Sujet Précédent Sujet Suivant

Probleme raccourcis disque dur, Cmd:Windows/system32

Fermé
sawasdesign Messages postés 9 Date d'inscription lundi 16 septembre 2013 Statut Membre Dernière intervention 20 décembre 2013 - 18 nov. 2013 à 06:31
sawasdesign Messages postés 9 Date d'inscription lundi 16 septembre 2013 Statut Membre Dernière intervention 20 décembre 2013 - 18 nov. 2013 à 07:03
Bonjour, j'ai un gros problem sur mes disques dur externs, tous mes dossiers se sont change en raccourci windows/system32/cmd, je ne peux plus y acceder, ca dit Trashes:08456blabla is missing, j ai deja lu beaucoup de forum a ce sujet mais rien y fait, j'ai commencer par winlogon.exe puis USB Fix, mais usb fix plante toujours a 23%, je ne sais plus quoi faire, svp aidez moi ! Merci d'avance pour votre aide
A voir également:

1 réponse

Réponse 1 / 1
sawasdesign Messages postés 9 Date d'inscription lundi 16 septembre 2013 Statut Membre Dernière intervention 20 décembre 2013
18 nov. 2013 à 07:03
Je vient d executer Rogue Killer, voice le rapport :
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : https://www.adlice.com/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Julien [Admin rights]
Mode : Scan -- Date : 11/18/2013 12:58:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SDP (C:\Users\Julien\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Screen Saver Pro 3.1 (C:\Users\Julien\AppData\Roaming\ScreenSaverPro.scr [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Ejouoy (C:\Users\Julien\AppData\Roaming\Microsoft\Ejouoy.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2579412773-3148259006-4144645973-1000\[...]\Run : SDP (C:\Users\Julien\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2579412773-3148259006-4144645973-1000\[...]\Run : Screen Saver Pro 3.1 (C:\Users\Julien\AppData\Roaming\ScreenSaverPro.scr [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2579412773-3148259006-4144645973-1000\[...]\Run : Ejouoy (C:\Users\Julien\AppData\Roaming\Microsoft\Ejouoy.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2579412773-3148259006-4144645973-1001\[...]\Run : SDP (C:\Users\UpdatusUser\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto [x][x][x]) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Windows : load (C:\Users\Julien\LOCALS~1\Temp\cchzqo.cmd [x]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Windows : load (C:\Users\Julien\LOCALS~1\Temp\cchzqo.cmd [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] Dealply.job : C:\Users\Julien\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe - /Check [x] -> FOUND
[V2][ROGUE ST] 4796 : wscript.exe - C:\Users\Julien\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][SUSP PATH] Dealply : C:\Users\Julien\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe - /Check [x] -> FOUND
[V2][SUSP PATH] ebrthrjidh : C:\ProgramData\07f7r.exe [x] -> FOUND
[V2][SUSP PATH] EPUpdater : C:\Users\Julien\AppData\Roaming\BabSolution\Shared\BabMaint.exe [-] -> FOUND
[V2][SUSP PATH] ssxmauydxi : C:\ProgramData\07f7r.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x83E721F8)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69221E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x76E146E9)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69221E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x76E146E9)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69221E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x76E146E9)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69221E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x771E46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x76E146E9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] 4c302f1606305674e013f6e90ae4e167
[BSP] 2eea5220882df74f0d304ca92ac7dd5e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99905 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204812685 | Size: 205236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) WD 6400AAV External USB Device +++++
--- User ---
[MBR] 3f9702d70b60c97087314a200ff2a8fd
[BSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Seagate FreeAgent GoFlex USB Device +++++
--- User ---
[MBR] fd6cf94d60144c380cdcb735cd051aa0
[BSP] 26abb761083c8c1cdded836c920e8a6e : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11182013_125823.txt >>
0