Cheval de troie Win32.ZAccess.ob
Fermé
amystie
-
28 oct. 2011 à 17:39
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 oct. 2011 à 10:42
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 oct. 2011 à 10:42
A voir également:
- Cheval de troie Win32.ZAccess.ob
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Win32:malware-gen ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Être à cheval entre deux choses - Forum Études / Formation High-Tech
- Win32 pup gen ✓ - Forum Linux / Unix
7 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
28 oct. 2011 à 17:42
28 oct. 2011 à 17:42
Salut,
Tu as infection bien pénible.
Tu peux essayer ces deux programmes dans l'ordre voir ce que ça donne, redémarre après le premier s'il détecte qq chose :
https://forum.malekal.com/viewtopic.php?t=34542&start=
puis : https://www.malekal.com/zeroaccesssirefef-remover/
Poste les rapports, ensuite.
Tu as infection bien pénible.
Tu peux essayer ces deux programmes dans l'ordre voir ce que ça donne, redémarre après le premier s'il détecte qq chose :
https://forum.malekal.com/viewtopic.php?t=34542&start=
puis : https://www.malekal.com/zeroaccesssirefef-remover/
Poste les rapports, ensuite.
Webroot AntiZeroAccess 0.8 Log File
Execution time: 28/10/2011 - 12:05
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:26 - CheckSystem - Begin to check system...
12:05:26 - OpenRootDrive - Opening system root volume and physical drive....
12:05:26 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x098A40EC sectors.
12:05:27 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:28 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:28 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:05:32 - Execution Ended!
Execution time: 28/10/2011 - 12:05
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:26 - CheckSystem - Begin to check system...
12:05:26 - OpenRootDrive - Opening system root volume and physical drive....
12:05:26 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x098A40EC sectors.
12:05:27 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:28 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:28 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
12:05:32 - Execution Ended!
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
29 oct. 2011 à 00:36
29 oct. 2011 à 00:36
manque celui de McAfee.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
29 oct. 2011 à 00:42
29 oct. 2011 à 00:42
Passe cet outil : https://forum.malekal.com/viewtopic.php?t=34542&start=
et retente WebRoot AntiZeroAccess ensuite.
et retente WebRoot AntiZeroAccess ensuite.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
29 oct. 2011 à 01:15
29 oct. 2011 à 01:15
Dis à Kaspersky d'accepter.
Le formatage est une solution, à toi de voir, si ça ira plus vite :)
Le formatage est une solution, à toi de voir, si ça ira plus vite :)
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
29 oct. 2011 à 01:26
29 oct. 2011 à 01:26
essaye en mode sans échec :
Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec avec prise en charge du réseau et appuye sur la touche entrée du clavier.
Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec avec prise en charge du réseau et appuye sur la touche entrée du clavier.
Voici un autre test
Webroot ZeroAccess Remover
Copyright(c) 2011 Webroot
www.webroot.com
This program will scan and remove any form of ZeroAccess Rootkit.
Would you like to perform a System Scan? [Y/N] y
Check rootkit device: Found!
System Disk class driver state: Infected!!!
Current analysis path: C:\WINDOWS\system32\Drivers\
Check file "acpi.sys"... Clean!
Check file "acpiec.sys"... Clean!
Check file "aec.sys"... Clean!
Check file "afd.sys"... Clean!
Check file "alcxwdm.sys"... Clean!
Check file "amdk6.sys"... Clean!
Check file "amdk7.sys"... Clean!
Check file "arp1394.sys"... Clean!
Check file "asyncmac.sys"... Clean!
Check file "atapi.sys"... Clean!
Check file "atmarpc.sys"... Clean!
Check file "atmepvc.sys"... Clean!
Check file "atmlane.sys"... Clean!
Check file "atmuni.sys"... Clean!
Check file "audstub.sys"... Clean!
Check file "beep.sys"... Clean!
Check file "bridge.sys"... Clean!
Check file "bthport.sys"... Clean!
Check file "cbidf2k.sys"... Clean!
Check file "cdaudio.sys"... Clean!
Check file "cdfs.sys"... Clean!
Check file "cdr4_xp.sys"... Clean!
Check file "cdralw2k.sys"... Clean!
Check file "cdrom.sys"... Clean!
Check file "cinemst2.sys"... Clean!
Check file "classpnp.sys"... Clean!
Check file "cmuda.sys"... Clean!
Check file "cpqdap01.sys"... Clean!
Check file "crusoe.sys"... Clean!
Check file "CSCrySec.sys"... Clean!
Check file "CSVirtualDiskDrv.sys"... Clean!
Check file "disk.sys"... Clean!
Check file "diskdump.sys"... Clean!
Check file "dmboot.sys"... Clean!
Check file "dmio.sys"... Clean!
Check file "dmload.sys"... Clean!
Check file "DMusic.sys"... Clean!
Check file "drmk.sys"... Clean!
Check file "drmkaud.sys"... Clean!
Check file "dxapi.sys"... Clean!
Check file "dxg.sys"... Clean!
Check file "dxgthk.sys"... Clean!
Check file "fastfat.sys"... Clean!
Check file "fdc.sys"... Clean!
Check file "fetnd5bv.sys"... Clean!
Check file "fips.sys"... Clean!
Check file "flpydisk.sys"... Clean!
Check file "fltMgr.sys"... Clean!
Check file "fsvga.sys"... Clean!
Check file "fs_rec.sys"... Clean!
Check file "ftdisk.sys"... Clean!
Check file "GEARAspiWDM.sys"... Clean!
Check file "grmngen.sys"... Clean!
Check file "grmnusb.sys"... Clean!
Check file "hdaudbus.sys"... Clean!
Check file "hidclass.sys"... Clean!
Check file "hidparse.sys"... Clean!
Check file "hidusb.sys"... Clean!
Check file "http.sys"... Clean!
Check file "i8042prt.sys"... Clean!
Check file "imapi.sys"... Clean!
Check file "intelppm.sys"... Clean!
Check file "ip6fw.sys"... Clean!
Check file "ipfltdrv.sys"... Clean!
Check file "ipinip.sys"... Clean!
Check file "ipnat.sys"... Clean!
Check file "ipsec.sys"... Clean!
Check file "irenum.sys"... Clean!
Check file "isapnp.sys"... Clean!
Check file "kbdclass.sys"... Clean!
Check file "kbdhid.sys"... Error!
Check file "kl1.sys"... Error!
Check file "klbg.sys"... Error!
Check file "klif.sys"... Error!
Check file "klim5.sys"... Error!
Check file "klmouflt.sys"... Error!
Check file "kmixer.sys"... Clean!
Check file "ks.sys"... Clean!
Check file "ksecdd.sys"... Clean!
Check file "mcd.sys"... Clean!
Check file "mf.sys"... Clean!
Check file "mhndrv.sys"... Clean!
Check file "mnmdd.sys"... Clean!
Check file "modem.sys"... Clean!
Check file "mouclass.sys"... Clean!
Check file "mouhid.sys"... Clean!
Check file "mountmgr.sys"... Clean!
Check file "mqac.sys"... Clean!
Check file "mrxdav.sys"... Clean!
Check file "mrxsmb.sys"... Clean!
Check file "msfs.sys"... Clean!
Check file "msgpc.sys"... Clean!
Check file "MSKSSRV.sys"... Clean!
Check file "MSPCLOCK.sys"... Clean!
Check file "MSPQM.sys"... Clean!
Check file "mssmbios.sys"... Clean!
Check file "mup.sys"... Clean!
Check file "ndis.sys"... Clean!
Check file "ndistapi.sys"... Clean!
Check file "ndisuio.sys"... Clean!
Check file "ndiswan.sys"... Clean!
Check file "ndproxy.sys"... Clean!
Check file "netbios.sys"... Clean!
Check file "netbt.sys"... Clean!
Check file "nic1394.sys"... Clean!
Check file "nikedrv.sys"... Clean!
Check file "nmnt.sys"... Clean!
Check file "npfs.sys"... Clean!
Check file "ntfs.sys"... Clean!
Check file "nuidfltr.sys"... Clean!
Check file "null.sys"... Clean!
Check file "nwlnkflt.sys"... Clean!
Check file "nwlnkfwd.sys"... Clean!
Check file "nwlnkipx.sys"... Clean!
Check file "nwlnknb.sys"... Clean!
Check file "nwlnkspx.sys"... Clean!
Check file "nwrdr.sys"... Clean!
Check file "oprghdlr.sys"... Clean!
Check file "p3.sys"... Clean!
Check file "parport.sys"... Clean!
Check file "partmgr.sys"... Clean!
Check file "parvdm.sys"... Clean!
Check file "pci.sys"... Clean!
Check file "pciidex.sys"... Clean!
Check file "pcmcia.sys"... Clean!
Check file "point32.sys"... Clean!
Check file "portcls.sys"... Clean!
Check file "processr.sys"... Clean!
Check file "psched.sys"... Clean!
Check file "ptilink.sys"... Clean!
Check file "pxhelp20.sys"... Clean!
Check file "rasacd.sys"... Clean!
Check file "rasl2tp.sys"... Clean!
Check file "raspppoe.sys"... Clean!
Check file "raspptp.sys"... Clean!
Check file "raspti.sys"... Clean!
Check file "rawwan.sys"... Clean!
Check file "rdbss.sys"... Clean!
Check file "rdpcdd.sys"... Clean!
Check file "rdpdr.sys"... Clean!
Check file "rdpwd.sys"... Clean!
Check file "redbook.sys"... Clean!
Check file "RimSerial.sys"... Clean!
Check file "rio8drv.sys"... Clean!
Check file "riodrv.sys"... Clean!
Check file "RMCast.sys"... Clean!
Check file "rndismp.sys"... Clean!
Check file "rootmdm.sys"... Clean!
Check file "rspndr.sys"... Clean!
Check file "RTL8192u.sys"... Clean!
Check file "s3gnbm.sys"... Clean!
Check file "scsiport.sys"... Clean!
Check file "sdbus.sys"... Clean!
Check file "secdrv.sys"... Clean!
Check file "serenum.sys"... Clean!
Check file "serial.sys"... Clean!
Check file "sffdisk.sys"... Clean!
Check file "sffp_mmc.sys"... Clean!
Check file "sffp_sd.sys"... Clean!
Check file "sfloppy.sys"... Clean!
Check file "smclib.sys"... Clean!
Check file "sonydcam.sys"... Clean!
Check file "splitter.sys"... Clean!
Check file "sr.sys"... Clean!
Check file "srv.sys"... Clean!
Check file "stream.sys"... Clean!
Check file "swenum.sys"... Clean!
Check file "swmidi.sys"... Clean!
Check file "sysaudio.sys"... Clean!
Check file "tape.sys"... Clean!
Check file "tcpip.sys"... Clean!
Check file "tcpip6.sys"... Clean!
Check file "tdi.sys"... Clean!
Check file "tdpipe.sys"... Clean!
Check file "tdtcp.sys"... Clean!
Check file "termdd.sys"... Clean!
Check file "tosdvd.sys"... Clean!
Check file "tsbvcap.sys"... Clean!
Check file "tunmp.sys"... Clean!
Check file "udfs.sys"... Clean!
Check file "update.sys"... Clean!
Check file "usb8023.sys"... Clean!
Check file "usbaapl.sys"... Clean!
Check file "usbcamd.sys"... Clean!
Check file "usbcamd2.sys"... Clean!
Check file "usbccgp.sys"... Clean!
Check file "usbd.sys"... Clean!
Check file "usbehci.sys"... Clean!
Check file "usbhub.sys"... Clean!
Check file "usbintel.sys"... Clean!
Check file "usbport.sys"... Clean!
Check file "usbprint.sys"... Clean!
Check file "usbscan.sys"... Clean!
Check file "USBSTOR.SYS"... Clean!
Check file "usbuhci.sys"... Clean!
Check file "vdmindvd.sys"... Clean!
Check file "vga.sys"... Clean!
Check file "VIAAGP1.SYS"... Clean!
Check file "viaide.sys"... Clean!
Check file "videoprt.sys"... Clean!
Check file "videX32.sys"... Clean!
Check file "volsnap.sys"... Clean!
Check file "wanarp.sys"... Clean!
Check file "wdf01000.sys"... Clean!
Check file "wdfldr.sys"... Clean!
Check file "wdmaud.sys"... Clean!
Check file "wmilib.sys"... Clean!
Check file "wpdusb.sys"... Clean!
Check file "ws2ifsl.sys"... Clean!
Check file "wudfpf.sys"... Clean!
Check file "wudfrd.sys"... Clean!
Warning! One or more errors occurred!
Your system is not infected by ZeroAccess/Max++ Rootkit!
Execution ended.
Webroot ZeroAccess Remover
Copyright(c) 2011 Webroot
www.webroot.com
This program will scan and remove any form of ZeroAccess Rootkit.
Would you like to perform a System Scan? [Y/N] y
Check rootkit device: Found!
System Disk class driver state: Infected!!!
Current analysis path: C:\WINDOWS\system32\Drivers\
Check file "acpi.sys"... Clean!
Check file "acpiec.sys"... Clean!
Check file "aec.sys"... Clean!
Check file "afd.sys"... Clean!
Check file "alcxwdm.sys"... Clean!
Check file "amdk6.sys"... Clean!
Check file "amdk7.sys"... Clean!
Check file "arp1394.sys"... Clean!
Check file "asyncmac.sys"... Clean!
Check file "atapi.sys"... Clean!
Check file "atmarpc.sys"... Clean!
Check file "atmepvc.sys"... Clean!
Check file "atmlane.sys"... Clean!
Check file "atmuni.sys"... Clean!
Check file "audstub.sys"... Clean!
Check file "beep.sys"... Clean!
Check file "bridge.sys"... Clean!
Check file "bthport.sys"... Clean!
Check file "cbidf2k.sys"... Clean!
Check file "cdaudio.sys"... Clean!
Check file "cdfs.sys"... Clean!
Check file "cdr4_xp.sys"... Clean!
Check file "cdralw2k.sys"... Clean!
Check file "cdrom.sys"... Clean!
Check file "cinemst2.sys"... Clean!
Check file "classpnp.sys"... Clean!
Check file "cmuda.sys"... Clean!
Check file "cpqdap01.sys"... Clean!
Check file "crusoe.sys"... Clean!
Check file "CSCrySec.sys"... Clean!
Check file "CSVirtualDiskDrv.sys"... Clean!
Check file "disk.sys"... Clean!
Check file "diskdump.sys"... Clean!
Check file "dmboot.sys"... Clean!
Check file "dmio.sys"... Clean!
Check file "dmload.sys"... Clean!
Check file "DMusic.sys"... Clean!
Check file "drmk.sys"... Clean!
Check file "drmkaud.sys"... Clean!
Check file "dxapi.sys"... Clean!
Check file "dxg.sys"... Clean!
Check file "dxgthk.sys"... Clean!
Check file "fastfat.sys"... Clean!
Check file "fdc.sys"... Clean!
Check file "fetnd5bv.sys"... Clean!
Check file "fips.sys"... Clean!
Check file "flpydisk.sys"... Clean!
Check file "fltMgr.sys"... Clean!
Check file "fsvga.sys"... Clean!
Check file "fs_rec.sys"... Clean!
Check file "ftdisk.sys"... Clean!
Check file "GEARAspiWDM.sys"... Clean!
Check file "grmngen.sys"... Clean!
Check file "grmnusb.sys"... Clean!
Check file "hdaudbus.sys"... Clean!
Check file "hidclass.sys"... Clean!
Check file "hidparse.sys"... Clean!
Check file "hidusb.sys"... Clean!
Check file "http.sys"... Clean!
Check file "i8042prt.sys"... Clean!
Check file "imapi.sys"... Clean!
Check file "intelppm.sys"... Clean!
Check file "ip6fw.sys"... Clean!
Check file "ipfltdrv.sys"... Clean!
Check file "ipinip.sys"... Clean!
Check file "ipnat.sys"... Clean!
Check file "ipsec.sys"... Clean!
Check file "irenum.sys"... Clean!
Check file "isapnp.sys"... Clean!
Check file "kbdclass.sys"... Clean!
Check file "kbdhid.sys"... Error!
Check file "kl1.sys"... Error!
Check file "klbg.sys"... Error!
Check file "klif.sys"... Error!
Check file "klim5.sys"... Error!
Check file "klmouflt.sys"... Error!
Check file "kmixer.sys"... Clean!
Check file "ks.sys"... Clean!
Check file "ksecdd.sys"... Clean!
Check file "mcd.sys"... Clean!
Check file "mf.sys"... Clean!
Check file "mhndrv.sys"... Clean!
Check file "mnmdd.sys"... Clean!
Check file "modem.sys"... Clean!
Check file "mouclass.sys"... Clean!
Check file "mouhid.sys"... Clean!
Check file "mountmgr.sys"... Clean!
Check file "mqac.sys"... Clean!
Check file "mrxdav.sys"... Clean!
Check file "mrxsmb.sys"... Clean!
Check file "msfs.sys"... Clean!
Check file "msgpc.sys"... Clean!
Check file "MSKSSRV.sys"... Clean!
Check file "MSPCLOCK.sys"... Clean!
Check file "MSPQM.sys"... Clean!
Check file "mssmbios.sys"... Clean!
Check file "mup.sys"... Clean!
Check file "ndis.sys"... Clean!
Check file "ndistapi.sys"... Clean!
Check file "ndisuio.sys"... Clean!
Check file "ndiswan.sys"... Clean!
Check file "ndproxy.sys"... Clean!
Check file "netbios.sys"... Clean!
Check file "netbt.sys"... Clean!
Check file "nic1394.sys"... Clean!
Check file "nikedrv.sys"... Clean!
Check file "nmnt.sys"... Clean!
Check file "npfs.sys"... Clean!
Check file "ntfs.sys"... Clean!
Check file "nuidfltr.sys"... Clean!
Check file "null.sys"... Clean!
Check file "nwlnkflt.sys"... Clean!
Check file "nwlnkfwd.sys"... Clean!
Check file "nwlnkipx.sys"... Clean!
Check file "nwlnknb.sys"... Clean!
Check file "nwlnkspx.sys"... Clean!
Check file "nwrdr.sys"... Clean!
Check file "oprghdlr.sys"... Clean!
Check file "p3.sys"... Clean!
Check file "parport.sys"... Clean!
Check file "partmgr.sys"... Clean!
Check file "parvdm.sys"... Clean!
Check file "pci.sys"... Clean!
Check file "pciidex.sys"... Clean!
Check file "pcmcia.sys"... Clean!
Check file "point32.sys"... Clean!
Check file "portcls.sys"... Clean!
Check file "processr.sys"... Clean!
Check file "psched.sys"... Clean!
Check file "ptilink.sys"... Clean!
Check file "pxhelp20.sys"... Clean!
Check file "rasacd.sys"... Clean!
Check file "rasl2tp.sys"... Clean!
Check file "raspppoe.sys"... Clean!
Check file "raspptp.sys"... Clean!
Check file "raspti.sys"... Clean!
Check file "rawwan.sys"... Clean!
Check file "rdbss.sys"... Clean!
Check file "rdpcdd.sys"... Clean!
Check file "rdpdr.sys"... Clean!
Check file "rdpwd.sys"... Clean!
Check file "redbook.sys"... Clean!
Check file "RimSerial.sys"... Clean!
Check file "rio8drv.sys"... Clean!
Check file "riodrv.sys"... Clean!
Check file "RMCast.sys"... Clean!
Check file "rndismp.sys"... Clean!
Check file "rootmdm.sys"... Clean!
Check file "rspndr.sys"... Clean!
Check file "RTL8192u.sys"... Clean!
Check file "s3gnbm.sys"... Clean!
Check file "scsiport.sys"... Clean!
Check file "sdbus.sys"... Clean!
Check file "secdrv.sys"... Clean!
Check file "serenum.sys"... Clean!
Check file "serial.sys"... Clean!
Check file "sffdisk.sys"... Clean!
Check file "sffp_mmc.sys"... Clean!
Check file "sffp_sd.sys"... Clean!
Check file "sfloppy.sys"... Clean!
Check file "smclib.sys"... Clean!
Check file "sonydcam.sys"... Clean!
Check file "splitter.sys"... Clean!
Check file "sr.sys"... Clean!
Check file "srv.sys"... Clean!
Check file "stream.sys"... Clean!
Check file "swenum.sys"... Clean!
Check file "swmidi.sys"... Clean!
Check file "sysaudio.sys"... Clean!
Check file "tape.sys"... Clean!
Check file "tcpip.sys"... Clean!
Check file "tcpip6.sys"... Clean!
Check file "tdi.sys"... Clean!
Check file "tdpipe.sys"... Clean!
Check file "tdtcp.sys"... Clean!
Check file "termdd.sys"... Clean!
Check file "tosdvd.sys"... Clean!
Check file "tsbvcap.sys"... Clean!
Check file "tunmp.sys"... Clean!
Check file "udfs.sys"... Clean!
Check file "update.sys"... Clean!
Check file "usb8023.sys"... Clean!
Check file "usbaapl.sys"... Clean!
Check file "usbcamd.sys"... Clean!
Check file "usbcamd2.sys"... Clean!
Check file "usbccgp.sys"... Clean!
Check file "usbd.sys"... Clean!
Check file "usbehci.sys"... Clean!
Check file "usbhub.sys"... Clean!
Check file "usbintel.sys"... Clean!
Check file "usbport.sys"... Clean!
Check file "usbprint.sys"... Clean!
Check file "usbscan.sys"... Clean!
Check file "USBSTOR.SYS"... Clean!
Check file "usbuhci.sys"... Clean!
Check file "vdmindvd.sys"... Clean!
Check file "vga.sys"... Clean!
Check file "VIAAGP1.SYS"... Clean!
Check file "viaide.sys"... Clean!
Check file "videoprt.sys"... Clean!
Check file "videX32.sys"... Clean!
Check file "volsnap.sys"... Clean!
Check file "wanarp.sys"... Clean!
Check file "wdf01000.sys"... Clean!
Check file "wdfldr.sys"... Clean!
Check file "wdmaud.sys"... Clean!
Check file "wmilib.sys"... Clean!
Check file "wpdusb.sys"... Clean!
Check file "ws2ifsl.sys"... Clean!
Check file "wudfpf.sys"... Clean!
Check file "wudfrd.sys"... Clean!
Warning! One or more errors occurred!
Your system is not infected by ZeroAccess/Max++ Rootkit!
Execution ended.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
29 oct. 2011 à 10:42
29 oct. 2011 à 10:42
hummm okay.
Bon sauvegarde bien tes documents comme c'est indiqué.
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) ensuite :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://pjjoint.malekal.com/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Bon sauvegarde bien tes documents comme c'est indiqué.
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) ensuite :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://pjjoint.malekal.com/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
28 oct. 2011 à 18:29
Webroot AntiZeroAccess 0.8 Log File
Execution time: 28/10/2011 - 12:05
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
12:05:26 - CheckSystem - Begin to check system...
12:05:26 - OpenRootDrive - Opening system root volume and physical drive....
12:05:26 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x098A40EC sectors.
12:05:27 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
12:05:28 - InstallAndStartDriver - Main driver was installed and now is running.
12:05:28 - CheckSystem - Warning! Disk class driver is INFECTED.
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:29 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
12:05:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
12:05:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
28 oct. 2011 à 18:31
c:\Documents and Settings\Johanne loiselle\Local Settings\Application Data\c5c2101b\U\80000000.@