Forums Zebulon.fr: AIde pour un virus - Forums Zebulon.fr

Nettoyage

Double-clic sur l'icône OTLPE sur le Bureau.

A la demande Do you wish to load the remote registry cliquezYes
et de même Do you wish to load remote user profile(s) for scanning cliquez Yes
Vérifiez que Automatically Load All Remaining Users est bien coché et validez

copier/coller tout le texte suivant (en vert) dans la fenêtre de Personnalisation Custom Scan/Fixes

:OTL
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)
SRV - File not found [Auto] -- -- (icm10blk)
SRV - File not found [Auto] -- -- (ichaud)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | Boot] -- -- (iomdisk)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (hidfltr)
DRV - File not found [Kernel | On_Demand] -- -- (gmer)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (AvgLdx86)
DRV - File not found [Kernel | System] -- -- (Aspi32)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [File_System | Boot] -- -- (93849684)
DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

IE - HKU\postgres.HUTCHINSON-EDBC611A_ON_C\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
) (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\HUTCHINSON_Ken_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
9 - Extra Button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - HKU\HUTCHINSON_Ken_ON_C Winlogon: Shell - (C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2\X) - C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2\X ()
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: icm10blk - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: raidmagt - File not found
NetSvcs: wampmysqld - File not found
NetSvcs: issvc - File not found
NetSvcs: Blfp - File not found
NetSvcs: raidmsvr - File not found
NetSvcs: AYDrvNT_ALYAC - File not found
NetSvcs: a016bus - File not found
NetSvcs: nisvcloc - File not found
NetSvcs: etoksrv - File not found
NetSvcs: lxrjd31s - File not found
NetSvcs: nvstor64 - File not found
NetSvcs: pgpsdkservice - File not found
NetSvcs: Xponaut_WBD - File not found
NetSvcs: usrbridg - File not found
NetSvcs: razerusb - File not found
NetSvcs: nnsvc - File not found
NetSvcs: ichaud - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Badoo Desktop - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDMCon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDNewsAgent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDOESRV - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDSwitchAgent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Camfrog - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Mega Manager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: PC Usage - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - Reg Error: Value error. File not found
SafeBootMin: 93849684.sys - File not found
SafeBootMin: aawservice - Reg Error: Value error.
SafeBootNet: 93849684.sys - File not found
SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AFD - File not found
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
Drivers32: vidc.asv2 - asusasv2.dll File not found

[2012/01/13 13:28:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2
[2012/01/13 13:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HUTCHINSON Ken\Application Data\74050
[2012/01/13 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HUTCHINSON Ken\Application Data\74050

[2012/01/17 12:38:03 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\kooho.exe
[2012/01/17 05:51:51 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\kigoy.exe
[2012/01/13 14:04:47 | 000,289,280 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\3buj.exe
[2012/01/13 14:04:38 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\ciiteb.exe
[2012/01/13 14:04:34 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\b41Nq7f4.exe
[2012/01/13 14:04:33 | 000,937,984 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\woaxil.com
[2012/01/13 13:27:19 | 000,289,792 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\3eaj.exe
[2012/01/13 13:27:04 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\MDdyAsuPL1.exe


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[PURITY]
[EMPTYTEMP]
[REBOOT]

Dans la fenêtre de l'outil OTLPE, cliquez sur [bRun Fix][/b] ;
Patientez juqu'à l'apparition du rapport
Faites un "Shutdown" de l'environnement OTLPE (via le bouton "Start" au bas à gauche) et redémarrez normalement la machine infectée après avoir retiré le CD OTLPE.
collez le rapport de OTLPE dans votre réponse

Bonsoir,

J'ai lancé le runfix et laisser tourner pendant 5 heures.
Le processus semble bloqué.

En bas de la fenêtre est écrit:
Processing SafeBootMin: 93849684.sys - File not found


J'ai arrêter le processus, éteint le pc et essayé de booter sur le disque dur mais cela ne marche pas, j'ai un nouvel écran bleu différent de celui d'avant:

http://nsa21.casimag...12528101804.jpg


Le runfix est trèès long et j'ai interrompu trop tot ou bien il y a un problème ?

Ce message a été modifié par bondioune - 23 janvier 2012 - 11:16 .

Bonjour,

Erreur "STOP 0X0000007E (0XC0000005, 0Xxxxxxxxx, 0Xxxxxxxxx)Partmgr.sys - Add F7711EC5 base at F770F000, DataStamp 480253b0".
Dans l’Explorateur Windows, lancez une recherche sur le nom de fichier qui suit le code de l’erreur (dans cet exemple,Partmgr.sys).
Une fois le fichier trouvé, cliquez dessus avec le bouton droit de la souris, puis choisissez la commande Propriétés.
Soit un onglet Version est présent, soit le chemin d’accès doit vous renseigner sur le programme ou le périphérique dont le fichier dépend.
Il ne vous reste plus alors qu’à désinstaller le logiciel ou à en faire une mise à jour à partir du site Internet de l'éditeur.
Il se peut que le simple fait de désactiver le chargement automatique du logiciel en mémoire suffise à résoudre le problème de redémarrage.

Cependant, tout ce que l'on tente échoue pour des raisons diverses.

Puisque vous disposez d'un live cd linux, je vous conseille de sauvegarder vos données et de formater.
C'est ,hélas, assez souvent la seule issue avec Zeroaccess.