Quelques programmes ne s'ouvrent plus ! Résolu/Fermé

Question

Bonjour,
Quelques logiciels sur mon pc comme Utorrent, Document texte ne s'ouvrent plus. Pourriez-vous m'aider?
J'ai Windows 7 :)
Merci d'avance :)

fabul · Answer

Salut,

Pense tu a une infection ?

fabul · Answer

Fais un nettoyage avec AdwCleaner

Installe RegRun Reanimator

Clic sur "Fix problems".

Clic sur "Scan windows startup...".

Coche la case "Use deep level scanning once (For advanced users)".

Clic sur "Make scan now".

Clic sur "Fix problems".

Si il y a plus d'une quinzaine de détections, Prohibited/Suspicious , tu peux me le dire, on procédera différemment. 

Clic-droit dans le milieu de la fenêtre et choisis "Save to file" pour copier le résultat dans un fichier texte.

Nomme le 1 (tout court), le .txt sera généré automatiquement.

Clic sur la flèche verte pour passer a l'item suivant, fait comme pour le premier et nomme le 2, et ainsi de suite avec les autres.

A la fin, clic sur "Exit".

Poste les résultats contenus dans les fichiers texte dans ton prochain message. (Lire en bas)

Met un espace d'une ligne entre chaque item détecté pour que ça soit lisible.

PS:

Si l'ouverture des document txt ne fonctionne pas , poste les sur Cjoint et donne nous les lien Cjoint.

yazid20 · Answer

Voilà

Item Name: Windows Live{87,0,105,0,110,0,100,0,111,0,119,0,115,0,32,0,76,0,105,0,118,0,101,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0(512)}
Author: 
Related File: C:\Users\Cherkaoui\AppData\Roaming\Windows Live\vmgyorhygb.exe
Type: Zero Access Rootkit


Item Name: {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0(512)}
Author: 
Related File: 
Type: Zero Access Rootkit


Item Name: Windows Update Installer
Author: 
Current Setting: C:\USERS\CHERKAOUI\APPDATA\ROAMING\WINDOWSUPDATE\UPDATER.EXE
Type: Registry Run

Item Name: DownSave
Author: 
Current Setting: C:\PROGRAMDATA\DOWNSAVE\
Type: Unwanted Software Files

Item Name: RegularDeals
Author: 
Current Setting: C:\PROGRAMDATA\REGULARDEALS\
Type: Unwanted Software Files

Item Name: netcut.exe
Author: Arcai.com
Related File: C:\PROGRAM FILES\NETCUT\NETCUT.EXE
Type: Running Processes

Item Name: shell
Author: Unknown
Related File: C:\Users\Cherkaoui\AppData\Roaming\WindowsUpdate\MSupdate.exe,explorer.exe,C:\Users\Cherkaoui\AppData\Roaming\Update\MSupdate.exe
Type: User Shell

Item Name: Windows Live
Author: Unknown
Related File: C:\USERS\CHERKAOUI\APPDATA\ROAMING\WINDOWS LIVE\VMGYORHYGB.EXE
Type: Explorer Run

Item Name: 2484766543
Author: 
Related File: C:\PROGRA~2\msfpaittk.exe
Type: Explorer Run

Item Name: taskman
Author: Microsoft Corporation
Related File: C:\USERS\CHERKAOUI\APPDATA\ROAMING\WINDOWSUPDATE\MSUPDATE.EXE
Type: Winlogon System

Item Name: XFDriver
Author: 
Current Setting: \??\C:\Program Files\Xfire2\XFDriver.sys
Type: Drivers

Item Name: Windows Live Installer
Author: 
Current Setting: C:\USERS\CHERKAOUI\APPDATA\ROAMING\WINDOWSUPDATE\LIVE.EXE
Type: Registry Run

Item Name: Windows Update Manager
Author: 
Current Setting: C:\USERS\CHERKAOUI\APPDATA\ROAMING\WINDOWSUPDATE\MSUPDATE.EXE
Type: Registry Run

Item Name: c731200
Author: 
Current Setting: C:\USERS\CHERKAOUI\APPDATA\ROAMING\C731200
Type: Detected using Heuristic Algorithm

Item Name: VHDMP.SYS
Author: 
Current Setting: C:\WINDOWS\SYSTEM32\DRIVERS\VHDMP.SYS
Type: Detected using Heuristic Algorithm

Item Name: adwcleaner_4.205.exe
Author: 
Related File: C:\USERS\CHERKAOUI\DOWNLOADS\ADWCLEANER_4.205.EXE
Type: Running Processes

Item Name: RtVOsd.exe
Author: Realtek Semiconductor Corp.
Related File: C:\PROGRAM FILES\REALTEK\RTVOSD\RTVOSD.EXE
Type: Running Processes

Item Name: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
Author: 
Current Setting: https://www8.hp.com/fr/fr/home.html
Type: Internet Shortcuts

fabul · Answer

Recommence l'analyse et choisis False positive pour ceux la ->

Item Name: netcut.exe
Author: Arcai.com
Related File: C:\PROGRAM FILES\NETCUT\NETCUT.EXE
Type: Running Processes

Item Name: XFDriver
Author:
Current Setting: \??\C:\Program Files\Xfire2\XFDriver.sys
Type: Drivers

Item Name: VHDMP.SYS
Author:
Current Setting: C:\WINDOWS\SYSTEM32\DRIVERS\VHDMP.SYS
Type: Detected using Heuristic Algorithm

Item Name: adwcleaner_4.205.exe
Author:
Related File: C:\USERS\CHERKAOUI\DOWNLOADS\ADWCLEANER_4.205.EXE
Type: Running Processes

Item Name: RtVOsd.exe
Author: Realtek Semiconductor Corp.
Related File: C:\PROGRAM FILES\REALTEK\RTVOSD\RTVOSD.EXE
Type: Running Processes

Item Name: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
Author:
Current Setting: HTTP://REDIRECT.HP.COM/SVS/RDR?TYPE=4&TP=ONLINESVS&S=SNAPFISH&PF=CNNB&LOCALE=FR_FR&BD=ALL&C=104
Type: Internet Shortcuts


Choisis Get it out -> Delete pour tous les autres.

Clic Reboot a la fin et accepte pour redémarrer le PC.

Au redémarrage, il y aura peut être une autre analyse, note ce qui reste comme tu viens de faire.

fabul · Answer

Tu a Zero Access Rootkit

Il faudra surement que tu te crée une clé USB bootable ou un CD de Hiren's boot CD et que tu lance Reanimator a partir du Mini Windows XP de Hiren's boot CD.

https://forums.commentcamarche.net/forum/affich-37585754-hiren-boot-cd-tutoriel

Lance Reanimator dans Program Files -> Greatis -> Reanimator

Supprime Zero Access Rootkit

Quelques programmes ne s'ouvrent plus !

5 réponses

Discussions similaires