Centre de sécurité Windows et Smart fortress Fermé

Question

Bonjour à tous,

Le pc de mon amie vient de se faire envahir par smart fortress 2012. ce qui m'inquiète le plus c'est que le centre de sécurité windows est arrêté et que je ne peux pas le remettre en service.

Avez vous des infos sur la relance du centre de sécurité ?

J'ai consulté les posts récents sur ce malveillant programme, et j'ai téléchargé déjà Rogue killer, zhp diag et adwcleaner. Je vais déjà commencer le traitement avec Rogue Killer et voir ce que cela donne.

Merci pour vos infos !


Cordialement,

LT42

Configuration: Windows Vista / Internet Explorer 9.0

LT42 · Answer

Voici le rapport obtenu : RogueKiller V7.4.4 [08/05/2012] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: Martine [Droits d'admin] Mode: Suppression -- Date: 09/05/2012 17:26:11 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 7 ¤¤¤ [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[75] : NtCreateSection @ 0x82866E15 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0x9E178700) SSDT[276] : NtRequestWaitReplyPort @ 0x82878FC0 -> HOOKED (Unknown @ 0x8C7BCAF8) SSDT[289] : NtSetContextThread @ 0x828C7927 -> HOOKED (Unknown @ 0x8C7BCAF3) SSDT[314] : NtSetSecurityObject @ 0x827F503C -> HOOKED (Unknown @ 0x8C7BCAFD) SSDT[332] : NtSystemDebugControl @ 0x8282DED1 -> HOOKED (Unknown @ 0x8C7BCB02) SSDT[334] : NtTerminateProcess @ 0x82826153 -> HOOKED (Unknown @ 0x8C7BCA8F) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8C7BCB16) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8C7BCB1B) ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-60ZCT1 ATA Device +++++ --- User --- [MBR] 60532370a558600252276a562a5a568d [BSP] f63c2147160b57796f0b8b3f56bb8b0d : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229515 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 470048768 | Size: 8956 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: General USB Flash Disk USB Device +++++ --- User --- [MBR] 22bee8a6f46df8be29d18a5e4115adc9 [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 3800 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Merci pour votre aide. Cordialement, LT42

LT42 · Answer

Voici le deuxième rapport : RogueKiller V7.4.4 [08/05/2012] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: Martine [Droits d'admin] Mode: Suppression -- Date: 09/05/2012 17:26:11 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 7 ¤¤¤ [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[75] : NtCreateSection @ 0x82866E15 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0x9E178700) SSDT[276] : NtRequestWaitReplyPort @ 0x82878FC0 -> HOOKED (Unknown @ 0x8C7BCAF8) SSDT[289] : NtSetContextThread @ 0x828C7927 -> HOOKED (Unknown @ 0x8C7BCAF3) SSDT[314] : NtSetSecurityObject @ 0x827F503C -> HOOKED (Unknown @ 0x8C7BCAFD) SSDT[332] : NtSystemDebugControl @ 0x8282DED1 -> HOOKED (Unknown @ 0x8C7BCB02) SSDT[334] : NtTerminateProcess @ 0x82826153 -> HOOKED (Unknown @ 0x8C7BCA8F) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8C7BCB16) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8C7BCB1B) ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-60ZCT1 ATA Device +++++ --- User --- [MBR] 60532370a558600252276a562a5a568d [BSP] f63c2147160b57796f0b8b3f56bb8b0d : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229515 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 470048768 | Size: 8956 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: General USB Flash Disk USB Device +++++ --- User --- [MBR] 22bee8a6f46df8be29d18a5e4115adc9 [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 3800 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Merci d'avance pour ces lectures ! Cordialement, LT42