[virus] Il annule mes setup et ralenti mon pc - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salut

En fait il redemarre pas?
Redemarre manuellement alors.

A+
0
Réponse 22 / 37
Franckyll
 
t'es sur qu'en le rédemarrant Manuellement, pocket killbox va quand meme exécuter sa suppression ? Et faut il que je redémarre avec le message d'erreur afficher ou je clique sur ok , puis je ferme pocket killbox ?
0
Réponse 23 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salut

Oui oui t inquietes pas lol
Tu clik sur ok, tu fermes kill box et toutes les applications et tu redemarres.

A+
0
Réponse 24 / 37
Franckyll
 
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]

Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

E:\
INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]

Startup items in "Fr@nckyll" & "All Users" startup folders:
-----------------------------------------------------------

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{052B12F7-86FA-4921-8482-26C42316B522}"
-> {HKLM...CLSID} = "Safety Bar"
\InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
-> {HKLM...CLSID} = "TextAloud"
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines

HOSTS file
----------

H:\WINDOWS\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 156 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 25 seconds.
---------- (total run time: 278 seconds)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salut

Ahh le bougre, il resiste lol mais on l aura :-)

Regarde s il apparait maintenant:
H:\Program Files\Windows\WinUpdate.exe

(il est dans le H)

Et aussi fais ceci stp:

demarer < poste de travail < c < windows < systeme32< drivers < etc < host, ouvre le avec le bloc note, copie/colle ici ce qu il contient.

A+
0
Réponse 26 / 37
Franckyll
 
Le fichier H:\Program Files\Windows\WinUpdate.exe est toujours introuvable ( même en affichant les fichier cachés et systèmes)

Voici le rapport :

# Copyright (c) 1993-2004 Microsoft Corp.
#
# AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

0.0.0.0 www.zango.com
0.0.0.0 zango.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
0
Réponse 27 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salut

Ce qui est la:

0.0.0.0 www.zango.com
0.0.0.0 zango.com

Se trouve dans le fichier host?

a+
0
Réponse 28 / 37
Franckyll
 
Oui.
0
Réponse 29 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salut

Tu les supprimes, pour qu il ne reste plus que ceci: 

# Copyright (c) 1993-2004 Microsoft Corp. 
# 
# AutoGenerated by Microsoft (R) Windows (R) Malicious Software Removal Tool. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
# 102.54.94.97 rhino.acme.com # source server 
# 38.25.63.10 x.acme.com # x client host 

127.0.0.1 localhost


Puis clik fichier < enregistrer.

Redemarre, verifie que c est toujours comme au dessu et regarde si tu vois le fichier maintenant

a+
0
Réponse 30 / 37
Franckyll
 
Le fichier Hosts a bien été modifié , mais le fichier WinUpdate.exe reste toujours introuvable ... :/
0
Réponse 31 / 37
Franckyll
 
Je joint aussi un rapport bitdefender au cas où :
--------------------------------------------------------------------------
BitDefender Online Scanner

Rapport d'analyse généré à: Wed, Jul 19, 2006 - 04:48:03

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;

Statistiques

Temps
01:54:30

Fichiers
319109

Directoires
5762

Secteurs de boot
5

Archives
10112

Paquets programmes
22767

Résultats

Virus identifiés
2

Fichiers infectés
43

Fichiers suspects
0

Avertissements
0

Désinfectés
39

Fichiers effacés
0

Info sur les moteurs

Définition virus
411865

Version des moteurs
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Analyse des plugins
13

Archive des plugins
39

Unpack des plugins
5

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
Infecté par: Win32.Virtob.C

C:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dc3\wwpClean.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5B.tmp
Désinfecté

H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Local Settings\Temp\set5C.tmp
Désinfecté

H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Local Settings\Temporary Internet Files\Content.IE5\RK5VBL56\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
Infecté par: Win32.Virtob.C

H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk=>H:\Program Files\IntelliTamper\intellitamper.exe
Désinfecté

H:\Documents and Settings\Fr@nckyll\Menu Démarrer\Programmes\IntelliTamper\IntelliTamper.lnk
Mis à jour

H:\Program Files\ewido anti-malware\ewidoguard.exe
Infecté par: Win32.Virtob.C

H:\Program Files\ewido anti-malware\ewidoguard.exe
Désinfecté

H:\Program Files\ewido anti-malware\SecuritySuite.exe
Infecté par: Win32.Virtob.C

H:\Program Files\ewido anti-malware\SecuritySuite.exe
Désinfecté

H:\Program Files\ewido anti-spyware 4.0\ewido.exe
Infecté par: Win32.Virtob.C

H:\Program Files\ewido anti-spyware 4.0\ewido.exe
Désinfecté

H:\Program Files\ewido anti-spyware 4.0\guard.exe
Infecté par: Win32.Virtob.C

H:\Program Files\ewido anti-spyware 4.0\guard.exe
Echec de la désinfection

H:\Program Files\ewido anti-spyware 4.0\guard.exe
Echec de la suppression

H:\Program Files\MSN Messenger\msnmsgr.exe
Infecté par: Win32.Virtob.C

H:\Program Files\MSN Messenger\msnmsgr.exe
Echec de la désinfection

H:\Program Files\MSN Messenger\msnmsgr.exe
Echec de la suppression

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
Infecté par: Win32.Virtob.C

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh53\WoW.exe
Désinfecté

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
Infecté par: Win32.Virtob.C

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh56.exe
Désinfecté

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
Infecté par: Win32.Virtob.C

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh57.exe
Désinfecté

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
Infecté par: Win32.Virtob.C

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh62.exe
Désinfecté

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
Infecté par: Win32.Virtob.C

H:\RECYCLER\S-1-5-21-1757981266-2139871995-682003330-1003\Dh66.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046500.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046573.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046574.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046575.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046576.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046578.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046579.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046592.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046607.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046608.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046728.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046730.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046731.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046732.exe
Désinfecté

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
Infecté par: Win32.Virtob.C

H:\System Volume Information\_restore{C1233D5B-F63E-4BAC-9191-D4077F362C27}\RP43\A0046733.exe
Désinfecté

H:\WINDOWS\system32\ati2evxx.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\ati2evxx.exe
Echec de la désinfection

H:\WINDOWS\system32\ati2evxx.exe
Echec de la suppression

H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
Désinfecté

H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Désinfecté

H:\WINDOWS\system32\Process.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\Process.exe
Désinfecté

H:\WINDOWS\system32\spoolsv.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\spoolsv.exe
Echec de la désinfection

H:\WINDOWS\system32\spoolsv.exe
Echec de la suppression

H:\WINDOWS\system32\swreg.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\swreg.exe
Désinfecté

H:\WINDOWS\system32\swsc.exe
Infecté par: Win32.Virtob.C

H:\WINDOWS\system32\swsc.exe
Désinfecté
0
Réponse 32 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Il infecte tous les executables ce c** !

Lance un scan avec bitdefender.

Puis;

Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- -Sélectionne "single File"
copie et colle:

H:\Program Files\Windows\WinUpdate.exe

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.

Au redemarrage lance ewido et donne le rapport!

Puis remet un silent runner
0
Réponse 33 / 37
Franckyll
 
Salut,
J'ai un problème, quand je lance silent runner et que je lui demande de scanner, j'ai ce message d 'erreur : Http://dj.franckyll.free.fr/erreur silent runner.jpg
Qu'est ce que c'est ? Que faut uk que je fasse ?
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:57:10 21/07/2006

+ Scan result:

Nothing found.

::Report end

----------------------------------------------------------------------------
0
Réponse 34 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Re,

tu peux essayer de le retelecharger?
0
Réponse 35 / 37
Franckyll
 
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "H:\Program Files\Windows\WinUpdate.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Win32 Security Protocol" = "secure32.exe" [file not found]
"LogitechSoftwareUpdate" = ""H:\Program Files\Logitech\ManifestEngine.exe" boot" ["Logitech Inc."]
"BitTorrent" = ""H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"LVCOMSX" = "H:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "H:\Program Files\Logitech\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "H:\Program Files\Logitech\LogiTray.exe" ["Logitech Inc."]
"Win32 Security Protocol" = "secure32.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "H:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "H:\WINDOWS\System32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "H:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "H:\Program Files\Logitech\Namespc2.dll" ["Logitech Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e OODBS" [file not found], [MS], [file not found], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "H:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "H:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\photos\logo\logo noir & vert plastik.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "H:\WINDOWS\System32\sstext3d.scr" [MS]

Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

E:\
INFECTION WARNING! E:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]

Startup items in "Fr@nckyll" & "All Users" startup folders:
-----------------------------------------------------------

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Gamma Loader" -> shortcut to: "H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{052B12F7-86FA-4921-8482-26C42316B522}"
-> {HKLM...CLSID} = "Safety Bar"
\InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "h:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}" = (no title provided)
-> {HKLM...CLSID} = "TextAloud"
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{052B12F7-86FA-4921-8482-26C42316B522}\(Default) = "Safety Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "H:\Program Files\Safety Bar\Safety Bar.dll" [null data]

HKLM\Software\Classes\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF}\(Default) = "TextAloud"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\TEXTAL~1\TAForIE.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@H:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

H:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "H:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 206 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 44 seconds.
---------- (total run time: 407 seconds)
0
Réponse 36 / 37
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
 
Salute,

Ou en sont tes soucis actuels?

a+
0
Réponse 37 / 37
don vincenzoo
 
salut j'ai le meme probleme !!!

j'ai trouvé un removal pour ce virus sur le site de grisoft !

le nom du virus c'est win32/virut !!!!
il infecte tout les .exe par injection de code dans les fichiers exe !
il n'utilise pas de rootkit pour se cacher mais l'injection!
pour l'instant aucun antivirus n'est capable de proteger et reparer ce virus(a ma connaissance!)

une grosse ***** qui infecte tout les .exe de tout tes disques !

ca craint vraiment !

il faut desactiver tout les options recuperations du systeme !

puis utiliser le removal en mode sans echec en l'ayant telecharger a partir d'un pc non infecté !
voici le lien :

http://www.grisoft.com/doc/34/us/crp/0/ndi/67762

moi mon probleme c'est que j'arrive pas a redemarrer en mode sans echec car il reboot des que je tente le mode sans echec !

donc logiquement j'ai formaté 250 gigas de donnés et je me suis dis ok ca va allé bien maintenant !

et bien non !!!!
il est toujours la ce -****** de virus de *******!!!!!!

donc moi ma solution va etre radicale : je sauvegarde tout mes fichiers importants (tout sauf des .exe car le virus n'infecte que ceux la)

et pour info j'avais avg antispyware a jour installé et avg antivirus 7.5 a jour installé lors de ma contamination !
le virus a contaminé l'antivirus qui detecté des fichiers infecté dans le \sys32 et qui les a donc supprimés ou mis en quarantaine puis au redemarrage plus acces a windows !!!
suite a un bidouillage je recupere la possibilité d'avoir acces a windows et meme en essayant avec avast je recevais un message comme quoi le prograùme est modifié illegalement et qu'il est risqué de continuer a utiliser le programme !

meilleur solution actuelle : sauvegardé tout vos fichiers importants (aucun .exe!!!!) et formater a fond tout vos disques durs !!

rrrrrrrrrrrrrrrrrrrrrrr

ca enerve !
0
Précédent
  • 1
  • 2

Discussions similaires

Bloqué dans le bios
ldjaps -
Marwan -

36 réponses