Sujet Précédent Sujet Suivant

Cheval de troie

Résolu/Fermé
Phlabda - 25 oct. 2011 à 10:42
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 25 oct. 2011 à 17:48
Bonjour,
il y a deux jours, mon antivirus AVG m'a alerté sur la présence d'un cheval de trois (Agent_r.AQN) puis lors du scan m'a bloqué 4 fichiers infectés pour PSW.generic9.ACSE; parallèlement au démarrage de l'ordi, un message est apparu "To help protect your computer, windows has closed this program Name:Generic host process for win32 services. Enfin, mon pc se bloque au bout d'un moment, plus rien ne répond, seul le curseur de la souris est actif.
Je pense que ces deux problèmes sont liés, que dois-je faire ?
Ma config: windows xp professional version 2002 service pack3
Merci par avance de bien vouloir m'aider.
Phlabda

16 réponses

Réponse 1 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 10:43
Salut,

Bienvenue.
Voici la procédure à suivre.
Prière de lire attentivement les instructions pour les suivre correctement surtout en respectant l'ordre des étapes et attendre d'avoir fini chaque étape pour passer à la suivante.
Bien poster les rapports comme demandés afin de pouvoir les analyser.


Les étapes de la procédure doivent être suivies l'une après l'autre et pas à faire en même temps.





ETAPE 1 :
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Lire ce qui est écrit au niveau des suppressions/réparation (delete et cure), ne pas supprimer n'importe quoi.
Poste le rapport ici.

S'il détecte des choses règles bien comme c'est expliqué sur la page

ETAPE 2 :

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Supprime bien ce qui est détecté : bouton supprimer sélection.

ETAPE 3 :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
consrv.dll
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.


0
Réponse 2 / 16
Phlabda
25 oct. 2011 à 11:39
Bonjour
voici le rapport , je n'ai pas osé supprimer, j'ai tout mis en quarantaine ... correct ou pas?
11:25:42.0187 1252 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
11:25:42.0453 1252 ============================================================
11:25:42.0453 1252 Current date / time: 2011/10/25 11:25:42.0453
11:25:42.0453 1252 SystemInfo:
11:25:42.0453 1252
11:25:42.0453 1252 OS Version: 5.1.2600 ServicePack: 3.0
11:25:42.0453 1252 Product type: Workstation
11:25:42.0453 1252 ComputerName: MAISON-D7C63995
11:25:42.0453 1252 UserName: famille
11:25:42.0453 1252 Windows directory: I:\WINDOWS
11:25:42.0453 1252 System windows directory: I:\WINDOWS
11:25:42.0453 1252 Processor architecture: Intel x86
11:25:42.0453 1252 Number of processors: 2
11:25:42.0453 1252 Page size: 0x1000
11:25:42.0453 1252 Boot type: Normal boot
11:25:42.0453 1252 ============================================================
11:25:43.0468 1252 Initialize success
11:25:47.0187 5660 ============================================================
11:25:47.0187 5660 Scan started
11:25:47.0187 5660 Mode: Manual;
11:25:47.0187 5660 ============================================================
11:25:49.0875 5660 Abiosdsk - ok
11:25:50.0031 5660 abp480n5 - ok
11:25:50.0187 5660 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys
11:25:50.0218 5660 ACPI - ok
11:25:50.0312 5660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys
11:25:50.0328 5660 ACPIEC - ok
11:25:50.0328 5660 adpu160m - ok
11:25:50.0359 5660 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys
11:25:50.0359 5660 aec - ok
11:25:50.0390 5660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) I:\WINDOWS\System32\drivers\afd.sys
11:25:50.0484 5660 AFD - ok
11:25:50.0515 5660 AFS2K (0ebb674888cbdefd5773341c16dd6a07) I:\WINDOWS\system32\drivers\AFS2K.sys
11:25:50.0609 5660 AFS2K - ok
11:25:50.0625 5660 Aha154x - ok
11:25:50.0625 5660 aic78u2 - ok
11:25:50.0625 5660 aic78xx - ok
11:25:50.0640 5660 AliIde - ok
11:25:50.0687 5660 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) I:\WINDOWS\system32\drivers\Ambfilt.sys
11:25:50.0750 5660 Ambfilt - ok
11:25:50.0750 5660 amsint - ok
11:25:50.0765 5660 asc - ok
11:25:50.0781 5660 asc3350p - ok
11:25:50.0781 5660 asc3550 - ok
11:25:50.0812 5660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:25:50.0812 5660 AsyncMac - ok
11:25:50.0828 5660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys
11:25:50.0828 5660 atapi - ok
11:25:50.0843 5660 Atdisk - ok
11:25:50.0859 5660 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:25:50.0859 5660 Atmarpc - ok
11:25:50.0890 5660 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys
11:25:50.0890 5660 audstub - ok
11:25:50.0921 5660 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) I:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:25:50.0921 5660 AVGIDSDriver - ok
11:25:50.0937 5660 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) I:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:25:50.0953 5660 AVGIDSEH - ok
11:25:50.0968 5660 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) I:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:25:50.0968 5660 AVGIDSFilter - ok
11:25:50.0984 5660 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) I:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:25:50.0984 5660 AVGIDSShim - ok
11:25:51.0015 5660 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) I:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:25:51.0015 5660 Avgldx86 - ok
11:25:51.0015 5660 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) I:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:25:51.0015 5660 Avgmfx86 - ok
11:25:51.0031 5660 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) I:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:25:51.0031 5660 Avgrkx86 - ok
11:25:51.0062 5660 Avgtdix (aaf0ebcad95f2164cffb544e00392498) I:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:25:51.0078 5660 Avgtdix - ok
11:25:51.0093 5660 BANTExt (5d7be7b19e827125e016325334e58ff1) I:\WINDOWS\System32\Drivers\BANTExt.sys
11:25:51.0156 5660 BANTExt - ok
11:25:51.0171 5660 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys
11:25:51.0187 5660 Beep - ok
11:25:51.0203 5660 CA561 (50ded7c73e0fb40693edab8cad7c46e7) I:\WINDOWS\system32\Drivers\SPCA561.SYS
11:25:51.0218 5660 CA561 - ok
11:25:51.0234 5660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys
11:25:51.0250 5660 cbidf2k - ok
11:25:51.0281 5660 CCDECODE (0be5aef125be881c4f854c554f2b025c) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:25:51.0312 5660 CCDECODE - ok
11:25:51.0312 5660 cd20xrnt - ok
11:25:51.0328 5660 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys
11:25:51.0359 5660 Cdaudio - ok
11:25:51.0375 5660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys
11:25:51.0375 5660 Cdfs - ok
11:25:51.0406 5660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys
11:25:51.0437 5660 Cdrom - ok
11:25:51.0437 5660 Changer - ok
11:25:51.0484 5660 CmdIde - ok
11:25:51.0500 5660 Cpqarray - ok
11:25:51.0500 5660 dac2w2k - ok
11:25:51.0515 5660 dac960nt - ok
11:25:51.0515 5660 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys
11:25:51.0515 5660 Disk - ok
11:25:51.0546 5660 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys
11:25:51.0578 5660 dmboot - ok
11:25:51.0593 5660 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys
11:25:51.0593 5660 dmio - ok
11:25:51.0609 5660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys
11:25:51.0625 5660 dmload - ok
11:25:51.0640 5660 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys
11:25:51.0656 5660 DMusic - ok
11:25:51.0656 5660 dpti2o - ok
11:25:51.0734 5660 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) I:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
11:25:51.0750 5660 driverhardwarev2 - ok
11:25:51.0765 5660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys
11:25:51.0765 5660 drmkaud - ok
11:25:51.0781 5660 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) I:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
11:25:51.0843 5660 dsNcAdpt - ok
11:25:51.0859 5660 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) I:\WINDOWS\system32\epmntdrv.sys
11:25:51.0890 5660 epmntdrv - ok
11:25:51.0906 5660 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) I:\WINDOWS\system32\EuGdiDrv.sys
11:25:51.0921 5660 EuGdiDrv - ok
11:25:51.0953 5660 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys
11:25:52.0000 5660 Fastfat - ok
11:25:52.0015 5660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\DRIVERS\fdc.sys
11:25:52.0031 5660 Fdc - ok
11:25:52.0046 5660 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys
11:25:52.0062 5660 Fips - ok
11:25:52.0078 5660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\drivers\Flpydisk.sys
11:25:52.0109 5660 Flpydisk - ok
11:25:52.0156 5660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys
11:25:52.0156 5660 FltMgr - ok
11:25:52.0171 5660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys
11:25:52.0187 5660 Fs_Rec - ok
11:25:52.0203 5660 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:25:52.0203 5660 Ftdisk - ok
11:25:52.0250 5660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:25:52.0250 5660 GEARAspiWDM - ok
11:25:52.0265 5660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys
11:25:52.0296 5660 Gpc - ok
11:25:52.0328 5660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:25:52.0328 5660 HDAudBus - ok
11:25:52.0359 5660 HPEAPPkt (4ba96e24c86aa9114862a4185dfef090) I:\WINDOWS\system32\DRIVERS\HPEAPPkt.sys
11:25:52.0390 5660 HPEAPPkt - ok
11:25:52.0406 5660 hpn - ok
11:25:52.0437 5660 HPNUCMP (7cd1be2631f98cabda8254154e913835) I:\WINDOWS\system32\DRIVERS\hpnucmp.sys
11:25:52.0437 5660 HPNUCMP - ok
11:25:52.0468 5660 hpnuhst (ac6abca57a9ca35dca94f9d0c60758bf) I:\WINDOWS\system32\DRIVERS\hpnuhst.sys
11:25:52.0500 5660 hpnuhst - ok
11:25:52.0531 5660 HPNUHUB (b5195883028b927cf05bfeddd6e80265) I:\WINDOWS\system32\DRIVERS\hpnuhub.sys
11:25:52.0562 5660 HPNUHUB - ok
11:25:52.0593 5660 HPZid412 (30ca91e657cede2f95359d6ef186f650) I:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:25:52.0593 5660 HPZid412 - ok
11:25:52.0625 5660 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) I:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:25:52.0625 5660 HPZipr12 - ok
11:25:52.0625 5660 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) I:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:25:52.0625 5660 HPZius12 - ok
11:25:52.0671 5660 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys
11:25:52.0671 5660 HTTP - ok
11:25:52.0671 5660 i2omgmt - ok
11:25:52.0687 5660 i2omp - ok
11:25:52.0718 5660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:25:52.0734 5660 i8042prt - ok
11:25:52.0765 5660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys
11:25:52.0781 5660 Imapi - ok
11:25:52.0781 5660 ini910u - ok
11:25:52.0921 5660 IntcAzAudAddService (dc02005d61e25678342c13dc48eca617) I:\WINDOWS\system32\drivers\RtkHDAud.sys
11:25:53.0031 5660 IntcAzAudAddService - ok
11:25:53.0046 5660 IntelIde - ok
11:25:53.0078 5660 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys
11:25:53.0078 5660 intelppm - ok
11:25:53.0093 5660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys
11:25:53.0093 5660 Ip6Fw - ok
11:25:53.0125 5660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:25:53.0140 5660 IpFilterDriver - ok
11:25:53.0156 5660 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys
11:25:53.0171 5660 IpInIp - ok
11:25:53.0187 5660 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys
11:25:53.0187 5660 IpNat - ok
11:25:53.0203 5660 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys
11:25:53.0203 5660 IPSec - ok
11:25:53.0218 5660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys
11:25:53.0250 5660 IRENUM - ok
11:25:53.0265 5660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys
11:25:53.0265 5660 isapnp - ok
11:25:53.0281 5660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:25:53.0296 5660 Kbdclass - ok
11:25:53.0328 5660 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys
11:25:53.0343 5660 kmixer - ok
11:25:53.0343 5660 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys
11:25:53.0359 5660 KSecDD - ok
11:25:53.0359 5660 lbrtfdc - ok
11:25:53.0390 5660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys
11:25:53.0421 5660 mnmdd - ok
11:25:53.0437 5660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys
11:25:53.0453 5660 Modem - ok
11:25:53.0484 5660 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) I:\WINDOWS\system32\drivers\Monfilt.sys
11:25:53.0531 5660 Monfilt - ok
11:25:53.0546 5660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys
11:25:53.0546 5660 Mouclass - ok
11:25:53.0562 5660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys
11:25:53.0562 5660 MountMgr - ok
11:25:53.0562 5660 mraid35x - ok
11:25:53.0578 5660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:25:53.0578 5660 MRxDAV - ok
11:25:53.0625 5660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:25:53.0671 5660 MRxSmb - ok
11:25:53.0671 5660 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys
11:25:53.0671 5660 Msfs - ok
11:25:53.0687 5660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys
11:25:53.0718 5660 MSKSSRV - ok
11:25:53.0734 5660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:25:53.0750 5660 MSPCLOCK - ok
11:25:53.0750 5660 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys
11:25:53.0765 5660 MSPQM - ok
11:25:53.0781 5660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:25:53.0781 5660 mssmbios - ok
11:25:53.0812 5660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) I:\WINDOWS\system32\drivers\MSTEE.sys
11:25:53.0812 5660 MSTEE - ok
11:25:53.0843 5660 Mup (de6a75f5c270e756c5508d94b6cf68f5) I:\WINDOWS\system32\drivers\Mup.sys
11:25:53.0843 5660 Mup - ok
11:25:53.0859 5660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:25:53.0875 5660 NABTSFEC - ok
11:25:53.0921 5660 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys
11:25:53.0921 5660 NDIS - ok
11:25:53.0953 5660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) I:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:25:53.0968 5660 NdisIP - ok
11:25:53.0984 5660 NdisTapi (0109c4f3850dfbab279542515386ae22) I:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:25:54.0046 5660 NdisTapi - ok
11:25:54.0062 5660 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:25:54.0062 5660 Ndisuio - ok
11:25:54.0078 5660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:25:54.0093 5660 NdisWan - ok
11:25:54.0125 5660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys
11:25:54.0156 5660 NDProxy - ok
11:25:54.0187 5660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys
11:25:54.0187 5660 NetBIOS - ok
11:25:54.0218 5660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys
11:25:54.0234 5660 NetBT - ok
11:25:54.0265 5660 npf (b9730495e0cf674680121e34bd95a73b) I:\WINDOWS\system32\drivers\npf.sys
11:25:54.0265 5660 npf - ok
11:25:54.0265 5660 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys
11:25:54.0265 5660 Npfs - ok
11:25:54.0296 5660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys
11:25:54.0312 5660 Ntfs - ok
11:25:54.0328 5660 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys
11:25:54.0328 5660 Null - ok
11:25:54.0546 5660 nv (6733e80a193fc36f41c24142b0c45c0e) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:25:54.0750 5660 nv - ok
11:25:54.0781 5660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:25:54.0812 5660 NwlnkFlt - ok
11:25:54.0812 5660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:25:54.0828 5660 NwlnkFwd - ok
11:25:54.0859 5660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\drivers\Parport.sys
11:25:54.0875 5660 Parport - ok
11:25:54.0890 5660 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys
11:25:54.0890 5660 PartMgr - ok
11:25:54.0906 5660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys
11:25:54.0937 5660 ParVdm - ok
11:25:54.0937 5660 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys
11:25:54.0937 5660 PCI - ok
11:25:54.0953 5660 PCIDump - ok
11:25:54.0968 5660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys
11:25:54.0968 5660 PCIIde - ok
11:25:54.0984 5660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\drivers\Pcmcia.sys
11:25:54.0984 5660 Pcmcia - ok
11:25:55.0000 5660 PDCOMP - ok
11:25:55.0000 5660 PDFRAME - ok
11:25:55.0015 5660 PDRELI - ok
11:25:55.0015 5660 PDRFRAME - ok
11:25:55.0031 5660 perc2 - ok
11:25:55.0031 5660 perc2hib - ok
11:25:55.0093 5660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys
11:25:55.0093 5660 PptpMiniport - ok
11:25:55.0125 5660 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys
11:25:55.0156 5660 PSched - ok
11:25:55.0171 5660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys
11:25:55.0187 5660 Ptilink - ok
11:25:55.0234 5660 PxHelp20 (40fedd328f98245ad201cf5f9f311724) I:\WINDOWS\system32\Drivers\PxHelp20.sys
11:25:55.0234 5660 PxHelp20 - ok
11:25:55.0265 5660 ql1080 - ok
11:25:55.0281 5660 Ql10wnt - ok
11:25:55.0296 5660 ql12160 - ok
11:25:55.0312 5660 ql1240 - ok
11:25:55.0328 5660 ql1280 - ok
11:25:55.0359 5660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:55.0359 5660 RasAcd - ok
11:25:55.0375 5660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:55.0375 5660 Rasl2tp - ok
11:25:55.0406 5660 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:55.0421 5660 RasPppoe - ok
11:25:55.0437 5660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:55.0437 5660 Raspti - ok
11:25:55.0468 5660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:55.0468 5660 Rdbss - ok
11:25:55.0500 5660 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:55.0500 5660 RDPCDD - ok
11:25:55.0546 5660 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:55.0562 5660 rdpdr - ok
11:25:55.0593 5660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) I:\WINDOWS\system32\drivers\RDPWD.sys
11:25:55.0609 5660 RDPWD - ok
11:25:55.0640 5660 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:55.0656 5660 redbook - ok
11:25:55.0703 5660 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) I:\WINDOWS\system32\Drivers\RtsUStor.sys
11:25:55.0703 5660 RSUSBSTOR - ok
11:25:55.0734 5660 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) I:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:25:55.0734 5660 RTLE8023xp - ok
11:25:55.0796 5660 RTLWUSB (56e405e01a179f53ec43bf60c0e27dfa) I:\WINDOWS\system32\DRIVERS\hpl8187.sys
11:25:55.0796 5660 RTLWUSB - ok
11:25:55.0828 5660 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:55.0828 5660 Secdrv - ok
11:25:55.0875 5660 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:55.0875 5660 serenum - ok
11:25:55.0890 5660 Serial (6c05791853d36173d84c0ccf9eb19c94) I:\WINDOWS\system32\DRIVERS\serial.sys
11:25:55.0890 5660 Serial ( Rootkit.Win32.ZAccess.j ) - infected
11:25:55.0890 5660 Serial - detected Rootkit.Win32.ZAccess.j (0)
11:25:55.0921 5660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:55.0937 5660 Sfloppy - ok
11:25:55.0968 5660 Simbad - ok
11:25:56.0015 5660 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) I:\WINDOWS\System32\Drivers\SjyPkt.sys
11:25:56.0031 5660 SjyPkt - ok
11:25:56.0062 5660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) I:\WINDOWS\system32\DRIVERS\SLIP.sys
11:25:56.0078 5660 SLIP - ok
11:25:56.0109 5660 snapman (c3bf55189aa92b8f919108ef9e4accae) I:\WINDOWS\system32\DRIVERS\snapman.sys
11:25:56.0109 5660 snapman - ok
11:25:56.0140 5660 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) I:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:25:56.0140 5660 SONYPVU1 - ok
11:25:56.0156 5660 Sparrow - ok
11:25:56.0187 5660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys
11:25:56.0203 5660 splitter - ok
11:25:56.0265 5660 sptd (cdddec541bc3c96f91ecb48759673505) I:\WINDOWS\system32\Drivers\sptd.sys
11:25:56.0265 5660 Suspicious file (NoAccess): I:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:25:56.0265 5660 sptd ( LockedFile.Multi.Generic ) - warning
11:25:56.0265 5660 sptd - detected LockedFile.Multi.Generic (1)
11:25:56.0281 5660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys
11:25:56.0281 5660 sr - ok
11:25:56.0328 5660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) I:\WINDOWS\system32\DRIVERS\srv.sys
11:25:56.0328 5660 Srv - ok
11:25:56.0359 5660 StarOpen (306521935042fc0a6988d528643619b3) I:\WINDOWS\system32\drivers\StarOpen.sys
11:25:56.0375 5660 StarOpen - ok
11:25:56.0406 5660 streamip (77813007ba6265c4b6098187e6ed79d2) I:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:25:56.0421 5660 streamip - ok
11:25:56.0437 5660 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:56.0453 5660 swenum - ok
11:25:56.0484 5660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys
11:25:56.0484 5660 swmidi - ok
11:25:56.0500 5660 symc810 - ok
11:25:56.0515 5660 symc8xx - ok
11:25:56.0546 5660 sym_hi - ok
11:25:56.0562 5660 sym_u3 - ok
11:25:56.0578 5660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys
11:25:56.0578 5660 sysaudio - ok
11:25:56.0625 5660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:56.0671 5660 Tcpip - ok
11:25:56.0703 5660 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:56.0703 5660 TDPIPE - ok
11:25:56.0734 5660 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) I:\WINDOWS\system32\DRIVERS\tdrpman.sys
11:25:56.0734 5660 tdrpman - ok
11:25:56.0765 5660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys
11:25:56.0781 5660 TDTCP - ok
11:25:56.0796 5660 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:56.0812 5660 TermDD - ok
11:25:56.0828 5660 tifsfilter (b0b3122bff3910e0ba97014045467778) I:\WINDOWS\system32\DRIVERS\tifsfilt.sys
11:25:56.0828 5660 tifsfilter - ok
11:25:56.0843 5660 timounter (13bfe330880ac0ce8672d00aa5aff738) I:\WINDOWS\system32\DRIVERS\timntr.sys
11:25:56.0843 5660 timounter - ok
11:25:56.0875 5660 TosIde - ok
11:25:56.0906 5660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys
11:25:56.0921 5660 Udfs - ok
11:25:56.0937 5660 ultra - ok
11:25:56.0984 5660 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys
11:25:56.0984 5660 Update - ok
11:25:57.0031 5660 USBAAPL (83cafcb53201bbac04d822f32438e244) I:\WINDOWS\system32\Drivers\usbaapl.sys
11:25:57.0062 5660 USBAAPL - ok
11:25:57.0109 5660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:57.0125 5660 usbccgp - ok
11:25:57.0203 5660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:57.0218 5660 usbehci - ok
11:25:57.0250 5660 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:57.0265 5660 usbhub - ok
11:25:57.0312 5660 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys
11:25:57.0312 5660 usbprint - ok
11:25:57.0343 5660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys
11:25:57.0343 5660 usbscan - ok
11:25:57.0359 5660 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:57.0359 5660 usbstor - ok
11:25:57.0390 5660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) I:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:25:57.0390 5660 usbuhci - ok
11:25:57.0421 5660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys
11:25:57.0437 5660 VgaSave - ok
11:25:57.0453 5660 ViaIde - ok
11:25:57.0484 5660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys
11:25:57.0484 5660 VolSnap - ok
11:25:57.0515 5660 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:57.0515 5660 Wanarp - ok
11:25:57.0546 5660 WDICA - ok
11:25:57.0578 5660 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys
11:25:57.0593 5660 wdmaud - ok
11:25:57.0640 5660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:25:57.0640 5660 WSTCODEC - ok
11:25:57.0656 5660 WudfPf (f15feafffbb3644ccc80c5da584e6311) I:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:25:57.0718 5660 WudfPf - ok
11:25:57.0750 5660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) I:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:25:57.0765 5660 WudfRd - ok
11:25:57.0796 5660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:57.0875 5660 \Device\Harddisk0\DR0 - ok
11:25:57.0875 5660 Boot (0x1200) (5c93dc8a28620afe4182f22988d16237) \Device\Harddisk0\DR0\Partition0
11:25:57.0875 5660 \Device\Harddisk0\DR0\Partition0 - ok
11:25:57.0890 5660 Boot (0x1200) (c017451df5138fdea120267236c93cfb) \Device\Harddisk0\DR0\Partition1
11:25:57.0890 5660 \Device\Harddisk0\DR0\Partition1 - ok
11:25:57.0890 5660 ============================================================
11:25:57.0890 5660 Scan finished
11:25:57.0890 5660 ============================================================
11:25:57.0906 5768 Detected object count: 2
11:25:57.0906 5768 Actual detected object count: 2
11:32:41.0437 5768 I:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
11:32:41.0437 5768 Serial ( Rootkit.Win32.ZAccess.j ) - User select action: Quarantine
11:32:41.0515 5768 I:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
11:32:41.0515 5768 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
0
Réponse 3 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 11:43
STOP - ça sert à rien de faire la suite.

11:32:41.0437 5768 I:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
Il aurait fallu faire cure si l'option était dispo.
Enfin surement que Windows a restauré le driver.


Fais ça :

Passe ce tool : https://www.malekal.com/zeroaccesssirefef-remover/
Poste le rapport ici.
Redémarre l'ordinateur

0
Réponse 4 / 16
Phlabda
25 oct. 2011 à 12:08
Bonjour,
voila le rapport ... je redémarre l'ordi
Check file "acpi.sys"... Clean!
Check file "acpiec.sys"... Clean!
Check file "aec.sys"... Clean!
Check file "afd.sys"... Clean!
Check file "AFS2K.SYS"... Clean!
Check file "agp440.sys"... Clean!
Check file "agpcpq.sys"... Clean!
Check file "alim1541.sys"... Clean!
Check file "Ambfilt.sys"... Clean!
Check file "amdagp.sys"... Clean!
Check file "amdk6.sys"... Clean!
Check file "amdk7.sys"... Clean!
Check file "arp1394.sys"... Clean!
Check file "asyncmac.sys"... Clean!
Check file "atapi.sys"... Clean!
Check file "ati1btxx.sys"... Clean!
Check file "ati1mdxx.sys"... Clean!
Check file "ati1pdxx.sys"... Clean!
Check file "ati1raxx.sys"... Clean!
Check file "ati1rvxx.sys"... Clean!
Check file "ati1snxx.sys"... Clean!
Check file "ati1ttxx.sys"... Clean!
Check file "ati1tuxx.sys"... Clean!
Check file "ati1xbxx.sys"... Clean!
Check file "ati1xsxx.sys"... Clean!
Check file "ati2mtaa.sys"... Clean!
Check file "ati2mtag.sys"... Clean!
Check file "atinbtxx.sys"... Clean!
Check file "atinmdxx.sys"... Clean!
Check file "atinpdxx.sys"... Clean!
Check file "atinraxx.sys"... Clean!
Check file "atinrvxx.sys"... Clean!
Check file "atinsnxx.sys"... Clean!
Check file "atinttxx.sys"... Clean!
Check file "atintuxx.sys"... Clean!
Check file "atinxbxx.sys"... Clean!
Check file "atinxsxx.sys"... Clean!
Check file "atmarpc.sys"... Clean!
Check file "atmepvc.sys"... Clean!
Check file "atmlane.sys"... Clean!
Check file "atmuni.sys"... Clean!
Check file "audstub.sys"... Clean!
Check file "AVGIDSDriver.sys"... Clean!
Check file "AVGIDSEH.sys"... Clean!
Check file "AVGIDSFilter.sys"... Clean!
Check file "AVGIDSShim.sys"... Clean!
Check file "avgldx86.sys"... Clean!
Check file "avgmfx86.sys"... Clean!
Check file "avgrkx86.sys"... Clean!
Check file "avgtdix.sys"... Clean!
Check file "BANTExt.sys"... Clean!
Check file "beep.sys"... Clean!
Check file "bridge.sys"... Clean!
Check file "bthenum.sys"... Clean!
Check file "bthmodem.sys"... Clean!
Check file "bthpan.sys"... Clean!
Check file "bthport.sys"... Clean!
Check file "bthprint.sys"... Clean!
Check file "bthusb.sys"... Clean!
Check file "cbidf2k.sys"... Clean!
Check file "ccdecode.sys"... Clean!
Check file "cdaudio.sys"... Clean!
Check file "cdfs.sys"... Clean!
Check file "cdr4_xp.sys"... Clean!
Check file "cdralw2k.sys"... Clean!
Check file "cdrom.sys"... Clean!
Check file "cinemst2.sys"... Clean!
Check file "classpnp.sys"... Clean!
Check file "cpqdap01.sys"... Clean!
Check file "crusoe.sys"... Clean!
Check file "disk.sys"... Clean!
Check file "diskdump.sys"... Clean!
Check file "dmboot.sys"... Clean!
Check file "dmio.sys"... Clean!
Check file "dmload.sys"... Clean!
Check file "DMusic.sys"... Clean!
Check file "drmk.sys"... Clean!
Check file "drmkaud.sys"... Clean!
Check file "dsNcAdpt.sys"... Clean!
Check file "dxapi.sys"... Clean!
Check file "dxg.sys"... Clean!
Check file "dxgthk.sys"... Clean!
Check file "fastfat.sys"... Clean!
Check file "fdc.sys"... Clean!
Check file "fips.sys"... Clean!
Check file "flpydisk.sys"... Clean!
Check file "fltmgr.sys"... Clean!
Check file "fsvga.sys"... Clean!
Check file "fs_rec.sys"... Clean!
Check file "ftdisk.sys"... Clean!
Check file "gagp30kx.sys"... Clean!
Check file "GEARAspiWDM.sys"... Clean!
Check file "hdaudbus.sys"... Clean!
Check file "hidbth.sys"... Clean!
Check file "hidclass.sys"... Clean!
Check file "hidir.sys"... Clean!
Check file "hidparse.sys"... Clean!
Check file "HPEAPPkt.sys"... Clean!
Check file "HPL8187.SYS"... Clean!
Check file "hpnucmp.sys"... Clean!
Check file "hpnuhst.sys"... Clean!
Check file "hpnuhub.sys"... Clean!
Check file "HPZid412.sys"... Clean!
Check file "HPZipr12.sys"... Clean!
Check file "HPZius12.sys"... Clean!
Check file "hsfbs2s2.sys"... Clean!
Check file "hsfcxts2.sys"... Clean!
Check file "hsfdpsp2.sys"... Clean!
Check file "http.sys"... Clean!
Check file "i8042prt.sys"... Clean!
Check file "imapi.sys"... Clean!
Check file "intelppm.sys"... Clean!
Check file "ip6fw.sys"... Clean!
Check file "ipfltdrv.sys"... Clean!
Check file "ipinip.sys"... Clean!
Check file "ipnat.sys"... Clean!
Check file "ipsec.sys"... Clean!
Check file "irbus.sys"... Clean!
Check file "irenum.sys"... Clean!
Check file "isapnp.sys"... Clean!
Check file "kbdclass.sys"... Clean!
Check file "kmixer.sys"... Clean!
Check file "ks.sys"... Clean!
Check file "ksecdd.sys"... Clean!
Check file "mcd.sys"... Clean!
Check file "mdmxsdk.sys"... Clean!
Check file "mf.sys"... Clean!
Check file "mnmdd.sys"... Clean!
Check file "modem.sys"... Clean!
Check file "Monfilt.sys"... Clean!
Check file "mouclass.sys"... Clean!
Check file "mountmgr.sys"... Clean!
Check file "mqac.sys"... Clean!
Check file "mrxdav.sys"... Clean!
Check file "mrxsmb.sys"... Clean!
Check file "msfs.sys"... Clean!
Check file "msgpc.sys"... Clean!
Check file "mskssrv.sys"... Clean!
Check file "mspclock.sys"... Clean!
Check file "mspqm.sys"... Clean!
Check file "mssmbios.sys"... Clean!
Check file "mstee.sys"... Clean!
Check file "mtlmnt5.sys"... Clean!
Check file "mtlstrm.sys"... Clean!
Check file "mtxparhm.sys"... Clean!
Check file "mup.sys"... Clean!
Check file "mutohpen.sys"... Clean!
Check file "nabtsfec.sys"... Clean!
Check file "ndis.sys"... Clean!
Check file "ndisip.sys"... Clean!
Check file "ndistapi.sys"... Clean!
Check file "ndisuio.sys"... Clean!
Check file "ndiswan.sys"... Clean!
Check file "ndproxy.sys"... Clean!
Check file "netbios.sys"... Clean!
Check file "netbt.sys"... Clean!
Check file "nic1394.sys"... Clean!
Check file "nikedrv.sys"... Clean!
Check file "nmnt.sys"... Clean!
Check file "npf.sys"... Clean!
Check file "npfs.sys"... Clean!
Check file "ntfs.sys"... Clean!
Check file "ntmtlfax.sys"... Clean!
Check file "null.sys"... Clean!
Check file "nv4_mini.sys"... Clean!
Check file "nwlnkflt.sys"... Clean!
Check file "nwlnkfwd.sys"... Clean!
Check file "nwlnkipx.sys"... Clean!
Check file "nwlnknb.sys"... Clean!
Check file "nwlnkspx.sys"... Clean!
Check file "nwrdr.sys"... Clean!
Check file "oprghdlr.sys"... Clean!
Check file "p3.sys"... Clean!
Check file "parport.sys"... Clean!
Check file "partmgr.sys"... Clean!
Check file "parvdm.sys"... Clean!
Check file "pci.sys"... Clean!
Check file "pciide.sys"... Clean!
Check file "pciidex.sys"... Clean!
Check file "pcmcia.sys"... Clean!
Check file "portcls.sys"... Clean!
Check file "processr.sys"... Clean!
Check file "psched.sys"... Clean!
Check file "ptilink.sys"... Clean!
Check file "pxhelp20.sys"... Clean!
Check file "rasacd.sys"... Clean!
Check file "rasl2tp.sys"... Clean!
Check file "raspppoe.sys"... Clean!
Check file "raspptp.sys"... Clean!
Check file "raspti.sys"... Clean!
Check file "rawwan.sys"... Clean!
Check file "rdbss.sys"... Clean!
Check file "rdpcdd.sys"... Clean!
Check file "rdpdr.sys"... Clean!
Check file "rdpwd.sys"... Clean!
Check file "recagent.sys"... Clean!
Check file "redbook.sys"... Clean!
Check file "rfcomm.sys"... Clean!
Check file "rio8drv.sys"... Clean!
Check file "riodrv.sys"... Clean!
Check file "rmcast.sys"... Clean!
Check file "rndismp.sys"... Clean!
Check file "rndismpx.sys"... Clean!
Check file "rootmdm.sys"... Clean!
Check file "Rtenicxp.sys"... Clean!
Check file "RtkHDAud.sys"... Clean!
Check file "RTKVHDA.sys"... Clean!
Check file "RtsUStor.sys"... Clean!
Check file "s3gnbm.sys"... Clean!
Check file "scsiport.sys"... Clean!
Check file "sdbus.sys"... Clean!
Check file "secdrv.sys"... Clean!
Check file "serenum.sys"... Clean!
Check file "serial.sys"... Clean!
Check file "sffdisk.sys"... Clean!
Check file "sffp_mmc.sys"... Clean!
Check file "sffp_sd.sys"... Clean!
Check file "sfloppy.sys"... Clean!
Check file "sisagp.sys"... Clean!
Check file "SjyPkt.sys"... Clean!
Check file "slip.sys"... Clean!
Check file "slnt7554.sys"... Clean!
Check file "slntamr.sys"... Clean!
Check file "slnthal.sys"... Clean!
Check file "slwdmsup.sys"... Clean!
Check file "smbali.sys"... Clean!
Check file "smclib.sys"... Clean!
Check file "snapman.sys"... Clean!
Check file "sonydcam.sys"... Clean!
Check file "SONYPVU1.SYS"... Clean!
Check file "SPCA561.SYS"... Clean!
Check file "splitter.sys"... Clean!
Check file "sptd.sys"... Error!
Check file "sr.sys"... Clean!
Check file "srv.sys"... Clean!
Check file "StarOpen.sys"... Clean!
Check file "stream.sys"... Clean!
Check file "streamip.sys"... Clean!
Check file "swenum.sys"... Clean!
Check file "swmidi.sys"... Clean!
Check file "sysaudio.sys"... Clean!
Check file "tape.sys"... Clean!
Check file "tcpip.sys"... Clean!
Check file "tcpip6.sys"... Clean!
Check file "tdi.sys"... Clean!
Check file "tdpipe.sys"... Clean!
Check file "tdrpman.sys"... Clean!
Check file "tdtcp.sys"... Clean!
Check file "termdd.sys"... Clean!
Check file "tifsfilt.sys"... Clean!
Check file "timntr.sys"... Clean!
Check file "tosdvd.sys"... Clean!
Check file "tsbvcap.sys"... Clean!
Check file "tunmp.sys"... Clean!
Check file "uagp35.sys"... Clean!
Check file "udfs.sys"... Clean!
Check file "update.sys"... Clean!
Check file "usb8023.sys"... Clean!
Check file "usb8023x.sys"... Clean!
Check file "usbaapl.sys"... Clean!
Check file "usbcamd.sys"... Clean!
Check file "usbcamd2.sys"... Clean!
Check file "usbccgp.sys"... Clean!
Check file "usbd.sys"... Clean!
Check file "usbehci.sys"... Clean!
Check file "usbhub.sys"... Clean!
Check file "usbintel.sys"... Clean!
Check file "usbport.sys"... Clean!
Check file "usbprint.sys"... Clean!
Check file "usbscan.sys"... Clean!
Check file "usbstor.sys"... Clean!
Check file "usbuhci.sys"... Clean!
Check file "usbvideo.sys"... Clean!
Check file "vdmindvd.sys"... Clean!
Check file "vga.sys"... Clean!
Check file "viaagp.sys"... Clean!
Check file "videoprt.sys"... Clean!
Check file "volsnap.sys"... Clean!
Check file "wacompen.sys"... Clean!
Check file "wadv07nt.sys"... Clean!
Check file "wadv08nt.sys"... Clean!
Check file "wadv09nt.sys"... Clean!
Check file "wadv11nt.sys"... Clean!
Check file "wanarp.sys"... Clean!
Check file "watv06nt.sys"... Clean!
Check file "watv10nt.sys"... Clean!
Check file "wdmaud.sys"... Clean!
Check file "wmilib.sys"... Clean!
Check file "wpdusb.sys"... Clean!
Check file "ws2ifsl.sys"... Clean!
Check file "wstcodec.sys"... Clean!
Check file "WudfPf.sys"... Clean!
Check file "WudfRd.sys"... Clean!

Warning! One or more errors occurred!
Your system is not infected by ZeroAccess/Max++ Rootkit!

Execution ended.
Press any key to exit...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
Phlabda
25 oct. 2011 à 12:11
j'ai oublié celui-ci de rapport

Webroot AntiZeroAccess 0.8 Log File
Execution time: 25/10/2011 - 12:04
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:02 - CheckSystem - Begin to check system...
12:05:02 - OpenRootDrive - Opening system root volume and physical drive....
12:05:03 - I Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x082E6921 sectors.
12:05:03 - PrevX Main driver extracted in "I:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:03 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:03 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:06 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
12:05:07 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:07 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:05:07 - Execution Ended!
0
Réponse 6 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 12:16
et ça t'a proposé de nettoyer (cure) ?
T'as encore des plantages ?
0
Réponse 7 / 16
Phlabda
25 oct. 2011 à 12:32
Bonjour,
- Non il ne m'a pas proposé de nettoyer
- au démarrage j'ai toujours le message qui me dit :
"To help protect your computer, windows has closed this program Name:Generic host process for win32 services"
0
Réponse 8 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 12:35
et si tu passes celui-ci, ça dit quoi ?
https://forum.malekal.com/viewtopic.php?t=34542&start=
0
Réponse 9 / 16
Phlabda
25 oct. 2011 à 13:00
voila le rapport et je reboote


Rootkit Remover v0.1
McAfee Labs.
-=* FOR LIMITED DISTRIBUTION ONLY *=-


Initializing...
Initialization complete!

Now Scanning...
Scan Result --> ZeroAccess trojan detected!!!

Now Cleaning...
The trojan was cleaned successfully!
Please reboot immediately to complete the cleaning.


Press any key to exit.
0
Réponse 10 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 13:02
ça donne quoi au redémarrage ?
0
Réponse 11 / 16
Phlabda
25 oct. 2011 à 13:07
Bonjour,
je n'ai plus le message d'erreur de windows
Est-ce que je peux supprimer tout ce qu'il y a en quarantaine?
0
Réponse 12 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 13:20
non attends pour la quarantaine.

Continue la procédure donnée au départ Malwarebyte PUIS OTL : https://forums.commentcamarche.net/forum/affich-23475995-cheval-de-troie#1
0
Réponse 13 / 16
Phlabda
25 oct. 2011 à 13:50
Bonjour,
voilà le rapport de malwarebyte (je fais OTL ou j'attends ton feu vert)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8016

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/10/2011 13:40:39
mbam-log-2011-10-25 (13-40-39).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 198881
Temps écoulé: 7 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
i:\RECYCLER\s-1-5-21-682003330-920026266-725345543-1003\Di1.EXE (Hacktool.Gen) -> Quarantined and deleted successfully.
0
Réponse 14 / 16
Phlabda
25 oct. 2011 à 14:36
Bonjour,
voilà pour OTL

http://pjjoint.malekal.com/files.php?id=p8t7c9o6e5h5q10l9e13s12d13x11u13n8q12c8j11s7e14c5

http://pjjoint.malekal.com/files.php?id=x8b11b8p14y9b13z13k13s8p14e14b8y15p13q5q5u12w11g8i6
0
Réponse 15 / 16
Phlabda
25 oct. 2011 à 17:37
Bonjour,
absent quelques heures, je me suis à nouveau connecté sur internet et l'antivirus a re-détecté un cheval de troie
"Infection";"Cheval de Troie : Agent_r.AQN";"i:\System Volume Information\_restore{B5DDA682-A8EA-4CD1-8F0E-9E222721D81E}\RP733\A0130077.sys";"N/A";"25/10/2011, 17:25:48" que j'ai mis en quarantaine.
Que puis-je faire maintenant?
Merci pour votre aide
Phlabda
0
Réponse 16 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
25 oct. 2011 à 17:48
Je pense que c'est OK.
Mets à jour AVG, tu as la version 10, la dernière version est la 2012.

Fais plus attention à l'avenir....

Maintiens tes logiciels à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
Absolument à faire.

Les antivirus ne font pas tout en ce qui concerne la sécurité de ta machine (mettre à jour ses logiciels etc etc)
La meilleur protection reste de connaître les infections pour pouvoir les éviter et avoir de bonne habitude.
Donc faut se documenter.

Si tu utilises Avast! ou AVG - regle le pour détecter les LPIs - voir : https://www.malekal.com/adwares-pup-protection/

Un peu de lecture pour éviter les infections :
- connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
- sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html et https://www.commentcamarche.net/faq/8934-securisation-de-son-pc
- Si tu utilises Avast! ou AVG, pense à activer les détections PUPs/LPIs : https://www.commentcamarche.net/faq/32913-avast-et-avg-activer-la-detection-des-pups-lpis
- lire : http://www.commentcamarche.net/faq/27128-malwares-quels-enjeux-version-synthese

Ce qu'il ne faut pas faire :
Je télécharge n'importe quoi - je m'infecte - evite les programmes par publicités ou sur les liens commerciaux des moteurs de recherche - ce sont des arnaques ::
Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/
Exemple de ce qu'il ne faut pas faire :
https://forums.commentcamarche.net/forum/affich-19719198-onglets-pub-intempestifs#14
https://forums.commentcamarche.net/forum/affich-18347759-le-nouveau-avast-sonne-trop-souvent#9
Je télécharge depuis n'importe où - je m'infecte : https://forums.commentcamarche.net/forum/affich-19916973-clickpotato-vlc-virus#6
Recommandations sur la sécurité : https://forums.commentcamarche.net/forum/affich-18680013-windows-7-et-antispyware#1

Fonctionnement de quelques catégories de malwares :
https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus

Si tu as des questions sur le fonctionement des malwares.
N'hésite pas.
0

Discussions similaires

L'antivirus ESET NOD32 bloque UPTOBOX ( HTML/ScrInject.B ).
Logan -
Snoopyx -

10 réponses
Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses
Cheval de Troie et ordi bloqué!!!
Bouillouck -
Speed-Air -

3 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses