AIde pour un virus

[pear]

Nettoyage

 

Double-clic sur l'icône OTLPE sur le Bureau.

 

A la demande Do you wish to load the remote registry cliquezYes

et de même Do you wish to load remote user profile(s) for scanning cliquez Yes

Vérifiez que Automatically Load All Remaining Users est bien coché et validez

 

copier/coller tout le texte suivant (en vert) dans la fenêtre de Personnalisation Custom Scan/Fixes

:OTL

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)

SRV - File not found [Auto] -- -- (icm10blk)

SRV - File not found [Auto] -- -- (ichaud)

SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (NetBT)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (IPSec)

DRV - File not found [Kernel | Boot] -- -- (iomdisk)

DRV - File not found [Kernel | System] -- -- (i8042prt)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (hidfltr)

DRV - File not found [Kernel | On_Demand] -- -- (gmer)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | System] -- -- (AvgLdx86)

DRV - File not found [Kernel | System] -- -- (Aspi32)

DRV - File not found [Kernel | System] -- -- (AFD)

DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)

DRV - File not found [File_System | Boot] -- -- (93849684)

DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

 

IE - HKU\postgres.HUTCHINSON-EDBC611A_ON_C\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

) (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\HUTCHINSON Ken\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\63LYUOO9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\HUTCHINSON_Ken_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

9 - Extra Button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Reg Error: Key error. File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - HKU\HUTCHINSON_Ken_ON_C Winlogon: Shell - (C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2\X) - C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2\X ()

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: icm10blk - File not found

NetSvcs: NWFILTER - File not found

NetSvcs: raidmagt - File not found

NetSvcs: wampmysqld - File not found

NetSvcs: issvc - File not found

NetSvcs: Blfp - File not found

NetSvcs: raidmsvr - File not found

NetSvcs: AYDrvNT_ALYAC - File not found

NetSvcs: a016bus - File not found

NetSvcs: nisvcloc - File not found

NetSvcs: etoksrv - File not found

NetSvcs: lxrjd31s - File not found

NetSvcs: nvstor64 - File not found

NetSvcs: pgpsdkservice - File not found

NetSvcs: Xponaut_WBD - File not found

NetSvcs: usrbridg - File not found

NetSvcs: razerusb - File not found

NetSvcs: nnsvc - File not found

NetSvcs: ichaud - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Badoo Desktop - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BDMCon - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BDNewsAgent - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BDOESRV - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BDSwitchAgent - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Camfrog - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Mega Manager - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: PC Usage - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - Reg Error: Value error. File not found

SafeBootMin: 93849684.sys - File not found

SafeBootMin: aawservice - Reg Error: Value error.

SafeBootNet: 93849684.sys - File not found

SafeBootNet: aawservice - Reg Error: Value error.

SafeBootNet: AFD - File not found

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

Drivers32: vidc.asv2 - asusasv2.dll File not found

 

[2012/01/13 13:28:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HUTCHINSON Ken\Local Settings\Application Data\99fd74b2

[2012/01/13 13:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HUTCHINSON Ken\Application Data\74050

[2012/01/13 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HUTCHINSON Ken\Application Data\74050

 

[2012/01/17 12:38:03 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\kooho.exe

[2012/01/17 05:51:51 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\kigoy.exe

[2012/01/13 14:04:47 | 000,289,280 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\3buj.exe

[2012/01/13 14:04:38 | 000,266,240 | RHS- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\ciiteb.exe

[2012/01/13 14:04:34 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\b41Nq7f4.exe

[2012/01/13 14:04:33 | 000,937,984 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\woaxil.com

[2012/01/13 13:27:19 | 000,289,792 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\3eaj.exe

[2012/01/13 13:27:04 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\HUTCHINSON Ken\MDdyAsuPL1.exe

 

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

 

:commands

[PURITY]

[EMPTYTEMP]

[REBOOT]

Dans la fenêtre de l'outil OTLPE, cliquez sur [bRun Fix][/b] ;

Patientez juqu'à l'apparition du rapport

Faites un "Shutdown" de l'environnement OTLPE (via le bouton "Start" au bas à gauche) et redémarrez normalement la machine infectée après avoir retiré le CD OTLPE.

collez le rapport de OTLPE dans votre réponse

[bondioune]

Bonsoir,

 

J'ai lancé le runfix et laisser tourner pendant 5 heures.

Le processus semble bloqué.

 

En bas de la fenêtre est écrit:

Processing SafeBootMin: 93849684.sys - File not found

 

 

J'ai arrêter le processus, éteint le pc et essayé de booter sur le disque dur mais cela ne marche pas, j'ai un nouvel écran bleu différent de celui d'avant:

 

http://nsa21.casimages.com/img/2012/01/23/120123112528101804.jpg

 

 

Le runfix est trèès long et j'ai interrompu trop tot ou bien il y a un problème ?

Modifié le 23 janvier 2012 par bondioune

[pear]

Bonjour,

 

Erreur "STOP 0X0000007E (0XC0000005, 0Xxxxxxxxx, 0Xxxxxxxxx)Partmgr.sys - Add F7711EC5 base at F770F000, DataStamp 480253b0".

Dans l’Explorateur Windows, lancez une recherche sur le nom de fichier qui suit le code de l’erreur (dans cet exemple,Partmgr.sys).

Une fois le fichier trouvé, cliquez dessus avec le bouton droit de la souris, puis choisissez la commande Propriétés.

Soit un onglet Version est présent, soit le chemin d’accès doit vous renseigner sur le programme ou le périphérique dont le fichier dépend.

Il ne vous reste plus alors qu’à désinstaller le logiciel ou à en faire une mise à jour à partir du site Internet de l'éditeur.

Il se peut que le simple fait de désactiver le chargement automatique du logiciel en mémoire suffise à résoudre le problème de redémarrage.

 

Cependant, tout ce que l'on tente échoue pour des raisons diverses.

 

Puisque vous disposez d'un live cd linux, je vous conseille de sauvegarder vos données et de formater.

C'est ,hélas, assez souvent la seule issue avec Zeroaccess.