Virus: Your protection (rogue) - Page 2

Précédent
  • 1
  • 2
  1. tojo
     
    oups je pensais l'avoir fait

    http://www.cijoint.fr/cjlink.php?file=cj201004/cij3d1l2mi.txt

    http://www.cijoint.fr/cjlink.php?file=cj201004/cijhiEhGvt.txt
    0
  2. gen-hackman
     
    * Télécharge MyHosts.exe (de jeanmimigab) sur ton bureau.
    https://www.sfr.fr/fermeture-des-pages-perso.html
    * Clic sur l'icône du programme, et sur exécuter en tant qu'administrateur pour le lancer.
    * Poste le contenu du rapport qui s'ouvre.
    * Si aucun rapport ne s'ouvre, tu peux le retrouver à l'emplacement suivant : C:\MyHosts.txt

    ensuite :

    ▶ Télécharge DAFT !

    ▶ Sauvegarde-le sur ton Bureau.
    ▶ Dézippe le dossier le contenant (clic droit , extraire ici)
    ▶ clique-droit exécuter en tant qu'administrateur sur l'icône de DAFT se trouvant dans son dossier dézippé, présent sur ton bureau.
    ▶ Clique sur le bouton Scan.
    ▶ Sélectionne tout ce qui apparaît.
    ▶ Clique sur le bouton Fix.
    ▶ Ensuite relance DAFT. Si tout est OK, un message du type "All associations are OK" devrait apparaître.
    ▶ Ferme DAFT.

    ensuite :

    ▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    O33 - MountPoints2\{350104ac-0f21-11df-a524-001dbaefaf5b}\Shell - "" = AutoRun
    O33 - MountPoints2\{350104ac-0f21-11df-a524-001dbaefaf5b}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
    O33 - MountPoints2\{47230b10-01f2-11df-aaa2-001dbaefaf5b}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
    O33 - MountPoints2\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\Shell\AutoRun\command - "" = G:\SAVEST\\cista.exe -- File not found
    O33 - MountPoints2\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\Shell\open\command - "" = G:\SAVEST\\cista.exe -- File not found
    O33 - MountPoints2\{8451f041-10d0-11df-a904-001dbaefaf5b}\Shell - "" = AutoRun
    O33 - MountPoints2\{8451f041-10d0-11df-a904-001dbaefaf5b}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{8451f04f-10d0-11df-a904-001dbaefaf5b}\Shell - "" = AutoRun
    O33 - MountPoints2\{8451f04f-10d0-11df-a904-001dbaefaf5b}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
    O33 - MountPoints2\{b778e373-b9a0-11de-9048-002433746777}\Shell\AutoRun\command - "" = G:\start.exe -- File not found

    :Files
    C:\Windows\System32\drivers\ihazni.sys
    C:\Users\Jordy\AppData\Roaming\app

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Clique sur "Correction" pour lancer la suppression.

    ▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. tojo
     
    Le redémmarage s'est pas passé correctement. Le systeme plante systematiquement ( blue screen)

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350104ac-0f21-11df-a524-001dbaefaf5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350104ac-0f21-11df-a524-001dbaefaf5b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350104ac-0f21-11df-a524-001dbaefaf5b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350104ac-0f21-11df-a524-001dbaefaf5b}\ not found.
    File G:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47230b10-01f2-11df-aaa2-001dbaefaf5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47230b10-01f2-11df-aaa2-001dbaefaf5b}\ not found.
    File I:\setupSNK.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\ not found.
    File G:\SAVEST\\cista.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f953a72-22af-11df-bc8a-001dbaefaf5b}\ not found.
    File G:\SAVEST\\cista.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8451f041-10d0-11df-a904-001dbaefaf5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8451f041-10d0-11df-a904-001dbaefaf5b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8451f041-10d0-11df-a904-001dbaefaf5b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8451f041-10d0-11df-a904-001dbaefaf5b}\ not found.
    File I:\WD SmartWare.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8451f04f-10d0-11df-a904-001dbaefaf5b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8451f04f-10d0-11df-a904-001dbaefaf5b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8451f04f-10d0-11df-a904-001dbaefaf5b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8451f04f-10d0-11df-a904-001dbaefaf5b}\ not found.
    File H:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b778e373-b9a0-11de-9048-002433746777}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b778e373-b9a0-11de-9048-002433746777}\ not found.
    File G:\start.exe not found.
    ========== FILES ==========
    File move failed. C:\Windows\System32\drivers\ihazni.sys scheduled to be moved on reboot.
    C:\Users\Jordy\AppData\Roaming\app folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jordy
    ->Temp folder emptied: 497897 bytes
    ->Temporary Internet Files folder emptied: 947209 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 87377475 bytes
    ->Flash cache emptied: 3072 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2431246 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 87,00 mb

    OTL by OldTimer - Version 3.2.1.1 log created on 04132010_175324

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\System32\drivers\ihazni.sys scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    0
  5. gen-hackman
     

    /!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

    ________________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================


    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    ▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Avant d'utiliser ComboFix :
    ______________________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  6. tojoo
     
    j'ai oublié de le renommer en monprenom.exe
    Et l'antivirus s'est pas vraiment desactivé, néanmoins ça a pas l'air de l'avoir empeche de faire son travail
    voila le rapport :
    ComboFix 10-04-13.02 - Jordy 13/04/2010 18:32:57.1.2 - x86
    Lancé depuis: c:\users\Jordy\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3030196316-536579104-2439416212-500
    c:\$recycle.bin\S-1-5-21-3066476807-2649691290-3316902314-500
    c:\programdata\_VOIDmfeklnmal.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    c:\windows\system32\driVERs\ihazni.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_ihazni
    -------\Service_ihazni

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-13 au 2010-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-13 16:41 . 2010-04-13 16:43 -------- d-----w- c:\users\Jordy\AppData\Local\temp
    2010-04-13 16:41 . 2010-04-13 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-11 21:09 . 2010-04-11 21:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-04-11 16:42 . 2010-04-11 17:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-04-11 16:42 . 2010-04-11 16:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-11 16:29 . 2010-04-11 16:40 -------- d-----w- c:\program files\RegCleaner
    2010-04-11 16:25 . 2010-04-12 10:36 680 ----a-w- c:\users\Jordy\AppData\Local\d3d9caps.dat
    2010-04-09 17:38 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-09 17:38 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-09 14:58 . 2010-04-09 14:58 -------- d-----w- C:\_OTL
    2010-04-09 03:39 . 2010-04-09 03:39 -------- d-----w- C:\Kill'em
    2010-04-09 03:34 . 2010-04-09 03:34 88808 ----a-w- c:\users\Jordy\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-08 17:59 . 2010-04-11 17:46 -------- d-----w- c:\program files\List_Kill'em
    2010-04-08 13:36 . 2010-04-08 13:36 -------- d-----w- c:\users\Jordy\AppData\Roaming\Malwarebytes
    2010-04-08 13:35 . 2010-04-09 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-08 13:35 . 2010-04-08 13:35 -------- d-----w- c:\programdata\Malwarebytes
    2010-04-02 15:46 . 2010-04-03 11:13 -------- d-----w- c:\users\Jordy\AppData\Local\My Games
    2010-04-02 15:24 . 2010-04-02 15:24 -------- d-----w- c:\program files\Firaxis Games
    2010-03-19 15:24 . 2010-03-19 15:24 -------- d-----w- c:\users\Jordy\AppData\Roaming\Template

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-13 16:41 . 2009-03-23 01:15 12 ----a-w- c:\windows\bthservsdp.dat
    2010-04-13 05:52 . 2009-07-14 22:11 -------- d-----w- c:\users\Jordy\AppData\Roaming\vlc
    2010-04-13 05:52 . 2009-07-12 13:16 -------- d-----w- c:\users\Jordy\AppData\Roaming\Thunderbird
    2010-04-13 05:52 . 2010-03-14 13:51 -------- d-----w- c:\users\Jordy\AppData\Roaming\La Bataille pour la Terre du Milieu (TM) II
    2010-04-13 05:52 . 2010-02-13 02:15 -------- d-----w- c:\users\Jordy\AppData\Roaming\Bioshock2
    2010-04-13 05:52 . 2010-02-03 16:26 -------- d-----w- c:\users\Jordy\AppData\Roaming\Bioshock
    2010-04-13 05:52 . 2009-08-25 21:10 -------- d-----w- c:\users\Jordy\AppData\Roaming\dvdcss
    2010-04-13 05:52 . 2009-10-13 16:59 -------- d-----w- c:\programdata\FLEXnet
    2010-04-11 16:22 . 2009-07-12 15:31 1 ----a-w- c:\users\Jordy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-04-09 02:55 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2010-04-09 02:55 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-02 15:36 . 2009-03-23 02:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-17 12:02 . 2009-07-11 16:59 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-03-14 13:38 . 2010-03-14 13:38 -------- d-----w- c:\program files\Electronic Arts
    2010-03-11 02:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-03-11 02:05 . 2009-05-05 12:13 -------- d-----w- c:\programdata\Microsoft Help
    2010-03-01 17:00 . 2009-07-17 12:16 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-03-01 17:00 . 2009-07-17 12:16 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-02-26 12:00 . 2010-03-01 16:58 724992 ----a-w- c:\users\Jordy\AppData\Roaming\Mozilla\Firefox\Profiles\z5p76d5o.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
    2010-02-26 12:00 . 2010-03-01 16:58 1291640 ----a-w- c:\users\Jordy\AppData\Roaming\Mozilla\Firefox\Profiles\z5p76d5o.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
    2010-02-24 09:16 . 2009-10-03 09:23 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-03-31 10:10 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-03-31 10:10 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-03-31 10:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-03-31 10:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06 . 2010-03-11 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05 . 2010-03-11 02:00 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-02-20 20:53 . 2010-03-11 02:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-02-17 17:27 . 2009-05-05 12:06 -------- d-----w- c:\program files\Google
    2010-02-13 18:12 . 2009-07-25 02:21 -------- d-----w- c:\users\Jordy\AppData\Roaming\Apple Computer
    2010-02-13 18:12 . 2010-02-13 18:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2010-02-13 18:12 . 2009-07-12 15:20 -------- d-----w- c:\programdata\Apple
    2010-02-13 02:11 . 2010-02-13 02:11 -------- d-sh--w- c:\programdata\SecuROM
    2010-02-13 02:10 . 2010-02-13 02:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-02-13 01:55 . 2010-02-03 15:35 -------- d-----w- c:\program files\2K Games
    2010-02-12 10:32 . 2010-02-27 01:25 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-02-01 11:00 . 2010-02-01 11:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-01-25 12:00 . 2010-02-23 18:48 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-23 18:48 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-23 18:48 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-23 18:48 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-23 18:48 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-02-23 18:48 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-23 18:48 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-23 18:48 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-23 18:48 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26 . 2010-02-23 18:49 2048 ----a-w- c:\windows\system32\tzres.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-02 61440]
    "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

    c:\users\Jordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Audio Filter.lnk - c:\program files\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-5-5 3344680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-01-19 10:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):9c,8c,e2,68,2b,53,ca,01

    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-10 29736]
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
    S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-14 108289]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 17:27]

    2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 17:27]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: {9FC43582-197F-4958-AA24-8465DC761A8B} = 212.27.54.252
    FF - ProfilePath - c:\users\Jordy\AppData\Roaming\Mozilla\Firefox\Profiles\z5p76d5o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\users\Jordy\AppData\Roaming\Mozilla\Firefox\Profiles\z5p76d5o.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-13 18:43
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spls.sys >>UNKNOWN [0x85CA2938]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8b1a1d24
    \Driver\ACPI -> acpi.sys @ 0x807bbd68
    \Driver\iaStor -> iaStor.sys @ 0x8aa4beb0
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-2582767111-3107744122-1024548549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:63,b9,e2,f3,bd,ca,33,9c,22,97,72,74,5d,ca,4f,36,b7,09,bf,1b,47,d8,43,
    bf,41,87,68,33,14,87,e1,77,59,e4,66,ed,ad,c7,a8,1e,65,b9,c1,9c,54,c1,08,3c,\
    "??"=hex:51,33,ff,71,0c,16,5a,94,47,be,98,7c,ea,02,81,dd

    [HKEY_USERS\S-1-5-21-2582767111-3107744122-1024548549-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1e,ab,10,76,89,af,b8,85,6c,1b,e0,bc,f6,8b,c3,eb,a9,bc,9f,2a,99,
    9c,f8,0e,f7,2c,72,17,ba,24,d5,27,b3,5e,f1,db,2e,14,92,ae,91,7d,f4,fb,db,97,\
    "rkeysecu"=hex:32,e3,13,6d,8f,cc,9a,4a,df,68,66,51,d2,b6,42,a7

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(5404)
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Realtek\Audio\HDA\RtkAudioService.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\sony\Network Utility\NSUService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    c:\program files\Sony\VAIO Power Management\SPMService.exe
    c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Sony\VAIO Power Management\SPMgr.exe
    c:\windows\system32\conime.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-04-13 18:51:09 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-04-13 16:51

    Avant-CF: 124 972 199 936 octets libres
    Après-CF: 124 555 509 760 octets libres

    - - End Of File - - CACEAD9B5E5E5892549193DCAF4AD031
    0
  7. gen-hackman
     
    demarrer / accessoires / executer

    tape :

    SFC /SCANNOW (espace avant le "/" )

    laiise faire l'ordi , le cd de windows d'origine te sera demandé si fichier corrompu.................
    0
  8. tojo
     
    ça marche pas quand je tape ça dans executer.
    0
  9. tojo
     
    2010-04-13 23:24:18, Info CSI 0000015e [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2010-04-13 23:24:21, Info CSI 00000160 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2010-04-13 23:38:25, Info CSI 00000337 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2010-04-13 23:38:27, Info CSI 00000339 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2010-04-13 23:41:21, Info CSI 000003bb [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2010-04-13 23:41:21, Info CSI 000003bd [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

    Avec l'invite de commande voila ce qu'il arrive pas à réparer.
    0
  10. gen-hackman
     
    hello

    ça marche pas quand je tape ça dans executer.

    un message d'erreur ?
    0
Précédent
  • 1
  • 2