Toutes les minutes !

jean -  
 jean -
Bonjour,

depuis quelques temps l'ordi du magasin de ma mère plantait (explorateur windows) puis un jour "privacy protection" est apparu.

J'ai pu l'enlever en faisant une restauration du système puis un scan complet avec malware bytes et il n'est pas revenu.


Mais maintenant malwarebytes bloque un accès sortant vers l'adresse 89.248.165.137 toutes les minutes.

Auriez vous une solution pour un nettoyage réussi ?

Merci d'avance.

ps : elle a avira + malwarebytes + spybot



5 réponses

Réponse 1 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
Salut,

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
nslookup www.google.fr /c
CREATERESTOREPOINT
* Clique sur le bouton Quick Scan.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

1
jean
 
Voilà les liens :

OTL :

http://pjjoint.malekal.com/files.php?id=z15c6q9w12s14w12s9x8n9y15q5s10p15f9o12h10t7m913m13

Extra :

http://pjjoint.malekal.com/files.php?id=i13u7i8j12h9q14h8i8g13h13v11t12u15f12k7y8z7m9z9s5

MDP : jean

Merci
0
Réponse 2 / 5
jean
 
Voilà les liens :

OTL :

http://pjjoint.malekal.com/files.php?id=z15c6q9w12s14w12s9x8n9y15q5s10p15f9o12h10t7m913m13

Extra :

http://pjjoint.malekal.com/files.php?id=i13u7i8j12h9q14h8i8g13h13v11t12u15f12k7y8z7m9z9s5

MDP : jean

Merci
0
Réponse 3 / 5
jean
 
Maintenant Avira s'ouvre toutes les 10 secondes pour TR/Proxy.Sefbov.E.25
0
Réponse 4 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Lire ce qui est écrit au niveau des suppressions/réparation (delete et cure), ne pas supprimer n'importe quoi.
Poste le rapport ici.


~~


Télécharge ce tool : http://batchdhelus.open-web.fr/programme/MalwaresUploader.exe
Puis tu coches Malekal à gauche
Dans le cadre en bas, copie/colle les chemins des fichiers suivants :

C:\Documents and Settings\All Users\ylxkrwhfv3.exe

et tu clics sur Upload en bas.


~~~

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction, un rapport apparraitra, copie/colle le contenu ici:

:OTL
SRV - [2011/11/15 15:37:19 | 000,044,544 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\TEMP\xvddbt\setup.exe
PRC - [2011/11/15 15:37:19 | 000,044,544 | ---- | M] () -- C:\WINDOWS\Temp\xvddbt\setup.exe
PRC - [2011/11/18 10:16:12 | 000,039,424 | ---- | M] () -- C:\WINDOWS\Temp\bjnvdt\setup.exe
O4 - HKLM..\Run: [ylxkrwhfv3] C:\Documents and Settings\All Users\ylxkrwhfv3.exe ()
O4 - HKCU..\Run: [lmsxqcbysw] C:\Documents and Settings\Propriétaire\lmsxqcbysw.exe File not found
[2011/07/21 09:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\OfferBox

* redemarre le pc sous windows et poste le rapport ici
0
jean
 
Voilà le rapport de TDSSkiller :

14:44:00.0203 3300 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
14:44:01.0687 3300 ============================================================
14:44:01.0718 3300 Current date / time: 2011/11/22 14:44:01.0687
14:44:01.0718 3300 SystemInfo:
14:44:01.0718 3300
14:44:01.0718 3300 OS Version: 5.1.2600 ServicePack: 3.0
14:44:01.0718 3300 Product type: Workstation
14:44:01.0718 3300 ComputerName: POSTE1
14:44:01.0781 3300 UserName: Propriétaire
14:44:01.0781 3300 Windows directory: C:\WINDOWS
14:44:01.0781 3300 System windows directory: C:\WINDOWS
14:44:01.0781 3300 Processor architecture: Intel x86
14:44:01.0781 3300 Number of processors: 1
14:44:01.0781 3300 Page size: 0x1000
14:44:01.0781 3300 Boot type: Normal boot
14:44:01.0781 3300 ============================================================
14:44:04.0203 3300 Initialize success
14:44:08.0531 1968 ============================================================
14:44:08.0531 1968 Scan started
14:44:08.0531 1968 Mode: Manual;
14:44:08.0531 1968 ============================================================
14:44:11.0031 1968 Abiosdsk - ok
14:44:11.0171 1968 abp480n5 - ok
14:44:11.0500 1968 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:44:11.0546 1968 ACPI - ok
14:44:11.0687 1968 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:44:11.0734 1968 ACPIEC - ok
14:44:11.0843 1968 adpu160m - ok
14:44:11.0984 1968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:44:12.0093 1968 aec - ok
14:44:12.0250 1968 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:44:12.0312 1968 AFD - ok
14:44:12.0437 1968 Aha154x - ok
14:44:12.0546 1968 aic78u2 - ok
14:44:12.0656 1968 aic78xx - ok
14:44:12.0812 1968 AliIde - ok
14:44:12.0937 1968 AmdK7 (d3dabc57be6d456dfd4bc026cfa582ff) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:44:13.0000 1968 AmdK7 - ok
14:44:13.0156 1968 amsint - ok
14:44:13.0468 1968 asc - ok
14:44:13.0593 1968 asc3350p - ok
14:44:13.0750 1968 asc3550 - ok
14:44:14.0406 1968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:44:14.0437 1968 AsyncMac - ok
14:44:14.0625 1968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:44:14.0640 1968 atapi - ok
14:44:14.0781 1968 Atdisk - ok
14:44:14.0968 1968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:44:15.0078 1968 Atmarpc - ok
14:44:15.0234 1968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:44:15.0265 1968 audstub - ok
14:44:15.0359 1968 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:44:15.0390 1968 avgio - ok
14:44:15.0546 1968 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:44:15.0562 1968 avgntflt - ok
14:44:15.0734 1968 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:44:15.0781 1968 avipbb - ok
14:44:15.0921 1968 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
14:44:15.0953 1968 basic2 - ok
14:44:16.0218 1968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:44:16.0281 1968 Beep - ok
14:44:16.0531 1968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:44:16.0562 1968 cbidf2k - ok
14:44:16.0750 1968 cd20xrnt - ok
14:44:17.0046 1968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:44:17.0093 1968 Cdaudio - ok
14:44:17.0453 1968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:44:17.0468 1968 Cdfs - ok
14:44:17.0968 1968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:44:18.0015 1968 Cdrom - ok
14:44:18.0296 1968 Changer - ok
14:44:18.0593 1968 CmdIde - ok
14:44:18.0921 1968 Cpqarray - ok
14:44:19.0187 1968 dac2w2k - ok
14:44:19.0453 1968 dac960nt - ok
14:44:19.0828 1968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:44:19.0843 1968 Disk - ok
14:44:20.0328 1968 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
14:44:20.0437 1968 dmboot - ok
14:44:20.0562 1968 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
14:44:20.0625 1968 dmio - ok
14:44:20.0781 1968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:44:20.0812 1968 dmload - ok
14:44:20.0968 1968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:44:21.0000 1968 DMusic - ok
14:44:21.0140 1968 dpti2o - ok
14:44:21.0265 1968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:44:21.0296 1968 drmkaud - ok
14:44:21.0484 1968 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
14:44:21.0546 1968 Fallback - ok
14:44:21.0734 1968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:44:21.0796 1968 Fastfat - ok
14:44:21.0968 1968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:44:22.0015 1968 Fdc - ok
14:44:22.0187 1968 FET5X86V (d863a7b89c2e1204fedbdc544cd01ec4) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
14:44:22.0234 1968 FET5X86V - ok
14:44:22.0421 1968 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:44:22.0453 1968 FETNDIS - ok
14:44:22.0609 1968 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
14:44:22.0625 1968 Fips - ok
14:44:22.0796 1968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:44:22.0828 1968 Flpydisk - ok
14:44:22.0984 1968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:44:22.0984 1968 FltMgr - ok
14:44:23.0125 1968 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
14:44:23.0171 1968 Fsks - ok
14:44:23.0312 1968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:44:23.0343 1968 Fs_Rec - ok
14:44:23.0484 1968 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:44:23.0500 1968 Ftdisk - ok
14:44:23.0625 1968 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:44:23.0656 1968 gameenum - ok
14:44:23.0828 1968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:44:23.0875 1968 Gpc - ok
14:44:24.0156 1968 hpn - ok
14:44:24.0296 1968 HSFHWBS2 (e53970b0d5614f0b1220e35052828cc3) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:44:24.0343 1968 HSFHWBS2 - ok
14:44:24.0531 1968 HSF_DP (7129d0662665b2442898a0ef8fc85bb5) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:44:24.0718 1968 HSF_DP - ok
14:44:24.0906 1968 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
14:44:25.0046 1968 hsf_msft - ok
14:44:25.0187 1968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:44:25.0265 1968 HTTP - ok
14:44:25.0390 1968 i2omgmt - ok
14:44:25.0484 1968 i2omp - ok
14:44:25.0640 1968 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:44:25.0671 1968 i8042prt - ok
14:44:25.0828 1968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:44:25.0875 1968 Imapi - ok
14:44:26.0031 1968 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
14:44:26.0046 1968 InCDfs - ok
14:44:26.0359 1968 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
14:44:26.0406 1968 InCDPass - ok
14:44:26.0546 1968 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
14:44:26.0593 1968 InCDrec - ok
14:44:26.0781 1968 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
14:44:26.0812 1968 incdrm - ok
14:44:26.0937 1968 ini910u - ok
14:44:27.0046 1968 IntelIde - ok
14:44:27.0171 1968 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:44:27.0203 1968 ip6fw - ok
14:44:27.0328 1968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:44:27.0359 1968 IpFilterDriver - ok
14:44:27.0562 1968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:44:27.0609 1968 IpInIp - ok
14:44:27.0796 1968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:44:27.0843 1968 IpNat - ok
14:44:27.0984 1968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:44:28.0015 1968 IPSec - ok
14:44:28.0203 1968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:44:28.0234 1968 IRENUM - ok
14:44:28.0406 1968 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:44:28.0406 1968 isapnp - ok
14:44:28.0625 1968 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
14:44:28.0718 1968 K56 - ok
14:44:28.0875 1968 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:44:28.0921 1968 Kbdclass - ok
14:44:29.0062 1968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:44:29.0140 1968 kmixer - ok
14:44:29.0296 1968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:44:29.0312 1968 KSecDD - ok
14:44:29.0453 1968 lbrtfdc - ok
14:44:29.0640 1968 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:44:29.0640 1968 MBAMProtector - ok
14:44:29.0828 1968 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:44:29.0843 1968 mdmxsdk - ok
14:44:30.0015 1968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:44:30.0046 1968 mnmdd - ok
14:44:30.0203 1968 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
14:44:30.0250 1968 Modem - ok
14:44:30.0375 1968 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:44:30.0421 1968 Mouclass - ok
14:44:30.0546 1968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:44:30.0546 1968 MountMgr - ok
14:44:30.0656 1968 mraid35x - ok
14:44:30.0796 1968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:44:30.0796 1968 MRxDAV - ok
14:44:30.0953 1968 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:44:30.0968 1968 MRxSmb - ok
14:44:31.0171 1968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:44:31.0171 1968 Msfs - ok
14:44:31.0328 1968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:44:31.0359 1968 MSKSSRV - ok
14:44:31.0515 1968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:44:31.0546 1968 MSPCLOCK - ok
14:44:31.0734 1968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:44:31.0750 1968 MSPQM - ok
14:44:31.0937 1968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:44:31.0984 1968 mssmbios - ok
14:44:32.0140 1968 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:44:32.0171 1968 ms_mpu401 - ok
14:44:32.0390 1968 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:44:32.0421 1968 Mup - ok
14:44:32.0656 1968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:44:32.0656 1968 NDIS - ok
14:44:32.0812 1968 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:44:32.0843 1968 NdisTapi - ok
14:44:33.0000 1968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:44:33.0031 1968 Ndisuio - ok
14:44:33.0171 1968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:44:33.0203 1968 NdisWan - ok
14:44:33.0375 1968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:44:33.0406 1968 NDProxy - ok
14:44:33.0593 1968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:44:33.0609 1968 NetBIOS - ok
14:44:33.0796 1968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:44:33.0875 1968 NetBT - ok
14:44:34.0062 1968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:44:34.0062 1968 Npfs - ok
14:44:34.0203 1968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:44:34.0234 1968 Ntfs - ok
14:44:34.0375 1968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:44:34.0390 1968 Null - ok
14:44:34.0500 1968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:44:34.0531 1968 NwlnkFlt - ok
14:44:34.0671 1968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:44:34.0718 1968 NwlnkFwd - ok
14:44:34.0906 1968 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
14:44:34.0953 1968 Parport - ok
14:44:35.0109 1968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:44:35.0109 1968 PartMgr - ok
14:44:35.0218 1968 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
14:44:35.0250 1968 ParVdm - ok
14:44:35.0359 1968 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
14:44:35.0375 1968 PCI - ok
14:44:35.0500 1968 PCIDump - ok
14:44:35.0625 1968 PCIIde - ok
14:44:35.0750 1968 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:44:35.0843 1968 Pcmcia - ok
14:44:35.0968 1968 PDCOMP - ok
14:44:36.0078 1968 PDFRAME - ok
14:44:36.0359 1968 PDRELI - ok
14:44:36.0531 1968 PDRFRAME - ok
14:44:36.0687 1968 perc2 - ok
14:44:36.0812 1968 perc2hib - ok
14:44:37.0015 1968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:44:37.0046 1968 PptpMiniport - ok
14:44:37.0203 1968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:44:37.0250 1968 PSched - ok
14:44:37.0375 1968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:44:37.0406 1968 Ptilink - ok
14:44:37.0546 1968 ql1080 - ok
14:44:37.0656 1968 Ql10wnt - ok
14:44:37.0812 1968 ql12160 - ok
14:44:37.0921 1968 ql1240 - ok
14:44:38.0031 1968 ql1280 - ok
14:44:38.0156 1968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:44:38.0187 1968 RasAcd - ok
14:44:38.0312 1968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:44:38.0343 1968 Rasl2tp - ok
14:44:38.0500 1968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:44:38.0609 1968 RasPppoe - ok
14:44:38.0859 1968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:44:38.0906 1968 Raspti - ok
14:44:39.0046 1968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:44:39.0062 1968 Rdbss - ok
14:44:39.0187 1968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:44:39.0218 1968 RDPCDD - ok
14:44:39.0375 1968 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:44:39.0437 1968 RDPWD - ok
14:44:39.0593 1968 redbook (8a3908026f3c39058b4a1417763b6ac9) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:45:07.0218 1968 redbook ( Rootkit.Win32.ZAccess.j ) - infected
14:45:07.0218 1968 redbook - detected Rootkit.Win32.ZAccess.j (0)
14:45:07.0343 1968 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
14:45:07.0390 1968 Rksample - ok
14:45:07.0640 1968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:45:07.0734 1968 Secdrv - ok
14:45:07.0968 1968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:45:08.0000 1968 serenum - ok
14:45:08.0171 1968 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
14:45:08.0218 1968 Serial - ok
14:45:08.0437 1968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:45:08.0468 1968 Sfloppy - ok
14:45:08.0609 1968 Simbad - ok
14:45:08.0781 1968 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
14:45:08.0828 1968 SoftFax - ok
14:45:08.0937 1968 Sparrow - ok
14:45:09.0093 1968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:45:09.0125 1968 splitter - ok
14:45:09.0281 1968 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
14:45:09.0296 1968 sr - ok
14:45:09.0468 1968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:45:09.0484 1968 Srv - ok
14:45:09.0656 1968 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:45:09.0687 1968 ssmdrv - ok
14:45:09.0875 1968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:45:09.0890 1968 swenum - ok
14:45:10.0046 1968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:45:10.0093 1968 swmidi - ok
14:45:10.0234 1968 symc810 - ok
14:45:10.0359 1968 symc8xx - ok
14:45:10.0453 1968 sym_hi - ok
14:45:10.0546 1968 sym_u3 - ok
14:45:10.0703 1968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:45:10.0750 1968 sysaudio - ok
14:45:10.0921 1968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:45:11.0000 1968 Tcpip - ok
14:45:11.0140 1968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:45:11.0171 1968 TDPIPE - ok
14:45:11.0296 1968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:45:11.0343 1968 TDTCP - ok
14:45:11.0484 1968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:45:11.0515 1968 TermDD - ok
14:45:11.0750 1968 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
14:45:11.0781 1968 Tones - ok
14:45:11.0906 1968 TosIde - ok
14:45:12.0078 1968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:45:12.0109 1968 Udfs - ok
14:45:12.0265 1968 ultra - ok
14:45:12.0406 1968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:45:12.0500 1968 Update - ok
14:45:12.0656 1968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:45:12.0703 1968 usbccgp - ok
14:45:12.0828 1968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:45:12.0875 1968 usbehci - ok
14:45:13.0078 1968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:45:13.0109 1968 usbhub - ok
14:45:13.0265 1968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:45:13.0296 1968 usbprint - ok
14:45:13.0437 1968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:45:13.0468 1968 usbscan - ok
14:45:13.0625 1968 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:45:13.0625 1968 usbstor - ok
14:45:13.0781 1968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:45:13.0812 1968 usbuhci - ok
14:45:14.0156 1968 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
14:45:14.0250 1968 V124 - ok
14:45:14.0390 1968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:45:14.0437 1968 VgaSave - ok
14:45:14.0562 1968 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:45:14.0562 1968 viaagp1 - ok
14:45:14.0687 1968 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys
14:45:14.0750 1968 viagfx - ok
14:45:14.0875 1968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:45:14.0875 1968 ViaIde - ok
14:45:15.0031 1968 VIAudio (6b6a0f4b569452ed1e87525c12395f42) C:\WINDOWS\system32\drivers\viaudio.sys
14:45:15.0093 1968 VIAudio - ok
14:45:15.0234 1968 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
14:45:15.0234 1968 VolSnap - ok
14:45:15.0437 1968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:45:15.0484 1968 Wanarp - ok
14:45:15.0625 1968 WDICA - ok
14:45:15.0781 1968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:45:15.0828 1968 wdmaud - ok
14:45:16.0015 1968 winachsf (292b0bba146793a7937d9849bddb4298) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:45:16.0187 1968 winachsf - ok
14:45:16.0515 1968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:45:16.0578 1968 WudfPf - ok
14:45:16.0718 1968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:45:16.0765 1968 WudfRd - ok
14:45:16.0968 1968 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
14:45:17.0125 1968 \Device\Harddisk0\DR0 - ok
14:45:17.0171 1968 Boot (0x1200) (eff8405e15871b0e6ae84591c7d73d1a) \Device\Harddisk0\DR0\Partition0
14:45:17.0171 1968 \Device\Harddisk0\DR0\Partition0 - ok
14:45:17.0187 1968 Boot (0x1200) (f4031b6363f4eaadf3b3b43b4f07e7c5) \Device\Harddisk0\DR0\Partition1
14:45:17.0203 1968 \Device\Harddisk0\DR0\Partition1 - ok
14:45:17.0203 1968 ============================================================
14:45:17.0203 1968 Scan finished
14:45:17.0203 1968 ============================================================
14:45:17.0265 1792 Detected object count: 1
14:45:17.0265 1792 Actual detected object count: 1
14:45:39.0156 1792 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
14:45:40.0781 1792 Backup copy found, using it..
14:45:40.0859 1792 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
14:45:49.0875 1792 redbook ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
14:46:00.0500 4032 Deinitialize success
0
jean
 
Malware uploader me dit que C:\Documents and Settings\All Users\ylxkrwhfv3.exe n'est pas un chemin valide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
ok passe à OTL.
et refais un scan TDSSKiller pour voir derrière.
0
jean
 
Ok merci je lance OTL
0
jean
 
c'est fait.
tdsskiller ne trouve rien mais avira continue à bloquer C:\WINDOWS\TEMP\xvddbt\setup.exe
qui contiendrai un trojan : TR/Proxy.Sefbov.E.25
0
jean
 
Par contre je dois partir, si tu as de nouvelles instructions je continuerai demain.
Merci encore pour ton aide
0

Discussions similaires

téléphone bloqué pendant 1440 minutes
Melissa -
bazfile -

1 réponse
J'allume ma télé puis elle s'éteint toute seule
jc-hem -
Andy31200 -

18 réponses
Viber : vu il y a 1h ?
Nouveausurviber -
xylon -

1 réponse
TV qui s'éteint toute seule
joluax -
joluax -

9 réponses
Que signifie "actif il y a x minutes" ?
Utilisateur anonyme -
Anne -

11 réponses