Cheval de Troie Fermé

Question

Bonjour à tous, j'ai attrapé un cheval de troie hier, et en redémarrant, bureau vide et mes fichiers disparus (en parti) J'ai téléchargé rogue killer, lancé un scan, voici le rapport: RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: mike [Droits d'admin] Mode: Recherche -- Date: 25/03/2012 00:01:13 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 18 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543216L9SA00 ATA Device +++++ --- User --- [MBR] 0ad36f8eb32cbd37cfed186d5a94e717 [BSP] 9c6d03efd2c358de4fd992ae7bc2ba7c : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9889 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20254720 | Size: 142736 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD My Passport 070A USB Device +++++ --- User --- [MBR] 3be4b1d0d188447bff0584326a0d7bca [BSP] 9008d44a90deb3c11ea33cec3e86bd55 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 304574 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt Ensuite, j'ai fait "suppr", voici le 2nd rapport: RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: mike [Droits d'admin] Mode: Suppression -- Date: 25/03/2012 01:50:15 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 18 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543216L9SA00 ATA Device +++++ --- User --- [MBR] 0ad36f8eb32cbd37cfed186d5a94e717 [BSP] 9c6d03efd2c358de4fd992ae7bc2ba7c : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9889 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20254720 | Size: 142736 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD My Passport 070A USB Device +++++ --- User --- [MBR] 3be4b1d0d188447bff0584326a0d7bca [BSP] 9008d44a90deb3c11ea33cec3e86bd55 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 304574 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Que dois je faire ensuite?? Merci !!

g3n-h@ckm@n · Answer

salut ton souci n'est pas resolu ?

Cheval de Troie

1 réponse

Discussions similaires