Posez votre question Signaler

Impossible d'accéder à la base de registre [Résolu]

<yassou> 591Messages postés lundi 17 décembre 2007Date d'inscription 14 janvier 2014Dernière intervention - Dernière réponse le 17 août 2008 à 04:34
Bonjour,
mon système a pété un câble, il est virussé et j'aimerais régler ces problèmes sans avoir a formatter
aidez moi s'il vous plait, je n'arrive pas à accèder au registre, et je ne sais pas écrire des fichier .reg
j'ai fait un scan avec le script silent runner et voici le rapport qu'il m'a généré
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"USTHB-FATIHA" = ".vbe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"IEXPLORER" = "C:\WINDOWS\system32\iexplorer.exe" [null data]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\(Default) = "AdPopup"
-> {HKLM...CLSID} = "CAdLogic Object"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\CPUSH\cpush.dll" [null data]
{1AB1F65A-964F-4AE7-B254-05146A0E602E}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys" [null data]
{35694105-5108-9405-3695-954187462153}\(Default) = "mpwdcapi.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mpwdcapi.dll" [null data]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Info cache"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll" ["********" (unwritable string)]
{4C8D1401-A58D-A81C-CD24-A5915C4517C4}\(Default) = "mnmhdsrv.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mnmhdsrv.dll" [null data]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}\(Default) = "oohxdbyt.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\oohxdbyt.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{4C8D1401-A58D-A81C-CD24-A5915C4517C4}" = "mnmhdsrv.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mnmhdsrv.dll" [null data]
<<!>> "{1AB1F65A-964F-4AE7-B254-05146A0E602E}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys" [null data]
<<!>> "{262fc17d-bbdd-47b7-954a-2974733a58cd}" = "MMKAFNFW1086.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\MMKAFNFW1086.dll" [null data]
<<!>> "{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}" = "oohxdbyt.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\oohxdbyt.dll" [null data]
<<!>> "{35694105-5108-9405-3695-954187462153}" = "mpwdcapi.dll"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mpwdcapi.dll" [null data]
<<!>> "{84143967-B645-4BFF-B873-DA1DC886E9A7}" = (no title provided)
-> {HKLM...CLSID} = "MICROSOFT"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cedafb.dll" [null data]
<<!>> "{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}" = (no title provided)
-> {HKLM...CLSID} = "MICROSOFT"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zgxfdx.dll" [null data]
<<!>> "{8C41B7F7-3168-400D-A702-0E7EFE0BA304}" = (no title provided)
-> {HKLM...CLSID} = "Microsoft"
\InProcServer32\(Default) = "C:\WINDOWS\system32\sgrefg.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
<<!>> 360rpt.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> 360safe.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> 360tray.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> ANTIARP.exe\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Ast.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> AutoRunKiller.exe\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> AvMonitor.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> AVP.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> CCenter.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Frameworkservice.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> IceSword.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Iparmor.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> KASARP.exe\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> KRegEx.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> KVMonxp.kxp\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> KVSrvXP.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> KVWSC.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Mmsk.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Navapsvc.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Nod32kui.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> QQDOCTOR.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Regedit.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> VPC32.exe\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> VPTRAY.exe\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> WOPTILITIES.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
<<!>> Wuauclt.EXE\Debugger = "C:\WINDOWS\system32\wuauc1t.exe" [null data]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\fatiha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "fatiha" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
Enabled Scheduled Tasks:
------------------------
"At1" -> launches: ".vbe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entr­ies\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entri­es\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\ywg32.dll [null data], 01, 13
%SystemRoot%\system32\mswsock.dll [MS], 02 - 04, 07 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus statistics"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, ""C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS" [MS]
---------- (launch time: 2002-05-28 12:25:26)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 33 seconds, including 3 seconds for message boxes)
yasmine
Lire la suite 
Réponse
+1
moins plus
mon problème est résolu et je ne sais plus ce que j'ai fait exactement, désolée
en tout cas j'ai fait un scan avec avast, un scan en ligne, une recherche de spyware avec spybot, c'est surement l'un d'eux qui a réglé le problème, je n'ai rien fait d'autre
le problème que j'ai pu déceler en lisant le rapport de silentrunners est là en tout cas :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"USTHB-FATIHA" = ".vbe" [null data]

peut étre qu'ils y'ont à d'autres
désolée pour ce manque d'information mais je viends de découvrir que j'avais laisser ce post sans mettre le statut à résolu puisque maintenant regedit marche correctement
Ajouter un commentaire
Annonces
 
moins plus
Ce document intitulé «  impossible d'accéder à la base de registre  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.