Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par g3n-h@ckm@n
#205933
ben tu le copies sur ton bureau et tu fais exactement la meme chose avec virus total , mais tu vas chercher le fichier sur le bureau
Avatar du membre
par g3n-h@ckm@n
#206023
relance OTL , mets tout sur "aucun"

colle ca dedans en bas :

/MD5Start
win32k.sys
/MD5Stop

clique sur analyse , fournis le nouvel OTL.txt
Avatar du membre
par Arcree
#206032
Voici le rapport :
OTL logfile created on: 03/10/2014 18:14:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\GENE\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,32% Memory free
3,84 Gb Paging File | 2,47 Gb Available in Paging File | 64,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 55,39 Gb Free Space | 23,79% Space Free | Partition Type: NTFS

Computer Name: GENEVIEVE | User Name: GENE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== LOP Check ==========

[2014/09/01 17:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/11/07 17:47:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/08 15:46:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/11/08 15:46:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/11/08 15:46:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2014/10/02 18:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2014/07/24 13:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/11/08 15:46:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/11/08 15:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2014/07/11 16:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/09/03 15:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ManiaPlanet
[2014/02/05 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
[2014/09/11 18:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/08/23 17:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1995-08.com.techsmith
[2014/09/12 17:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2008/09/04 13:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/08/23 17:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2014/10/02 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\.ascentia
[2014/07/08 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\.GroupeZK
[2014/08/23 14:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\.minecraft
[2014/07/25 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\.obsifight
[2014/09/01 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\Battle.net
[2014/07/24 13:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\Canon
[2012/11/07 17:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\Canon Easy-WebPrint EX
[2014/10/01 14:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\FileZilla
[2014/09/27 16:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\HDDHealth
[2014/07/11 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\Mine_imator
[2014/07/17 15:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\Notepad++
[2014/07/23 13:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\PhotoFiltre Studio X
[2014/07/15 21:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GENE\Application Data\TechSmith
[2014/09/30 17:52:33 | 000,000,220 | ---- | M] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à  la connexion.job
[2014/09/09 18:24:47 | 000,000,214 | ---- | M] () -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: WIN32K.SYS >
[2012/07/03 20:23:48 | 001,875,200 | ---- | M] (Microsoft Corporation) MD5=013A83C2EC0F5309094E8954FBE57501 -- C:\WINDOWS\$hf_mig$\KB2731847-v2\SP3QFE\win32k.sys
[2008/04/14 03:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\ancien disque\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\win32k.sys
[2008/04/14 03:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/10/26 15:59:49 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=19209B83DC73BCA78558C2F220DB65E2 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2012/04/11 15:50:47 | 001,871,488 | ---- | M] (Microsoft Corporation) MD5=1A21AF886EC31258E012921D5E5E2398 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\win32k.sys
[2005/10/06 05:12:57 | 001,839,616 | ---- | M] (Microsoft Corporation) MD5=1D0E52F9F1A0B1D0A6A9C1A3B2F4EB34 -- C:\ancien disque\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
[2007/03/08 17:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\ancien disque\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
[2007/03/08 17:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
[2008/03/20 10:09:22 | 001,845,376 | ---- | M] (Microsoft Corporation) MD5=24FF05FBBC6284F8D9327AF547DBEF30 -- C:\ancien disque\WINDOWS\$NtUninstallKB954211$\win32k.sys
[2008/03/20 10:09:22 | 001,845,376 | ---- | M] (Microsoft Corporation) MD5=24FF05FBBC6284F8D9327AF547DBEF30 -- C:\i386\win32k.sys
[2012/06/13 15:55:56 | 001,875,200 | ---- | M] (Microsoft Corporation) MD5=2FD5F789BEB85369A8ED6C15C3F84C40 -- C:\WINDOWS\$hf_mig$\KB2718523\SP3QFE\win32k.sys
[2011/06/06 13:36:19 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=31C9FCD53634B437F36B0417DA48066A -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2014/02/07 08:36:35 | 001,879,168 | ---- | M] (Microsoft Corporation) MD5=4644DA4A2E389DCA467DA32E75DED09C -- C:\WINDOWS\system32\dllcache\win32k.sys
[2014/02/07 08:36:35 | 001,879,168 | ---- | M] (Microsoft Corporation) MD5=4644DA4A2E389DCA467DA32E75DED09C -- C:\WINDOWS\system32\win32k.sys
[2009/08/14 17:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2008/09/15 17:14:42 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=4B7F71D24D215A79400C947EE9C9AF7B -- C:\ancien disque\WINDOWS\$hf_mig$\KB954211\SP2QFE\win32k.sys
[2008/09/15 17:14:42 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=4B7F71D24D215A79400C947EE9C9AF7B -- C:\WINDOWS\$hf_mig$\KB954211\SP2QFE\win32k.sys
[2011/09/06 16:08:29 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=501628FE99EE77D59BFD29B6DC6803DA -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2005/10/06 05:08:49 | 001,839,616 | ---- | M] (Microsoft Corporation) MD5=692ED535C8ABAA2B38A13025DC0ED758 -- C:\ancien disque\WINDOWS\$NtUninstallKB925902$\win32k.sys
[2011/11/23 16:39:14 | 001,868,672 | ---- | M] (Microsoft Corporation) MD5=6B88EAB930D6D14019A627C1A9DFC4DD -- C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys
[2004/08/05 14:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\ancien disque\WINDOWS\$NtUninstallKB890859$\win32k.sys
[2008/03/20 09:56:50 | 001,846,016 | ---- | M] (Microsoft Corporation) MD5=76DB0C82A525036299B3E195479B4DF1 -- C:\ancien disque\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
[2008/03/20 09:56:50 | 001,846,016 | ---- | M] (Microsoft Corporation) MD5=76DB0C82A525036299B3E195479B4DF1 -- C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
[2005/03/02 20:13:08 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=7EC7E0B304C1D7F73E9B6C4977952220 -- C:\ancien disque\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
[2010/09/01 09:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2005/03/02 20:07:53 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=8B39DEFB4843B15A3044FFA23332B299 -- C:\ancien disque\WINDOWS\$NtUninstallKB896424$\win32k.sys
[2008/09/15 17:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\ancien disque\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys
[2008/09/15 17:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys
[2009/02/09 15:59:50 | 001,847,680 | ---- | M] (Microsoft Corporation) MD5=A06AF7F6B26F2BDEFB0961D4641D6453 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys
[2012/01/12 19:21:12 | 001,869,184 | ---- | M] (Microsoft Corporation) MD5=A274CBA14BE87AE4D6FF0DA6DEAA7618 -- C:\WINDOWS\$hf_mig$\KB2660465\SP3QFE\win32k.sys
[2007/03/08 17:33:58 | 001,843,712 | ---- | M] (Microsoft Corporation) MD5=A8B9B1911F1D52DB8D24C4AC37CEC0E3 -- C:\ancien disque\WINDOWS\$NtUninstallKB941693$\win32k.sys
[2008/09/15 17:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\ancien disque\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
[2008/09/15 17:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
[2012/02/03 11:56:28 | 001,869,312 | ---- | M] (Microsoft Corporation) MD5=CF530A5F9D22E93230A15F4C2E5AF228 -- C:\WINDOWS\SoftwareDistribution\Download\006b8185166f3d53136753067f37a92e\SP3QFE\win32k.sys
[2011/03/03 15:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2012/02/03 11:58:01 | 001,860,224 | ---- | M] (Microsoft Corporation) MD5=E94CA8AA938E7BB5D2D8BBCEBC95124B -- C:\WINDOWS\SoftwareDistribution\Download\006b8185166f3d53136753067f37a92e\SP3GDR\win32k.sys
[2008/09/15 17:39:16 | 001,846,144 | ---- | M] (Microsoft Corporation) MD5=F5FEFC4A30A7B234F62E4339E0FEE476 -- C:\ancien disque\WINDOWS\system32\dllcache\win32k.sys
[2008/09/15 17:39:16 | 001,846,144 | ---- | M] (Microsoft Corporation) MD5=F5FEFC4A30A7B234F62E4339E0FEE476 -- C:\ancien disque\WINDOWS\system32\win32k.sys
[2010/12/31 16:02:58 | 001,864,192 | ---- | M] (Microsoft Corporation) MD5=FA7694CA8CE7E7660676C646A15A3CEE -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys

< End of report >

Je suis désolé mais je n'ai pas le temps de le mettre sur sosupload
Avatar du membre
par g3n-h@ckm@n
#206043
colle ca en bas d'OTL puis clique sur correction et fournis le nouveau rapport :

:Files
C:\Windows\System32\Win32k.sys | C:\ancien disque\WINDOWS\system32\win32k.sys /replace
C:\WINDOWS\system32\dllcache\win32k.sys | C:\ancien disque\WINDOWS\system32\dllcache\win32k.sys /replace

:commands
[reboot]
Avatar du membre
par Arcree
#206047
Voila, je viens de le faire, voici le rapport :

========== FILES ==========
Unable to replace file: C:\Windows\System32\Win32k.sys with C:\ancien disque\WINDOWS\system32\win32k.sys without a reboot.
File C:\WINDOWS\system32\dllcache\win32k.sys successfully replaced with C:\ancien disque\WINDOWS\system32\dllcache\win32k.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10032014_204637

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2014/02/07 08:36:35 | 001,879,168 | ---- | M] (Microsoft Corporation) C:\Windows\System32\Win32k.sys : MD5=4644DA4A2E389DCA467DA32E75DED09C

Registry entries deleted on Reboot...

:merci2:
Avatar du membre
par g3n-h@ckm@n
#206055
renvoie le win32k.sys sur virustotal ?
Avatar du membre
par g3n-h@ckm@n
#206099
grrrr!!! j'arrive pas à  comprendre ce qui corromp le fichier.

repasse combofix en mode sans echec
  • 1
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)