Sujet Précédent Sujet Suivant

Fut attaqué par le Virus Personnal Pro Sheild

87lolotte Messages postés 42 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

donc il y a qq jours, j'ai "attrapé" personnal pro sheild.......ce à quoi comme d'hab, j'ai redémarré en mode sans échec avec prise en charge de réseau, pour m'en débarasser!
bref, après utilisation de Malwarebytes (plusieurs fois) , puis roguekiller (plusieurs fois aussi)

mon PC redémarre tout seul après qq minutes en affichant un écran bleu (je tiens à dire que j'ai déjà tenter la 'méthode' du décocher la case redemarrer automatiquement, l'écran bleu reste figé -_-)

bon et voilà mon dernier rapport avec malwarebytes >

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7656

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

05/09/2011 19:09:38
mbam-log-2011-09-05 (19-09-38).txt

Scan type: Quick scan
Objects scanned: 165314
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Z-opti (Adware.EZula) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Adware.BHO) -> Value: bipro -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\D\local settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\$xntuninstall643$\wzrel.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\qpeji.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\D\mes documents\downloads\MPLSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\241.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\242.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\eowcsramxn.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\-213E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\application data\Adobe\plugs\kb3324125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\application data\Adobe\plugs\kb3374750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\application data\Adobe\plugs\kb3483078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\menu démarrer\programmes\démarrage\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\D\local settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

voilà je sais que c'est le week end et qu'il fait beau, mais merci de m'aider au plus vite ! ^^
A voir également:

2 réponses

Réponse 1 / 2
YoYoK28 Messages postés 17 Statut Membre
 
Passe un petit coup de SuperAntiSpyware : (gratuit)

https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Et un coup d'Hitman pro : (payant, mais version de 30 jours) :

https://www.hitmanpro.com/en-us/downloads.aspx

Il doit rester des menaces qui embête ton ordi =(
Tiens moi au courant ^^!
0
Utilisateur anonyme
 
Bonjour
ça sert à rien ce que tu proposes

87 lolotte
Vide la quarantaine de Malwarebytes

Télécharge TDSSKiller (de Kaspersky) sur ton bureau
https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Double clique sur TDSSKiller pour le lancer (avec Vista/Seven, clic droit
dessus, et sur exécuter en tant qu'administrateur

Clique sur Start scan, et laisse l'outil travailler

Si des fichiers infectés sont trouvés, une nouvelle fenêtre va s'ouvrir

Si TDSS. tdl2 est détecté, l'option delete sera cochée par défaut

Si TDSS.tdl3 est détecté, vérifie que Cure est bien cochée

Si TDSS.tdl4 (\HardDisk0\MBR) est détecté, vérifie que Cure
est bien cochée

Si Suspicious file est indiqué, laisse l'option cochée sur Skip

Clique sur Continue, puis sur Reboot now pour
redémarrer le PC

Poste le rapport qui est sauvegardé dans C:\TDSSKiller_Quarantine\
JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS
heure de passage).
0
87lolotte Messages postés 42 Statut Membre
 
@ YoYoK28 merci de m'avoir répondu si vite, j'ai choisi l'option qui me semblait la plus compliqué, car j'ai déjà scané mon pc plusieurs fois sans aucun résultats !

@Jawaryinti voilà le rapport


2011/09/10 17:46:07.0015 0768 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 17:46:07.0109 0768 ================================================================================
2011/09/10 17:46:07.0109 0768 SystemInfo:
2011/09/10 17:46:07.0109 0768
2011/09/10 17:46:07.0109 0768 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/10 17:46:07.0109 0768 Product type: Workstation
2011/09/10 17:46:07.0109 0768 ComputerName: DORSAN-7C5D036A
2011/09/10 17:46:07.0109 0768 UserName: Administrateur
2011/09/10 17:46:07.0109 0768 Windows directory: C:\WINDOWS
2011/09/10 17:46:07.0109 0768 System windows directory: C:\WINDOWS
2011/09/10 17:46:07.0109 0768 Processor architecture: Intel x86
2011/09/10 17:46:07.0109 0768 Number of processors: 2
2011/09/10 17:46:07.0109 0768 Page size: 0x1000
2011/09/10 17:46:07.0109 0768 Boot type: Safe boot with network
2011/09/10 17:46:07.0109 0768 ================================================================================
2011/09/10 17:46:09.0671 0768 Initialize success
2011/09/10 17:46:34.0171 0432 ================================================================================
2011/09/10 17:46:34.0171 0432 Scan started
2011/09/10 17:46:34.0171 0432 Mode: Manual;
2011/09/10 17:46:34.0171 0432 ================================================================================
2011/09/10 17:46:35.0953 0432 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/10 17:46:36.0000 0432 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/10 17:46:36.0031 0432 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/09/10 17:46:36.0062 0432 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/09/10 17:46:36.0203 0432 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/09/10 17:46:36.0328 0432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/10 17:46:36.0359 0432 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/10 17:46:36.0390 0432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/10 17:46:36.0437 0432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/10 17:46:36.0484 0432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/10 17:46:36.0531 0432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/10 17:46:36.0546 0432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/10 17:46:36.0578 0432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/10 17:46:36.0593 0432 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/10 17:46:36.0750 0432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/10 17:46:36.0796 0432 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/10 17:46:36.0828 0432 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/10 17:46:36.0843 0432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/10 17:46:36.0875 0432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/10 17:46:36.0921 0432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/10 17:46:36.0968 0432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/10 17:46:37.0000 0432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/10 17:46:37.0031 0432 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/10 17:46:37.0046 0432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/10 17:46:37.0093 0432 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/10 17:46:37.0156 0432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/10 17:46:37.0187 0432 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/10 17:46:37.0187 0432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/10 17:46:37.0250 0432 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/10 17:46:37.0281 0432 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/10 17:46:37.0328 0432 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/10 17:46:37.0421 0432 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/10 17:46:37.0437 0432 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/10 17:46:37.0500 0432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/10 17:46:37.0515 0432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/10 17:46:37.0531 0432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/10 17:46:37.0546 0432 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/10 17:46:37.0562 0432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/10 17:46:37.0593 0432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/10 17:46:37.0625 0432 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/10 17:46:37.0656 0432 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/10 17:46:37.0703 0432 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/10 17:46:37.0718 0432 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/10 17:46:37.0812 0432 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/10 17:46:37.0843 0432 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/10 17:46:37.0875 0432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/10 17:46:37.0890 0432 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/10 17:46:37.0906 0432 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/10 17:46:37.0937 0432 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/10 17:46:37.0953 0432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/10 17:46:38.0000 0432 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/10 17:46:38.0031 0432 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/10 17:46:38.0078 0432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/10 17:46:38.0125 0432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/10 17:46:38.0156 0432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/10 17:46:38.0171 0432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/10 17:46:38.0203 0432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/10 17:46:38.0234 0432 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/09/10 17:46:38.0265 0432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/10 17:46:38.0281 0432 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/10 17:46:38.0312 0432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/10 17:46:38.0328 0432 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/10 17:46:38.0343 0432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/10 17:46:38.0375 0432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/10 17:46:38.0375 0432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/10 17:46:38.0406 0432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/10 17:46:38.0453 0432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/10 17:46:38.0531 0432 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/10 17:46:38.0546 0432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/10 17:46:38.0875 0432 nv (bccced4253057e51782eee166d2ced3c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/10 17:46:39.0203 0432 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/10 17:46:39.0234 0432 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/09/10 17:46:39.0265 0432 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/10 17:46:39.0296 0432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/10 17:46:39.0312 0432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/10 17:46:39.0359 0432 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/10 17:46:39.0375 0432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/10 17:46:39.0406 0432 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/10 17:46:39.0421 0432 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/10 17:46:39.0453 0432 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/10 17:46:39.0468 0432 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/10 17:46:39.0625 0432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/10 17:46:39.0671 0432 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/10 17:46:39.0703 0432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/10 17:46:39.0718 0432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/10 17:46:39.0875 0432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/10 17:46:39.0906 0432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/10 17:46:39.0921 0432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/10 17:46:39.0937 0432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/10 17:46:39.0984 0432 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/10 17:46:40.0000 0432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/10 17:46:40.0062 0432 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/10 17:46:40.0093 0432 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/10 17:46:40.0156 0432 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/10 17:46:40.0187 0432 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/10 17:46:40.0203 0432 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/10 17:46:40.0234 0432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/10 17:46:40.0343 0432 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/10 17:46:40.0375 0432 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/10 17:46:40.0437 0432 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/10 17:46:40.0453 0432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/10 17:46:40.0484 0432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/10 17:46:40.0593 0432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/10 17:46:40.0656 0432 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/10 17:46:40.0703 0432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/10 17:46:40.0718 0432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/10 17:46:40.0734 0432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/10 17:46:40.0796 0432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/10 17:46:40.0859 0432 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/10 17:46:40.0890 0432 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/10 17:46:40.0906 0432 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/10 17:46:40.0921 0432 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/10 17:46:40.0953 0432 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/10 17:46:40.0984 0432 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/10 17:46:41.0031 0432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/10 17:46:41.0062 0432 USB_RNDIS (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/10 17:46:41.0093 0432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/10 17:46:41.0156 0432 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/09/10 17:46:41.0281 0432 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/10 17:46:41.0328 0432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/10 17:46:41.0359 0432 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/10 17:46:41.0484 0432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/10 17:46:41.0500 0432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/10 17:46:41.0562 0432 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/09/10 17:46:41.0718 0432 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk1\DR1
2011/09/10 17:46:41.0718 0432 \Device\Harddisk1\DR1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/10 17:46:41.0734 0432 Boot (0x1200) (ea3712397058fc4e92566c3ba49222be) \Device\Harddisk0\DR0\Partition0
2011/09/10 17:46:41.0750 0432 Boot (0x1200) (4776c031ffcb78a0f0f140b527c2904a) \Device\Harddisk1\DR1\Partition0
2011/09/10 17:46:41.0781 0432 Boot (0x1200) (08fa5eff65fdb3d9b53b89d9c4590b6f) \Device\Harddisk1\DR1\Partition1
2011/09/10 17:46:41.0781 0432 ================================================================================
2011/09/10 17:46:41.0781 0432 Scan finished
2011/09/10 17:46:41.0781 0432 ================================================================================
2011/09/10 17:46:41.0796 0440 Detected object count: 1
2011/09/10 17:46:41.0796 0440 Actual detected object count: 1
2011/09/10 17:49:57.0031 0440 \Device\Harddisk1\DR1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/10 17:49:57.0031 0440 \Device\Harddisk1\DR1 - ok
2011/09/10 17:49:57.0031 0440 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk1\DR1) - User select action: Cure
2011/09/10 17:50:17.0812 0240 Deinitialize success
0
87lolotte Messages postés 42 Statut Membre
 
oh et j'espère que faire tout ça en mode sans échec avec prise en charge de réseaux n'a pas d'incidence !?
0
Utilisateur anonyme
 
J'avais raison, tu avais bien un rootkit TDSS TDL4 qui est une vraie crasse
TDSS Killer s'en ai chargé

On va vérifier s'il reste des infections, c'est fort probable

* Télécharge ZHPDiag (de Nicolas Coolman)
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Héberge le rapport ICI
Note : Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt
0
87lolotte Messages postés 42 Statut Membre
 
le dernier rapport > https://www.luanagames.com/index.fr.html
0
Réponse 2 / 2
Utilisateur anonyme
 
Internet Explorer 6?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses