init.exe/csrcs.Exe explorer ne demare plus!! Fermé

Question

Bonjour, 
j'ai attrapé me semble-t-il pas mal de virus et trojons, etc et j'aurais besoin de votre aide pour m'en débarasser. Je suis entrain de faire un scan avec AVIRA; mais je crains qu'il ne suffise pas .
Je joint un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:57, on 12/06/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\system32\svchost.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\hp\Desktop\HiJackThis.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.inwi.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\hp\AppData\Local\Temp\init.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [12909] c:\jrjjok.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\Windows\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKCU\..\Run: [kell] c:\program Files\Manson\liser.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\Windows\system32\csrcs.exe
O4 - Startup: fmnupd32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL,c:\progra~1\Manson\liser.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\Windows\DLL\RUNDLL32.exe
O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: sopidkc  Service (sopidkc) - Elecard Lt - C:\Windows\system32\sopidkc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

jlpjlp · Answer

slt
interessant

si tu as le rapport antivir colle le nous


puis

Télécharge et installe UsbFix de C_XX & Chiquitine29


Voici un tuto : http://pagesperso-orange.fr/FindyKill.Ad.Remover/uac_vista.html


Ceci dis UsbFix peut fonctionner avec l'Uac actif...... :



Telecharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


# Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "exécuter en tant qu'administrateur" .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

evasion87 · Answer

ok merci beaucoup; dés que avira finisse je post le rapport

evasion87 · Answer

voila le rapport de Avira Avira AntiVir Personal Report file date: vendredi 12 juin 2009 10:36 Scanning for 1463523 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (plain) [6.0.6000] Boot mode : Save mode with network Username : hp Computer name : PC-DE-HP Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 12/06/2009 10:17:41 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 11:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 12:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 11:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 21:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 17:18:41 ANTIVIR3.VDF : 7.1.4.85 336384 Bytes 11/06/2009 10:17:40 Engineversion : 8.2.0.187 AEVDF.DLL : 8.1.1.1 106868 Bytes 28/05/2009 17:07:31 AESCRIPT.DLL : 8.1.2.6 409978 Bytes 12/06/2009 10:17:40 AESCN.DLL : 8.1.2.3 127347 Bytes 28/05/2009 17:07:28 AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 19:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 17:07:27 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 21:01:56 AEHEUR.DLL : 8.1.0.131 1786232 Bytes 12/06/2009 10:17:40 AEHELP.DLL : 8.1.3.6 205174 Bytes 12/06/2009 10:17:40 AEGEN.DLL : 8.1.1.45 348532 Bytes 12/06/2009 10:17:40 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 15:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 28/05/2009 17:07:10 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 15:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 09:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 11:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 15:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 11:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 16:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 11:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 16:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 09:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 11:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 12/06/2009 10:17:40 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 11:19:48 Configuration settings for the scan: Jobname.............................: Local Hard Disks Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL, Start of the scan: vendredi 12 juin 2009 10:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'HelpPane.exe' - '1' Module(s) have been scanned Scan process 'wnzip32.exe' - '1' Module(s) have been scanned Scan process 'wnzip32.exe' - '1' Module(s) have been scanned Scan process 'wnzip32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned c:\gqmvx.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan Scan process 'gqmvx.exe' - '1' Module(s) have been scanned Module is infected -> 'c:\gqmvx.exe' Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Module is infected -> 'C:\Windows\system32\3361\SVCHOST.exe' Scan process 'tpsaxyd.exe' - '1' Module(s) have been scanned Scan process 'liser.exe' - '1' Module(s) have been scanned Module is infected -> 'c:\program Files\Manson\liser.exe' Scan process 'AcroRd32Info.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Process 'gqmvx.exe' has been terminated Process 'SVCHOST.EXE' has been terminated Process 'liser.exe' has been terminated c:\gqmvx.exe [WARNING] The file could not be opened! C:\Windows\system32\3361\SVCHOST.exe [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:=sz:SVCHOST.exe [NOTE] The file was moved to '4a753031.qua'! c:\program Files\Manson\liser.exe [DETECTION] Is the TR/PSW.Wowsteal.AO!dll Trojan [NOTE] The file was deleted! 36 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). c:\jrjjok.exe [DETECTION] Is the TR/Spy.Gen Trojan C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fmnupd32.exe [DETECTION] Is the TR/Agent.cltv Trojan The registry was scanned ( '52' files ). Starting the file scan: Begin scan in 'C:\' C:\jqqdvn.exe [DETECTION] Contains HEUR/Malware suspicious code C:\jrjjok.exe [DETECTION] Is the TR/Spy.Gen Trojan C:\lsass.exe [DETECTION] Is the TR/Spy.Gen Trojan C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C: egpid.exe [DETECTION] Is the TR/Tiny.705 Trojan C:\sonfj.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\sufp.exe [DETECTION] Is the TR/Tiny.705 Trojan C: jhnrirl.exe [DETECTION] Is the TR/Tiny.705 Trojan C:\Program Files\Manson\liser.dll [DETECTION] Is the TR/PSW.Wowsteal.AO!dll.1 Trojan C:\Program Files\MATLAB\R2008a oolbox\imaq\imaqadaptors\kit\doc\adaptorkit.chm [0] Archive type: CHM --> /#URLSTR [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TJVYQ0C\ccsuper3[1].htm [DETECTION] Is the TR/Tiny.705 Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9D70IZL8\went[1].exe [DETECTION] Contains recognition pattern of the DR/Autoit.YU dropper C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9D70IZL8\winrar[1].exe [DETECTION] Is the TR/ATRAPS.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3VLY3B\ccsuper0[1].htm [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3VLY3B\pqz[1].exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDTIQTF6\ouuivaan[1].htm [DETECTION] Is the TR/Tiny.705 Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDTIQTF6\qjkxpcp[1].htm [DETECTION] Is the TR/Tiny.705 Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\av[1].exe [DETECTION] Is the TR/PSW.Wowsteal.AO!dll Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\lakkl[1].htm [DETECTION] Is the TR/Tiny.705 Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\oheefst[1].txt [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXJKU79\atnaa[1].htm [DETECTION] Is the TR/Tiny.705 Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKUSV4KJ\agpdd[1].htm [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKUSV4KJ\qwtkll[1].htm [DETECTION] Is the TR/Agent.cltv Trojan C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0AQTMS\ccsuper1[1].htm [DETECTION] Contains HEUR/Malware suspicious code C:\Users\hp\AppData\Local\Temp\265.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Temp\380.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Temp\383.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Temp\479.exe [DETECTION] Is the TR/Hijacker.Gen Trojan C:\Users\hp\AppData\Local\Temp\856.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Users\hp\AppData\Local\Temp\879.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Users\hp\AppData\Local\Temp\A545.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Users\hp\AppData\Local\Temp\F69F.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Users\hp\AppData\Local\Temp\init.exe [DETECTION] Is the TR/Dropper.Gen Trojan C:\Users\hp\AppData\Local\Temp\~TM3D4F.tmp [DETECTION] Is the TR/Agent.cltv Trojan C:\Users\hp\AppData\Local\Temp\~TMAAC.tmp [DETECTION] Is the TR/Agent.cltv Trojan C:\Users\hp\AppData\Local\Temp\~TMB433.tmp [DETECTION] Is the TR/Agent.cltv Trojan C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fmnupd32.exe [DETECTION] Is the TR/Agent.cltv Trojan C:\Users\hp\Desktop\Master Docs II\Forum Université-Entreprise\dossier_master\deplialts\matiere_condensee.pdf [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\Users\hp\Desktop\Master Docs II\Master\dossier_master lahroussi.rar [0] Archive type: RAR --> dossier_master\deplialts\matiere_condensee.pdf [1] Archive type: PDF Stream [DETECTION] Contains HEUR/HTML.Malware suspicious code --> dossier_master\deplialts\sig.pdf [1] Archive type: PDF Stream [DETECTION] Contains HEUR/HTML.Malware suspicious code --> dossier_master\inscription\dossier_inscrip_master_specialise.pdf [1] Archive type: PDF Stream [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\Users\hp\Desktop\Master Docs II\Master\dossier_master_lahroussi.rar [0] Archive type: RAR --> dossier_master\deplialts\matiere_condensee.pdf [1] Archive type: PDF Stream [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\Users\hp\Desktop\Master Docs II\Master\dossier_master\deplialts\matiere_condensee.pdf [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\Users\hp\Desktop\Temporaire\yf-install_20080822-01.exe [0] Archive type: NSIS --> [ProgramFilesDir]/Your Freedom/PS.EXE [WARNING] The file could not be written! [WARNING] The file could not be written! C:\Users\hp\Downloads\Macromedia Studio 8 Fr (Dreamweaver 8 - Fireworks 8 - Flash 8) Kegen.ace [0] Archive type: ACE --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Users\hp\Downloads\eMule\Incoming\Dring 1.zip [0] Archive type: ZIP --> key_generator.exe [DETECTION] Is the TR/Dldr.Bagle.asw Trojan C:\Windows\DLL\RUNDLL32.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan C:\Windows\System32\fci.exe.exe:ext.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Windows\System32\korn.exe [DETECTION] Is the TR/Midgare.yda Trojan C:\Windows\System32\systemcatchX.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Windows\System32\xpsvc32.exe [DETECTION] Contains recognition pattern of the DR/Autoit.YU dropper Begin scan in 'D:\' Beginning disinfection: c:\jrjjok.exe [DETECTION] Is the TR/Spy.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [NOTE] The driver could not be initialized. [NOTE] The file is scheduled for deleting after reboot. C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4a9e4a24.qua'! C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fmnupd32.exe [DETECTION] Is the TR/Agent.cltv Trojan [NOTE] The file was moved to '4aa04a20.qua'! C:\jqqdvn.exe [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4aa34a24.qua'! C:\jrjjok.exe [DETECTION] Is the TR/Spy.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C:\lsass.exe [DETECTION] Is the TR/Spy.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [NOTE] The driver could not be initialized. [NOTE] The file is scheduled for deleting after reboot. C: egpid.exe [DETECTION] Is the TR/Tiny.705 Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C:\sonfj.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [NOTE] The driver could not be initialized. [NOTE] The file is scheduled for deleting after reboot. C:\sufp.exe [DETECTION] Is the TR/Tiny.705 Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C: jhnrirl.exe [DETECTION] Is the TR/Tiny.705 Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [NOTE] The driver could not be initialized. [NOTE] The file is scheduled for deleting after reboot. C:\Program Files\Manson\liser.dll [DETECTION] Is the TR/PSW.Wowsteal.AO!dll.1 Trojan [NOTE] The file was moved to '4aa54a3e.qua'! C:\Program Files\MATLAB\R2008a oolbox\imaq\imaqadaptors\kit\doc\adaptorkit.chm [NOTE] The file was moved to '4a934a39.qua'! C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TJVYQ0C\ccsuper3[1].htm [DETECTION] Is the TR/Tiny.705 Trojan [NOTE] The file was moved to '4aa54a3a.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9D70IZL8\went[1].exe [DETECTION] Contains recognition pattern of the DR/Autoit.YU dropper [NOTE] The file was moved to '4aa04a3c.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9D70IZL8\winrar[1].exe [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to '4aa04a40.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3VLY3B\ccsuper0[1].htm [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4f9e1b43.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT3VLY3B\pqz[1].exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4aac4a48.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDTIQTF6\ouuivaan[1].htm [DETECTION] Is the TR/Tiny.705 Trojan [NOTE] The file was moved to '4aa74a4c.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDTIQTF6\qjkxpcp[1].htm [DETECTION] Is the TR/Tiny.705 Trojan [NOTE] The file was moved to '4a9d4a41.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\av[1].exe [DETECTION] Is the TR/PSW.Wowsteal.AO!dll Trojan [NOTE] The file was moved to '4a8d4a4d.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\lakkl[1].htm [DETECTION] Is the TR/Tiny.705 Trojan [NOTE] The file was moved to '4a9d4a38.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWKUGMWL\oheefst[1].txt [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a974a3f.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXJKU79\atnaa[1].htm [DETECTION] Is the TR/Tiny.705 Trojan [NOTE] The file was moved to '4aa04a4b.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKUSV4KJ\agpdd[1].htm [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4aa24a3f.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKUSV4KJ\qwtkll[1].htm [DETECTION] Is the TR/Agent.cltv Trojan [NOTE] The file was moved to '4aa64a4f.qua'! C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0AQTMS\ccsuper1[1].htm [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4aa54a3b.qua'! C:\Users\hp\AppData\Local\Temp\265.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4a674a0e.qua'! C:\Users\hp\AppData\Local\Temp\380.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4a624a10.qua'! C:\Users\hp\AppData\Local\Temp\383.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4a654a10.qua'! C:\Users\hp\AppData\Local\Temp\479.exe [DETECTION] Is the TR/Hijacker.Gen Trojan [NOTE] The file was moved to '4a6b4a0f.qua'! C:\Users\hp\AppData\Local\Temp\856.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a684a0d.qua'! C:\Users\hp\AppData\Local\Temp\879.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4f398598.qua'! C:\Users\hp\AppData\Local\Temp\A545.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a664a0d.qua'! C:\Users\hp\AppData\Local\Temp\F69F.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a6b4a0e.qua'! C:\Users\hp\AppData\Local\Temp\init.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a9b4a46.qua'! C:\Users\hp\AppData\Local\Temp\~TM3D4F.tmp [DETECTION] Is the TR/Agent.cltv Trojan [NOTE] The file was moved to '4a7f4a2c.qua'! C:\Users\hp\AppData\Local\Temp\~TMAAC.tmp [DETECTION] Is the TR/Agent.cltv Trojan [NOTE] The file was moved to '4f25bc8d.qua'! C:\Users\hp\AppData\Local\Temp\~TMB433.tmp [DETECTION] Is the TR/Agent.cltv Trojan [NOTE] The file was moved to '4f24b445.qua'! C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fmnupd32.exe [DETECTION] Is the TR/Agent.cltv Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [NOTE] The driver could not be initialized. [NOTE] The file is scheduled for deleting after reboot. C:\Users\hp\Desktop\Master Docs II\Forum Université-Entreprise\dossier_master\deplialts\matiere_condensee.pdf [DETECTION] Contains HEUR/HTML.Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4aa64a3b.qua'! C:\Users\hp\Desktop\Master Docs II\Master\dossier_master lahroussi.rar [NOTE] The file was moved to '4aa54a49.qua'! C:\Users\hp\Desktop\Master Docs II\Master\dossier_master_lahroussi.rar [NOTE] The file was moved to '4ff84fe2.qua'! C:\Users\hp\Desktop\Master Docs II\Master\dossier_master\deplialts\matiere_condensee.pdf [DETECTION] Contains HEUR/HTML.Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4fc6573c.qua'! C:\Users\hp\Downloads\eMule\Incoming\Dring 1.zip [NOTE] The file was moved to '4a9b4a4d.qua'! C:\Windows\DLL\RUNDLL32.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to '4a804a30.qua'! C:\Windows\System32\fci.exe.exe:ext.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a9b4a3e.qua'! C:\Windows\System32\korn.exe [DETECTION] Is the TR/Midgare.yda Trojan [NOTE] The file was moved to '4aa44a4a.qua'! C:\Windows\System32\systemcatchX.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4aa54a54.qua'! C:\Windows\System32\xpsvc32.exe [DETECTION] Contains recognition pattern of the DR/Autoit.YU dropper [NOTE] The file was moved to '4aa54a4b.qua'! End of the scan: vendredi 12 juin 2009 12:28 Used time: 1:50:16 Hour(s) The scan has been done completely. 41896 Scanned directories 1048985 Files were scanned 46 Viruses and/or unwanted programs were found 11 Files were classified as suspicious 1 files were deleted 0 Viruses and unwanted programs were repaired 42 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 1048926 Files not concerned 4873 Archives were scanned 15 Warnings 53 Notes

jlpjlp · Answer

ok fais usbfix

evasion87 · Answer

je travail sur mode sans échec car sur Windows normal ça ne veut pas démarrer l'écran reste noir :(

jlpjlp · Answer

ok alors en mode sans echec

evasion87 · Answer

l'exécution en tant qu'administrateur ne veut pas démarrer on dirai que quelque chose la bloque elle démarre et se ferme juste après...toute seule

evasion87 · Answer

et explorer.exe se ferme et redémarre seule a chaque 4, 5 seconde

jlpjlp · Answer

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide. 


Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 

manuel ici :
http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_recherche.html

evasion87 · Answer

resalut!!

j'ai installer combofix!! je l'ai lancer il a passé 52 étapes ensuite il a tout seule fait redémarrer la machine mais quand elle a voulut demarer elle block sur le nom de hp au début avant même d'essayer de démarrer windows :(

je fais quoi?

jlpjlp · Answer

pour réparer tu peux tenter 


0/ Essaye de débrancher ton ordi puis tu appuie 2 minutes sur le bouton marche de la facade de ton ordi pour vider les condensateurs et initialiser 

rebranche et redemarre pour voir 


1/ de réparer à partir d'un cd de Windows XP PRO ... 

https://www.pcastuces.com/pratique/windows/xp/default.htm 

http://www.informatruc.com/reparer-windows-xp/ 


2/ à partir d'une disquette de démarrage XP pro du coup à créer (regarde le lien suivant) 

http://www.trucs-et-astuces-windows.com/disquette_boot/disqu­ette_boot.html 



si tu ne trouve pas de cd xp pro utilise une disquette de démarrage. il faut démarrer l'ordi a partir de la disquette (si besoin configurer le bios pour qu'il démarre à partir de la disquette comme indiqué dans le lien 1 et mettre floppy ou disquette et non cd). 

attention il se peut que le clavier soit provisoirement configuré pour les langes anglaises. pour vérifier appuyer sur la touche a . si un q s'affiche c'est le cas. Efface cette lettre test avec la touche retour arrière. 


TAPEZ chkdsk/f C:/ (attention il y a un espace entre f et C:/) (C en majuscule) 

puis appuyer sur ENTREE 

si le clavier lors du test est en anglais il faut pour avoir le bon affichage TAPEZ chkdsk!f CM* ( espace entre le f et C) 


https://www.commentcamarche.net/contents/1014-disquette-boot 



3/ utiliser Antivir Rescue System pour scanner ton ordi à partir d'un cd et éradiquer les infections (il faut démarrer l'ordi à partir du cd en modifiant dans le bios l'ordre de démarrage) 

https://www.malekal.com/tutoriels-logiciels/ 

ou DR WEB live cd (même principe que Antivir rescue system)

https://free.drweb.com/aid_admin/


4/ utiliser le cd ULTIMATE BOOT CD (pour réparer Windows, ou désinfecter l'ordi, ou rechercher un problème matériel ou....) 

http://www.kachouri.com/tuto/tuto-288-ultimate-boot-cd-34.ht­ml 

http://ubcd.sourceforge.net// 




5/ utiliser un cd de boot linux pour récupérer tes données et tenter de réparer 
https://ubuntu.com/
http://knoppix-fr.org/ 
http://www.commentcamarche.net/faq/sujet 4883 knoppix utiliser knoppix comme cd de secours
http://www.commentcamarche.net/faq/sujet 15947 sauver vos documents d un windows mort avec un cd live linux


6/ 
sinon pour récupérer tes données on tenter de désinfecter: 

tu peux brancher ton disque dur sur un autre ordi en disque esclave ou en disque externe : et ainsi aller chercher tes données 

ou alors tu rajoute un nouveau disque dans ton ordi sur lequel tu installe windows ou linux pour démarrer dessus et tu récupères tes données sur ton ancien disque que tu auras bien sûr au préalable mis en disque esclave 

tu peux ensuite formater le disque infecté ou le remettre si il a été désinfecté 

7/ malheureusement si rien ne marche il faudra formater et réinstaller xp 

puis remettre les antivirus et pare-feu et seulement ensuite (après avoir été protégé) aller sur Internet pour réinstaller Windows update (dans démarrer puis Windows update) 

http://www.depannetonpc.net/­er-windows.html 

http://www.ybet.be/depanner/install_windows.php

evasion87 · Answer

j'ai windows vista

jlpjlp · Answer

ok


1/ Essaye de débrancher ton ordi puis tu appuie 2 minutes sur le bouton marche de la facade de ton ordi pour vider les condensateurs et initialiser

rebranche et redemarre pour voir


2/ de réparer à partir d'un cd de Windows vista


pour reparer vista:

http://www.vista-xp.fr/forum/topic428.html


3/ utiliser Antivir Rescue System pour scanner ton ordi à partir d'un cd et éradiquer les infections (il faut démarrer l'ordi à partir du cd en modifiant dans le bios l'ordre de démarrage)

https://www.malekal.com/tutoriels-logiciels/

ou DR WEB live cd (même principe que Antivir rescue system)

https://free.drweb.com/aid_admin/


4/ utiliser le cd ULTIMATE BOOT CD (pour réparer Windows, ou désinfecter l'ordi, ou rechercher un problème matériel ou....)

http://www.kachouri.com/tuto/tuto-288-ultimate-boot-cd-34.ht­­ml

http://ubcd.sourceforge.net//




5/ utiliser un cd de boot linux pour récupérer tes données et tenter de réparer
https://ubuntu.com/
http://knoppix-fr.org/
https://www.commentcamarche.net/list 4883 knoppix utiliser knoppix comme cd de secours
https://www.commentcamarche.net/list 15947 sauver vos documents d un windows mort avec un cd live linux


6/
sinon pour récupérer tes données on tenter de désinfecter:

tu peux brancher ton disque dur sur un autre ordi en disque esclave ou en disque externe : et ainsi aller chercher tes données

ou alors tu rajoute un nouveau disque dans ton ordi sur lequel tu installe windows ou linux pour démarrer dessus et tu récupères tes données sur ton ancien disque que tu auras bien sûr au préalable mis en disque esclave

tu peux ensuite formater le disque infecté ou le remettre si il a été désinfecté

7/ malheureusement si rien ne marche il faudra formater et réinstaller xp

puis remettre les antivirus et pare-feu et seulement ensuite (après avoir été protégé) aller sur Internet pour réinstaller Windows update (dans démarrer puis Windows update)

http://www.depannetonpc.net/­­er-windows.html

http://www.ybet.be/depanner/install_windows.php

evasion87 · Answer

il demarre mnt;
je vous envoie le compte rendu dans quelque minutes :)

evasion87 · Answer

heeeey t'as changé ton message! la ou tu m'as dit d'installer combofix !! pourquoi?!

jlpjlp · Answer

oui j'ai mis findykill pour virer bagle mais combofix le fait très bien aussi

Init.exe/csrcs.Exe explorer ne demare plus!!

16 réponses

Discussions similaires