Nour

Ou du moins celles où il est vraiment écrit "rdriv" (et pas miroRDRIVer, oveRDDRIVe ou ce genre de choses)????

Merci beaucoup pour ton aide. Voici mon rapport: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 19/03/2006 18:01:36 for strings: ; 'rdriv' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Desktop\CPTemplate\17635] "OverDrive"=hex:02,00,00,00 "OverDrivePlatform"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Desktop\{699EBEA4-16BC-46AE-8EED-BEC8D5B482F7}] "OverDrive"=hex:02,00,00,00 "OverDrivePlatform"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Desktop\{A3E00D4D-B54A-4D66-B84B-8F54D2973891}] "OverDrive"=hex:02,00,00,00 "OverDrivePlatform"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPZ\Glue\hp psc 2100 series] "CmdLine"="-v printerdriver=hp psc 2100 series -v product=aio -v port=USB001" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 2100 series\PrinterDriverData] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\hp psc 2100 series\PrinterDriverData] "SPLUserModePrinterDriver"="HPZNTU05.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers] [HKEY_LOCAL_MACHINE\SOFTWARE\VST\VSTPlugins\Overdrive 417394] [HKEY_LOCAL_MACHINE\SOFTWARE\VST\VSTPlugins\PID] "Overdrive"="417394" [HKEY_LOCAL_MACHINE\SOFTWARE\VST\VSTPlugins\PMS] "Overdrive"="0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers] "addprinterdrivers"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\hp psc 2100 series\PrinterDriverData] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers\hp psc 2100 series\PrinterDriverData] "SPLUserModePrinterDriver"="HPZNTU05.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000] "Service"="rdriv" "DeviceDesc"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control] "ActiveService"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters] "LayerDriver JPN"="kbd101.dll" "LayerDriver KOR"="kbd101a.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv] ; Contents of value: ; \??\C:\WINDOWS\system32\rdriv.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,72,64,72,69,76,2e,73,79,73,00 "DisplayName"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv\Enum] "0"="Root\\LEGACY_RDRIV\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers] "addprinterdrivers"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters] "LayerDriver JPN"="kbd101.dll" "LayerDriver KOR"="kbd101a.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv] ; Contents of value: ; \??\C:\WINDOWS\system32\rdriv.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,72,64,72,69,76,2e,73,79,73,00 "DisplayName"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers] "addprinterdrivers"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\hp psc 2100 series\PrinterDriverData] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\hp psc 2100 series\PrinterDriverData] "SPLUserModePrinterDriver"="HPZNTU05.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000] "Service"="rdriv" "DeviceDesc"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control] "ActiveService"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters] "LayerDriver JPN"="kbd101.dll" "LayerDriver KOR"="kbd101a.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0] "MirrorDriver"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv] ; Contents of value: ; \??\C:\WINDOWS\system32\rdriv.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,72,64,72,69,76,2e,73,79,73,00 "DisplayName"="rdriv" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Enum] "0"="Root\\LEGACY_RDRIV\\0000" [HKEY_USERS\S-1-5-21-1343024091-1326574676-725345543-1003\Software\Steinberg\Cubase SX\Defaults(1)\Overdrive] [HKEY_USERS\S-1-5-21-1343024091-1326574676-725345543-1003\Software\Steinberg\Cubase SX\Defaults(1)\VSTPlug Distortion\Overdrive] ; End Of The Log... Il faut que je supprime toutes ces entrées??

Salut à tous. J'ai donc un trojan Rootkit.L donc je n'arrive pas à me débarasser. Je suis passé en mode sans échec (en désactivant la restauration système); je cleane avec Hijackthis, Ewido et Easy Cleaner; mais rdriv.sys revient toujours. Quelqu'un peut-il me dire quoi virer grâce à ce rapport ? Logfile of HijackThis v1.99.1 Scan saved at 16:34:36, on 19/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\PROGRAMMES\AVPERSONAL\AVGUARD.EXE d:\Programmes\AVPersonal\AVWUPSRV.EXE D:\Programmes\Ewido\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Programmes\AVPersonal\AVGNT.EXE C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe D:\Programmes\HijackThis.exe O4 - HKLM\..\Run: [AVGCtrl] "d:\Programmes\AVPersonal\AVGNT.EXE" /min O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMMES\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Programmes\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - D:\Programmes\Ewido\ewido anti-malware\ewidoctrl.exe O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe la ligne sur Acronis (file missing) je n'arrive pas à la fixer. Merci si vous pouvez m'aider, je n'aimerai pas faire une réinstallation.