Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

vista demarrage impossible, reboot sans arret


Messages recommandés

Posté(e)

Bonjour,

 

Je suis confronté depuis aujourd'hui à un probleme avec mon laptop, a savoir impossible de demarrer autrement qu'en mode sans echec.

et donc dans l'impossibilité de l'utiliser pour mon boulot ce qui est tres genant , meme terriblement terrible!

 

Symptome:

A chaque demarrage "normal" le systeme refuse et tente une reparation du demarrage qu'il ne parvient pas à faire, il me propose ensuite une restauration qui ne change rien au probleme et reboot a chaque fois.

 

autre info:

je ne sais pas si c'est lié ou si c'est 2 pb differents mais j'ai egalement un rootkit decouvert par avast mais sans qu'il puisse l'eliminer dans le fichier: C/windows/system32/drivers/brbzi.sys

 

j'ai donc fait tourner antispyware, combofix en mode sans echec lui aussi me signale brbzi mais ca ne change rien!

je joins le rapport si quelqu'un peut trouver une solution... ca serait vraiment un grand merci car mon boulot necessite l'utilisation de ce laptop, en gros je suis vraiment dans la mouise. Je ne veux pas formater car outlook disparaitrait et sans lui ca serait la cata pour moi!

 

voici la config de l'ordi au cas où:

laptop toshiba satellite A200-BT

systeme d'exploitation vista édition familiale premium

version 6.0.6002 pack 2 version 6002

processeur : x64 family 6 model stepping 15 genuine intel dual CPU T3200 1995 Mhz

carte mere : toshiba iskaa version 1.00

version du bios: Toshiba Phoenix V2.60 28/08/2008

mémoire physique totale : 2046 Mo

mémoire physique disponible : 1675 Mo

carte graphique : ati mobility radeon HD2400

DD : Hitachi 149Go ide

 

 

Dèjà un grand merci à ceux qui me répondront!

 

 

 

le rapport combofix:

 

ComboFix 10-06-06.04 - Administrateur 07/06/2010 13:59:12.3.2 - x86 MINIMAL

Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1504 [GMT 2:00]

Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-06-07 12:05 . 2010-06-07 12:05 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-06-07 12:05 . 2010-06-07 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-07 07:29 . 2010-06-07 08:05 680 ----a-w- c:\users\Administrateur\AppData\Local\d3d9caps.dat

2010-06-05 04:45 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-05-25 07:53 . 2010-05-25 07:53 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb86D0.tmp.exe

2010-05-23 21:42 . 2010-05-23 21:42 -------- d-----w- c:\users\Administrateur\AppData\Local\temp(54)

2010-05-16 19:00 . 2010-05-16 19:01 21304816 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_fr.exe

2010-05-16 19:00 . 2010-05-16 19:00 8405312 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

2010-05-16 19:00 . 2010-05-16 19:00 149000 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe

2010-05-16 19:00 . 2010-05-16 19:00 10309448 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe

2010-05-16 18:59 . 2010-05-16 18:59 79368 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe

2010-05-16 18:59 . 2010-05-16 18:59 64000 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll

2010-05-16 18:59 . 2010-05-16 18:59 52288 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll

2010-05-16 18:59 . 2010-05-16 18:59 50688 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll

2010-05-16 18:59 . 2010-05-16 18:59 49152 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll

2010-05-16 18:59 . 2010-05-16 18:59 118784 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll

2010-05-16 10:59 . 2010-05-16 10:59 443912 ----a-w- c:\users\Administrateur\AppData\Roaming\Real\Update\setup3.10\setup.exe

2010-05-15 19:13 . 2010-05-15 19:30 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games

2010-05-14 11:25 . 2010-05-14 11:25 -------- d-----w- c:\users\Administrateur\AppData\Roaming\1&1

2010-05-14 11:24 . 2010-05-14 11:28 -------- d-----w- c:\program files\1&1

2010-05-14 08:14 . 2010-06-07 12:06 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2010-05-14 07:42 . 2010-06-07 12:06 741376 ----a-w- c:\windows\system32\drivers\brbzi.sys

2010-05-14 07:40 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-05-14 07:40 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-05-14 07:40 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-05-12 09:36 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-10 11:42 . 2010-05-10 12:09 99 ----a-w- c:\users\Administrateur\AppData\Local\fqjttdph.bat

2010-05-10 11:40 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-05-10 11:40 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-05-10 11:40 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-05-10 11:40 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-05-10 11:40 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-05-10 11:39 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-05-10 11:39 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-05-10 11:39 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-05-10 11:39 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll

2010-05-10 11:39 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-10 11:33 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-05-10 11:33 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-05 09:28 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat

2010-06-05 09:28 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat

2010-06-05 05:06 . 2009-03-12 15:48 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-05 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-05 04:44 . 2009-03-31 12:01 -------- d-----w- c:\program files\Microsoft

2010-06-04 22:29 . 2009-05-01 22:36 7062 ----a-w- c:\programdata\Intuit\QuickBooks 2009\qbbackup.sys

2010-05-30 11:11 . 2009-11-05 14:46 -------- d-----w- c:\users\Administrateur\AppData\Roaming\vlc

2010-05-27 12:59 . 2009-03-27 16:06 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution

2010-05-25 15:06 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-25 15:05 . 2007-04-18 05:56 -------- d-----w- c:\program files\Common Files\InstallShield

2010-05-21 12:14 . 2009-10-05 06:42 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-14 11:15 . 2009-03-30 15:07 119640 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT

2010-05-14 07:38 . 2010-05-14 07:38 16 ----a-w- c:\users\Administrateur\AppData\Roaming\wqhtpi.dat

2010-05-10 12:22 . 2009-09-11 22:43 -------- d-----w- c:\program files\pdfforge Toolbar

2010-05-10 12:04 . 2009-03-30 11:41 -------- d-----w- c:\programdata\eMule

2010-05-10 12:04 . 2008-12-04 17:34 -------- d-----w- c:\program files\eMule

2010-05-10 10:48 . 2009-03-30 10:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-10 10:48 . 2009-03-30 10:41 -------- d-----w- c:\program files\CCleaner

2010-05-05 09:52 . 2010-05-05 09:52 16 ----a-w- c:\users\Administrateur\AppData\Roaming\qvjsge.dat

2010-05-01 15:29 . 2010-05-01 15:29 -------- d-----w- c:\program files\PokerStars.NET

2010-04-21 11:32 . 2010-04-21 11:32 -------- d-----w- c:\program files\Radio_Bar_1

2010-04-15 19:28 . 2008-11-26 16:26 -------- d-----w- c:\program files\Google

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]

 

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]

"Google Update"="c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-30 133104]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]

"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [bU]

"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-06 185872]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"FindyKill"="c:\findykill\FindyKill.cmd" [2009-08-31 63893]

 

c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"UacDisableNotify"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\System Safety Monitor]

2006-07-04 15:23 38912 ----a-w- c:\windows\System32\SSMWinlogonEx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2008-09-08 23:21 623880 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2009-12-03 15:14 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2008-12-06 18:40 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-08-07 14:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):84,2c,f7,75,0f,39,ca,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4234129180-3670427610-2330688449-500]

"EnableNotificationsRef"=dword:00000003

 

R0 safemon;System Safety Monitor 2.0 Core Engine;c:\windows\system32\drivers\safemon.sys [x]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 691696]

R1 aswSP;avast! Self Protection; [x]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-03 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-03 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 136176]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008]

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]

R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-03 7408]

R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]

R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - brbzi

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 11:56]

 

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 11:56]

 

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234129180-3670427610-2330688449-500Core.job

- c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30 17:02]

 

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234129180-3670427610-2330688449-500UA.job

- c:\users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-30 17:02]

 

2010-06-05 c:\windows\Tasks\User_Feed_Synchronization-{3A09B0E6-ABFD-4BCB-B975-0884D78EFC8A}.job

- c:\windows\system32\msfeedssync.exe [2008-12-03 07:33]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

mStart Page = hxxp://www.tropal.net/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-...1&site=home

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\nwy8bbbb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\users\Administrateur\AppData\Local\Google\Update\1.2.183.27\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-07 14:06

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\brbzi]

 

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,f3,ff,20,92,ea,69,48,bd,40,af,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,76,f3,ff,20,92,ea,69,48,bd,40,af,\

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\DTLite.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\DTLite.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\pdfenc.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx%20\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\CDTI.EXE"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\PhotoViewer.dll"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.HTM"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ISO\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\DTLite.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="jpegfile"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\notepad.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\reaper.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Photoshop.Image.6"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\NOTEPAD.EXE"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wmplayer.exe"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-4234129180-3670427610-2330688449-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-06-07 14:08:55

ComboFix-quarantined-files.txt 2010-06-07 12:08

ComboFix2.txt 2010-05-23 21:42

ComboFix3.txt 2010-05-14 08:14

ComboFix4.txt 2010-05-10 12:28

ComboFix5.txt 2010-06-07 11:55

 

Avant-CF: 33 285 451 776 octets libres

Après-CF: 33 286 848 512 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 4D84A7A207D8B0DBB37E2E9B5834FB21

Posté(e)

ou si quelqu'un sait comment recuperer outlook, mails, contacts, carnet d'adresse... il me sert pour gerer ma boite, suis auto entrepreneur et sans ca je suis mort, c'est la seule chose importante sur l'ordi en fait!

 

apres je peux envisager de formater

 

help please

 

Merci...

Posté(e)

Bonjour simvir,

Bienvenue sur le forum :P

 

Comme tu es nouveau / nouvelle, voici quelques informations qui te seront utiles :

Comment participer à un forum
Retrouver ses messages et activer la notification par email

 

Crée, s'il te plaît, un nouveau sujet en section Sécurité / Analyses et éradication malwares. Je te mets un lien direct : http://forum.zebulon.fr/start-new-topic-f51.html

Explique tes soucis et copie-colle le rapport.

 

Bonne continuation

:P

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...