=109.0.64.241 86.64.233.83 ================ Internet Explorer : ================ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp Local Page REG_SZ C:\WINDOWS\system32\blank.htm Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp Local Page REG_SZ C:\WINDOWS\system32\blank.htm Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ======== Services ======== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] Ndisuio : 0x3 ( OK = 3 ) EapHost : 0x3 ( OK = 2 ) SharedAccess : 0x2 ( OK = 2 ) wuauserv : 0x2 ( OK = 2 ) ======== Safemode ======== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !! ========= Atapi.sys ========= C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\WINDOWS\ServicePackFiles\i386\atapi.sys : MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674] SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9] C:\WINDOWS\system32\drivers\atapi.sys : MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674] SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9] Référence : ========== Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867 Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e ======= Drive : ======= D'fragmenteur de disque Windows Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc. Rapport d'analyse 103 Go total, 78,89 Go libre (76%), 17% fragment' (fragmentation du fichier 35%) Vous devriez d'fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Files/folders : Present !! : C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd Present !! : C:\Program Files\Everest Poker Present !! : C:\Program Files\ezLife Present !! : C:\Program Files\Mozilla Firefox\components sFFxSHot.xpt Present !! : C:\Program Files\Smart-Ads-Solutions Present !! : C:\WINDOWS\003082_.tmp Present !! : C:\WINDOWS\kb913800.exe Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn Present !! : C:\WINDOWS\System32\lowsec Present !! : C:\WINDOWS\System32\sdra64.exe" Present !! : C:\WINDOWS\System32\SET*.tmp Present !! : C:\WINDOWS\System32\sshnas??.dll Present !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Present !! : C:\WINDOWS asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job Present !! : C:\Documents and Settings\Maeso R'mi\Application data\sdra64.exe Present !! : C:\Documents and Settings\Maeso R'mi\Application Data\Smart-Ads-Solutions Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\AC6.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\AC7.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\AC8.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\AC9.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\ACA.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\ACD.tmp Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\Ec0.exe Present !! : C:\Documents and Settings\Maeso R'mi\Local Settings\Temp\Ecz.exe Present !! : C:\Documents and Settings\Maeso R'mi\LOCAL Settings\Temp\Ec0.exe Present !! : C:\Documents and Settings\Maeso R'mi\LOCAL Settings\Temp\Ecz.exe Present !! : C:\Documents and Settings\Maeso R'mi\LOCAL Settings\Temp\khvcol.exe ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\M5T8QL3YW3 Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices\APManager Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ezLife Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsdefrag Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4} Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : "HKCU\SOFTWARE\Adsl Software Ltd" Present !! : "HKCU\Software\Grand Virtual" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe" Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker" Present !! : HKCR\adhlpr.adhlpr Present !! : HKCR\adhlpr.adhlpr.1.0 Present !! : HKCR\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} Present !! : HKCR\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} Present !! : HKCU\SOFTWARE\fcn Present !! : HKCU\SOFTWARE\Microsoft\Handle Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore Present !! : HKCU\SOFTWARE\OOO Present !! : HKCU\SOFTWARE\QZAIB7KITK Present !! : HKCU\Software\Smart-Ads-Solutions Present !! : HKCU\SOFTWARE\XML Present !! : HKCU\Software\YVIBBBHA8C Present !! : HKLM\SOFTWARE\ezLife Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\armanager Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions Present !! : HKLM\SOFTWARE\OOO Present !! : HKLM\SOFTWARE\Smart-Ads-Solutions Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS Present !! : HKLM\SYSTEM\ControlSet001\Services\SSHNAS Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_SSHNAS Present !! : HKLM\SYSTEM\ControlSet003\Services\SSHNAS Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SSHNAS Present !! : HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-08 01:29:03 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????r??????'?@?????L?@ scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A677EE4]<< kernel: MBR read successfully [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] FirstRunDisabled REG_DWORD 1 (0x1) AntiVirusDisableNotify REG_DWORD 1 (0x1) FirewallDisableNotify REG_DWORD 1 (0x1) UpdatesDisableNotify REG_DWORD 0 (0x0) AntiVirusOverride REG_DWORD 0 (0x0) FirewallOverride REG_DWORD 0 (0x0) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ End of scan : 1:29:05,70

rmi · Answer

j'ai reperdu mon  bureau subitement.j'ai voulu faire comme l'autre fois mais des le debut j'arrive pas à trouver le processus''apmanager.exe".un peu d'aide ne serait pas de refus.merci.

moment de grace · Answer

restaure le système avant la mauvaise manip

rmi · Answer

moi je veux bien mais sans mon truc demarer en bas à gauche ça va etre un peu dur.sauf si tu connais un raccourci et je pense que oui.

moment de grace · Answer

redemarre en mode sans echec

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php


Au démarrage du PC a la place de MSE, choisir Invite de commandes en mode sans échec et voir pour une restauration avec cette commande : 
%windir%\system32\restore\rstrui.exe

si la manoeuvre fonctionne

alors explique tes nouveau soucis

et

Télécharge ZHPDiag ( de Nicolas coolman ). 
ftp://zebulon.fr/ZHPDiag.exe

(outil de diagnostic)

 Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
 
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista ) 

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr 

=> utiliser https://www.cjoint.com/
=>  utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

rmi · Answer

là le probleme c'est que meme pour demarer sans echec ça marche pas.j'ai suivis les consignes du site et moi j peux pas aller sur administrateur,il y a pas.c'est direct sur ma session et là c'est ecran tout noir avec des ecritures sur les bords

moment de grace · Answer

ca se complique

tentes cette solution qui consiste à creer un cd sur lequel tu booy au démarrage du pc

https://www.malekal.com/tutoriels-logiciels/

rmi · Answer

ça marche pas.mais est 'il possible de retrouver le panneau de configuration pour permettre ensuite de remettre à un jour antérieur?sinon je suis à l'ecoute d'autres propositions.

moment de grace · Answer

explique ce qui ne marche pas

Virus qui bloque le bureau

11 réponses

Discussions similaires

Newsletters