Mise à jour windows désactivé - Page 2

Résolu
Précédent
  • 1
  • 2
  1. tut
     
    le lien pour combofix dans le premier post est infesté de virus .... 6 détectés avec avira ... merci d'aider -_-
    0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut tut,

    N´utilise pas combofix, tout seul !!!

    Puis

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0
  3. green-info Messages postés 9 Statut Membre
     
    slt seb , c'est simple pour activer le mise a jours windows :
    1- cmd (DOS)
    2-wupdmgr
    0
  4. Dj_RaSh
     
    salut a tous ,
    bon jai realisé le scan avec combofix.exe et sa ma donné ce resultat :

    ComboFix 08-11-09.04 - Administrateur 2008-11-10 22:18:41.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1674 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\ComboFix.exe
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\config.ini
    c:\windows\system32\cttuleps.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\jkkjkLBt.dll
    c:\windows\system32\mkghj.dll
    c:\windows\system32\packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\puhjufpx.dll
    c:\windows\system32\speluttc.ini
    c:\windows\system32\tBLkjkkj.ini
    c:\windows\system32\tBLkjkkj.ini2
    c:\windows\system32\wpcap.dll
    c:\windows\system32\xpfujhup.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-10 20:58 . 2008-11-10 20:58 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-10 20:58 . 2008-11-10 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-10 20:58 . 2008-11-10 20:58 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-10 20:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-10 20:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-10 14:47 . 2008-04-13 19:33 1,737,856 --------- c:\windows\system32\mtxparhd.dll
    2008-11-10 14:42 . 2008-11-10 14:48 <REP> d-------- c:\windows\ServicePackFiles
    2008-11-10 14:32 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u02929_.tmp
    2008-11-10 09:55 . 2008-11-10 09:55 35,840 --a------ c:\windows\system32\rqRIxvUO.dll
    2008-11-10 09:55 . 2008-11-10 09:55 35,840 --a------ c:\windows\system32\opnlLfCv.dll
    2008-11-09 21:01 . 2008-11-09 21:30 <REP> d-------- c:\program files\Net Tools
    2008-11-08 10:09 . 2008-11-08 10:09 <REP> d-------- c:\documents and settings\All Users\Application Data\PopCap
    2008-11-07 10:58 . 2008-11-07 10:58 182,827 --a------ c:\windows\IceOp4 Uninstaller.exe
    2008-11-07 10:39 . 2008-11-07 10:39 <REP> d-------- c:\program files\Rapid Hacker
    2008-11-06 04:11 . 2008-11-06 04:11 <REP> d-------- c:\program files\MSXML 6.0
    2008-11-05 15:27 . 2008-11-05 15:29 1,905 --a------ c:\windows\diagwrn.xml
    2008-11-05 15:27 . 2008-11-05 15:29 1,905 --a------ c:\windows\diagerr.xml
    2008-11-05 15:12 . 2008-11-05 15:12 <REP> d-------- c:\program files\Microsoft Virtual PC
    2008-11-05 12:46 . 2008-11-05 12:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ICQ
    2008-11-05 12:45 . 2008-11-05 13:12 <REP> d-------- c:\program files\ICQ6
    2008-11-05 12:17 . 2008-11-05 12:17 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Messenger_for_Skype
    2008-11-05 09:55 . 2008-11-05 09:55 <REP> d-------- c:\documents and settings\Administrateur\.java
    2008-11-05 08:53 . 2008-11-05 08:53 <REP> d-------- c:\documents and settings\Administrateur\Tracing
    2008-11-05 08:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
    2008-11-05 08:49 . 2008-11-05 08:49 <REP> d-------- c:\program files\Microsoft
    2008-11-05 08:47 . 2008-11-05 08:47 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2008-11-04 08:31 . 2008-11-04 08:31 <REP> d-------- c:\program files\JavaSoft
    2008-11-04 08:31 . 2006-03-09 17:57 45,175 --------- c:\windows\system32\plugincpl131_18.cpl
    2008-11-04 08:31 . 2006-03-09 17:57 36,972 --------- c:\windows\system32\ActPanel.dll
    2008-11-04 03:52 . 2008-11-04 04:01 <REP> d-------- c:\program files\Spyware Doctor
    2008-11-04 03:52 . 2008-11-04 03:52 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Tools
    2008-11-04 03:52 . 2008-11-04 03:52 <REP> d-------- c:\documents and settings\Administrateur\Application Data\PC Tools
    2008-11-04 03:40 . 2008-11-04 03:40 51,355 --a------ c:\windows\system32\muzika.xm
    2008-11-04 03:03 . 2008-11-04 04:00 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2008-11-01 08:09 . 2008-11-02 13:26 <REP> d-------- c:\program files\Counter-Strike 1.6
    2008-10-31 17:14 . 2008-10-31 17:16 <REP> d-------- c:\windows\nview
    2008-10-31 17:14 . 2005-04-14 23:18 176,128 --a------ c:\windows\system32\nvudisp.exe
    2008-10-31 17:14 . 2005-04-14 23:18 14,531 --a------ c:\windows\system32\nvdisp.nvu
    2008-10-31 17:02 . 2005-04-14 23:18 5,562,368 --a------ c:\windows\system32\nvcpl.dll
    2008-10-31 10:07 . 2008-10-31 10:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-10-31 09:43 . 2008-10-31 09:43 <REP> d-------- c:\program files\Circle Developement
    2008-10-31 09:42 . 2008-10-31 09:42 <REP> d-------- c:\program files\Messenger Plus! Live
    2008-10-31 09:24 . 2005-02-01 14:20 5,760,056 --a------ c:\windows\Darkstar.bmp
    2008-10-31 09:22 . 2008-10-31 15:16 <REP> d-------- c:\program files\AlienGUIse
    2008-10-31 09:22 . 2003-02-26 21:27 36,864 --a------ c:\windows\system32\wbsys.dll
    2008-10-31 09:02 . 2008-10-31 09:40 <REP> d-------- c:\windows\TrueTransparency
    2008-10-31 09:01 . 2004-08-25 10:41 219,648 --a------ c:\windows\system32\uxtheme.backup
    2008-10-30 04:07 . 2008-10-30 04:07 <REP> d-------- c:\program files\Opera
    2008-10-29 18:49 . 2008-10-29 18:51 <REP> d-------- c:\program files\ESET
    2008-10-29 12:34 . 2008-10-29 12:34 <REP> d-------- c:\windows\CAVTemp
    2008-10-29 12:13 . 2008-10-29 12:13 <REP> d-------- c:\documents and settings\LocalService\Application Data\CallingID
    2008-10-29 11:02 . 2008-10-29 11:02 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-29 11:00 . 2008-10-29 18:48 <REP> d-------- c:\windows\rnapxs
    2008-10-29 10:55 . 2008-10-29 18:48 <REP> d-------- c:\documents and settings\All Users\Application Data\CA
    2008-10-27 12:29 . 2008-10-27 21:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-10-27 08:50 . 2008-11-09 21:02 <REP> d-------- c:\program files\WinPcap
    2008-10-25 11:38 . 2008-10-25 11:38 <REP> d-------- c:\documents and settings\LocalService\Menu Démarrer
    2008-10-25 10:56 . 2008-10-25 13:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
    2008-10-24 15:27 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\DllCache\netapi32.dll
    2008-10-16 09:23 . 2008-11-07 10:58 <REP> d-------- c:\program files\IceOp4
    2008-10-16 02:53 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\DllCache\ntoskrnl.exe
    2008-10-16 02:53 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
    2008-10-16 02:53 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
    2008-10-16 02:53 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\DllCache\ntkrpamp.exe
    2008-10-16 02:52 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\DllCache\win32k.sys
    2008-10-16 02:28 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\DllCache\srv.sys
    2008-10-12 10:19 . 2008-10-12 10:19 <REP> d-------- c:\program files\Evidence Eliminator
    2008-10-11 21:41 . 2008-10-11 21:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\.gaim

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-10 21:03 --------- d-----w c:\program files\SuperCopier2
    2008-11-10 19:38 --------- d-----w c:\program files\MSN Messenger
    2008-11-10 08:20 --------- d-----w c:\program files\eMule
    2008-11-10 01:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Skype
    2008-11-09 23:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
    2008-11-09 11:43 --------- d-----w c:\documents and settings\Administrateur\Application Data\TeamViewer
    2008-11-09 09:23 --------- d-----w c:\program files\Java
    2008-11-05 11:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-05 08:01 --------- d-----w c:\program files\Windows Live
    2008-11-04 07:36 --------- d-----w c:\program files\JAP
    2008-11-02 10:17 --------- d-----w c:\program files\Camfrog
    2008-10-26 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
    2008-10-23 16:54 --------- d-----w c:\program files\TeamViewer3
    2008-10-17 11:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-14 23:39 --------- d-----w c:\program files\IceOp
    2008-10-12 15:19 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
    2008-10-11 23:12 --------- d-----w c:\documents and settings\Administrateur\Application Data\Paltalk
    2008-10-06 10:06 --------- d-----w c:\documents and settings\Administrateur\Application Data\WNR
    2008-10-03 15:59 --------- d-----w c:\program files\7-Zip
    2008-09-30 11:38 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2008-09-30 11:35 --------- d-----w c:\program files\microsoft frontpage
    2008-09-21 15:12 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
    2008-09-21 15:12 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
    2008-09-21 15:10 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-09-16 21:28 --------- d-----w c:\program files\Fichiers communs\ACD Systems
    2008-09-16 20:16 --------- d-----w c:\documents and settings\Administrateur\Application Data\ACD Systems
    2008-09-16 17:10 --------- d-----w c:\program files\Easy GIF Animator
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-11 08:25 --------- d-----w c:\documents and settings\Administrateur\Application Data\ESET
    2008-09-11 08:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-09-10 10:17 --------- d-----w c:\program files\Skype
    2008-09-10 08:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\Symantec
    2008-09-05 21:30 952,360 ------w c:\windows\system32\DllCache\WgaTray.exe
    2008-09-05 21:30 267,304 ------w c:\windows\system32\DllCache\wgaLogon.dll
    2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
    2008-08-20 05:10 670,208 ------w c:\windows\system32\DllCache\wininet.dll
    2008-08-20 05:10 620,544 ------w c:\windows\system32\DllCache\urlmon.dll
    2008-08-20 05:10 3,088,896 ------w c:\windows\system32\DllCache\mshtml.dll
    2008-08-20 05:10 1,499,648 ------w c:\windows\system32\DllCache\shdocvw.dll
    2008-08-14 13:23 2,191,232 ----a-w c:\windows\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w c:\windows\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w c:\windows\system32\DllCache\afd.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9950772D-AF73-4AEA-80B6-C251EC40EA30}]
    2008-11-10 09:55 35840 --a------ c:\windows\system32\rqRIxvUO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-14 5562368]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 c:\windows\AGRSMMSG.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 c:\windows\RTHDCPL.EXE]
    "nwiz"="nwiz.exe" [2005-04-14 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{9950772D-AF73-4AEA-80B6-C251EC40EA30}"= "c:\windows\system32\rqRIxvUO.dll" [2008-11-10 35840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxvUO]
    2008-11-10 09:55 35840 c:\windows\system32\rqRIxvUO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:TCP"= 443:TCP:TCP port 443 ooVoo
    "443:UDP"= 443:UDP:UDP port 443 ooVoo
    "37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
    "37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
    "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
    "37676:TCP"= 37676:TCP:*:Disabled:TCP port 37676 ooVoo
    "37676:UDP"= 37676:UDP:*:Disabled:UDP port 37676 ooVoo
    "37677:UDP"= 37677:UDP:*:Disabled:UDP port 37677 ooVoo

    S3 PAC207;VideoCAM GF112;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{7DA507EF-3353-4C60-8CD4-AE0A8D9EA53E} - c:\windows\system32\jkkjkLBt.dll
    HKLM-Run-48e8e646 - c:\windows\system32\puhjufpx.dll

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\u77p45ik.default\
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-10 22:27:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\system32\winlogon.exe
    -> c:\windows\system32\rqRIxvUO.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\ESET\ESET Smart Security\ekrn.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PAStiSvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-10 22:35:27 - La machine a redémarré [Administrateur]
    ComboFix-quarantined-files.txt 2008-11-10 21:35:09

    Avant-CF: 13,261,930,496 octets libres
    Après-CF: 13,892,411,392 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    246 --- E O F --- 2008-11-06 03:11:55

    en indicant que g du m connecter pour permettre a combofix de telecharger BootDisk-FRA.exe du site microsoft.
    alors , keske vous me conseillez , chui entrain de scanner mon pc avc Malwarebytes , keske et j vous tienderai informés , mé si c inutile , veuillez m'aider, merci
    0
Précédent
  • 1
  • 2